ruby_coded 0.1.1 → 0.2.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f81632e5f552b3eb5e4e85d15ae4ecda0767c2f530606ccc083c9c1adcf9c92f
-  data.tar.gz: 33759f15b1568c1f0e2c88fbc32d9e97ca3772662aeaa0112acceb1819ab7a9a
+  metadata.gz: 35cd5d9fc4b17b8a4aa4cefce67e02f6be01053fef3cb73046281804434a3d85
+  data.tar.gz: 4b53ca7258244edcc8cb1e7c31dfadc91c2c897b9b24acea3e5cdac21d086485
 SHA512:
-  metadata.gz: d004abb1a5c5197cffc6b28fffb44172ed6b4cb22b62cf3438941d8c67b2869d7244df4d7c60cc63d1a28ce0dbd6dd20e5ab6fadff6b3e3f4bc89780d7c54d7a
-  data.tar.gz: ca3ff79da79a9fba4b2166deedb5eaa52626aaad0a3429dcb9ef75134fd831c852f4e1e3ff66d8d71cc234dc23e1a0c60b90f8dcab7166deaa5675e806052294
+  metadata.gz: 00d9c124eeadef16b3492f6c2e394a439cff10a92516afedb053d9626a83d2029d96ceaa1898f8da4f4d4a29ae8c1876ef181f0e20259fb401b30e76a972f341
+  data.tar.gz: eb10ce9285ba09b7cf9cd3e24caf6dd28938586328b49e0cb155560ab58697d5e2fbda3ce8da3b61492ba7c23ccd2e8236307f260b1588430cbd63102aee82ff

data/.rubocop_todo.yml

@@ -55,10 +55,12 @@ Metrics/AbcSize:
   Exclude:
     - 'lib/ruby_coded/chat/state.rb'
 
-# Offense count: 1
+# Offense count: 3
 # Configuration parameters: CountComments, Max, CountAsOne.
 Metrics/ClassLength:
   Exclude:
+    - 'lib/ruby_coded/auth/auth_manager.rb'
+    - 'lib/ruby_coded/chat/app.rb'
     - 'lib/ruby_coded/chat/state.rb'
 
 # Offense count: 2

data/CHANGELOG.md

@@ -1,5 +1,34 @@
 ## [Unreleased]
 
+## [0.2.1] - 2026-04-17
+
+### Fixed
+
+- **Startup crash when stored model provider is not authenticated**: The CLI no longer raises `RubyLLM::ConfigurationError` at startup when the model saved in `~/.ruby_coded/config.yaml` belongs to a provider that has no credentials on the current machine (e.g. switching computers with only Anthropic authenticated but a GPT model stored). Instead, the app falls back to the default model of the authenticated provider and shows an in-chat system message suggesting `/login` or `/model` to adjust.
+
+### Added
+
+- `AuthManager#provider_for_model` and `AuthManager#model_provider_authenticated?` helpers to detect the provider of a given model name and validate that its credentials are available.
+
+## [0.2.0] - 2026-04-16
+
+### Added
+
+- **ChatGPT Plus/Pro OAuth authentication**: Use your ChatGPT subscription to access GPT-5.x models via the Codex backend — no API credits required
+- **`/login` command**: Authenticate with providers (OpenAI, Anthropic) directly from the TUI without restarting
+- **In-TUI login wizard**: Native multi-step login flow with OAuth and API key support, replacing the old TUI-suspend approach
+- **CodexBridge**: Dedicated HTTP client for the ChatGPT Codex Responses API with SSE streaming, stateless conversation history, tool calls, and automatic token refresh
+- **Codex model catalog**: Local catalog of ChatGPT-available models (gpt-5.4, gpt-5.2, gpt-5.2-codex, etc.) integrated with the `/model` selector
+- **Status bar indicator**: Shows `(ChatGPT)` or `(API)` next to the model name to distinguish authentication mode
+- **JWT decoder**: Extracts `chatgpt_account_id` from OAuth tokens for Codex API authentication
+
+### Changed
+
+- OpenAI OAuth now authenticates via ChatGPT Codex backend instead of the OpenAI Platform API
+- OAuth scopes expanded to `openid profile email offline_access` with Codex-specific auth params
+- AuthManager skips OpenAI OAuth credentials for RubyLLM configuration (handled by CodexBridge)
+- Default OpenAI model updated to `gpt-5.4`
+
 ## [0.1.0] - 2026-04-15
 
 - Initial release

data/README.md

@@ -22,16 +22,18 @@ An AI-powered terminal coding assistant built in Ruby. Chat with LLMs, let an ag
 - **Chat mode** — Talk to an LLM directly in a full terminal UI (TUI) built with [ratatui](https://github.com/nicholasgasior/ratatui-ruby)
 - **Agent mode** — The model can read, write, edit, and delete files in your project, create directories, and run shell commands with user confirmation
 - **Plan mode** — Generate structured plans before implementing, with interactive clarification questions and auto-switch to agent mode when ready
+- **ChatGPT Plus/Pro support** — Use your ChatGPT subscription to access GPT-5.x models via the Codex backend — no API credits required
 - **Multi-provider support** — Works with OpenAI and Anthropic out of the box (OAuth and API key authentication)
+- **In-session login** — Authenticate or switch providers at any time with `/login`, no restart needed
 - **Tool confirmation** — Write and dangerous operations require explicit approval; safe operations (read, list) run automatically
-- **Token & cost tracking** — Live status bar showing token usage and estimated session cost
+- **Token & cost tracking** — Live status bar showing token usage, estimated session cost, and auth mode indicator
 - **Plugin system** — Extend the chat with custom state, input handlers, renderer overlays, and commands
-- **Slash commands** — `/agent`, `/plan`, `/model`, `/history`, `/tokens`, `/help`, and more
+- **Slash commands** — `/agent`, `/plan`, `/model`, `/login`, `/history`, `/tokens`, `/help`, and more
 
 ## Requirements
 
 - Ruby >= 3.3.0
-- An OpenAI or Anthropic account (API key or OAuth)
+- An OpenAI or Anthropic account (ChatGPT Plus/Pro subscription, or API key)
 
 ## Installation
 
@@ -59,6 +61,7 @@ On first launch you'll be asked to authenticate with a provider. After that, you
 | `/plan off` | Disable plan mode |
 | `/plan save` | Save the current plan to a file |
 | `/model` | Switch to a different model |
+| `/login` | Authenticate with a provider (OpenAI, Anthropic) |
 | `/tokens` | Show detailed token usage breakdown |
 | `/history` | Show conversation history |
 | `/clear` | Clear the conversation |
@@ -113,13 +116,15 @@ bundle exec exe/ruby_coded
 
 ## What's next
 
-- Find a way to update the autocomplete plugin when a new command is added []
-- Display context window size (depending on the model) []
-- UI element to indicate the AI is performing a task []
-- Add the possibility to create custom commands []
-- Skills implementation []
-- Implement Google Auth for Gemini []
-- Session recovery system by ID []
+- Find a way to update the autocomplete plugin when a new command is added
+- Display context window size (depending on the model)
+- UI element to indicate the AI is performing a task
+- Add the possibility to create custom commands
+- Skills implementation
+- Implement Google Auth for Gemini
+- Local LLM support
+- Session recovery system by ID
+- Context summarization when approaching the model's context limit
 
 ## Contributing
 

data/lib/ruby_coded/auth/auth_manager.rb

@@ -48,6 +48,23 @@ module RubyCoded
         PROVIDERS.keys.select { |name| credential_store.retrieve(name) }
       end
 
+      def provider_for_model(model_name)
+        return nil if model_name.nil? || model_name.to_s.strip.empty?
+
+        normalized = model_name.to_s.downcase
+        return :openai if normalized.match?(/\A(gpt|o\d)/)
+        return :anthropic if normalized.start_with?("claude")
+
+        nil
+      end
+
+      def model_provider_authenticated?(model_name)
+        provider = provider_for_model(model_name)
+        return false unless provider
+
+        authenticated_provider_names.include?(provider)
+      end
+
       def check_authentication
         return if configured_providers.any? { |name| credential_store.retrieve(name) }
 
@@ -67,10 +84,10 @@ module RubyCoded
           PROVIDERS.each do |name, provider|
             credentials = credential_store.retrieve(name)
             next unless credentials
+            next if name == :openai && credentials["auth_method"] == "oauth"
 
             credentials = refresh_if_expired(name, provider, credentials)
-            key = extract_api_key(credentials)
-            config.send("#{provider.ruby_llm_key}=", key)
+            config.send("#{provider.ruby_llm_key}=", extract_api_key(credentials))
           end
         end
       end
@@ -82,9 +99,7 @@ module RubyCoded
       end
 
       def choose_provider
-        prompt.select("Please select the AI provider you want to log in:",
-                      configured_providers,
-                      per_page: 10)
+        prompt.select("Please select the AI provider you want to log in:", configured_providers, per_page: 10)
       end
 
       def strategy_for(provider)

data/lib/ruby_coded/auth/jwt_decoder.rb

@@ -0,0 +1,29 @@
+# frozen_string_literal: true
+
+require "base64"
+require "json"
+
+module RubyCoded
+  module Auth
+    # Decodes JWT tokens without external dependencies.
+    # Used to extract the ChatGPT account ID from OAuth access tokens.
+    module JWTDecoder
+      JWT_CLAIM_PATH = "https://api.openai.com/auth"
+
+      def self.decode(token)
+        parts = token.to_s.split(".")
+        return nil unless parts.size == 3
+
+        padded = parts[1] + ("=" * ((4 - (parts[1].length % 4)) % 4))
+        JSON.parse(Base64.urlsafe_decode64(padded))
+      rescue StandardError
+        nil
+      end
+
+      def self.extract_account_id(token)
+        payload = decode(token)
+        payload&.dig(JWT_CLAIM_PATH, "chatgpt_account_id")
+      end
+    end
+  end
+end

data/lib/ruby_coded/auth/providers/openai.rb

@@ -3,7 +3,9 @@
 module RubyCoded
   module Auth
     module Providers
-      # OpenAI provider's configuration
+      # OpenAI provider's configuration.
+      # OAuth authenticates via ChatGPT Plus/Pro subscription (Codex backend).
+      # API key authenticates via OpenAI Platform API credits.
       module OpenAI
         def self.display_name
           "OpenAI"
@@ -16,9 +18,9 @@ module RubyCoded
         def self.auth_methods
           [
             { key: :oauth,
-              label: "With your OpenAI account (requires API credits, " \
-                     "your ChatGPT subscription does not cover API usage)" },
-            { key: :api_key, label: "With an OpenAI API key (requires API credits at platform.openai.com)" }
+              label: "With your ChatGPT Plus/Pro subscription (no API credits needed)" },
+            { key: :api_key,
+              label: "With an OpenAI API key (requires API credits at platform.openai.com)" }
           ]
         end
 
@@ -43,12 +45,24 @@ module RubyCoded
         end
 
         def self.scopes
-          "offline_access"
+          "openid profile email offline_access"
         end
 
         def self.ruby_llm_key
           :openai_api_key
         end
+
+        def self.codex_auth_params
+          {
+            id_token_add_organizations: "true",
+            codex_cli_simplified_flow: "true",
+            originator: "codex_cli_rs"
+          }
+        end
+
+        def self.codex_base_url
+          "https://chatgpt.com/backend-api"
+        end
       end
     end
   end

data/lib/ruby_coded/chat/app/event_dispatch.rb

@@ -5,17 +5,27 @@ module RubyCoded
     class App
       # Routes TUI events to the appropriate handler methods.
       module EventDispatch
+        PLAN_ACTIONS = %i[plan_clarification_selected plan_clarification_custom plan_clarification_skip].freeze
+        LOGIN_ACTIONS = %i[
+          login_provider_selected login_method_selected login_key_submitted login_oauth_cancel login_cancel
+        ].freeze
+
         private
 
         def dispatch_event(event)
           action = @input_handler.process(event)
+          return :quit if action == :quit
+
+          route_action(action)
+        end
+
+        def route_action(action)
           case action
-          when :quit then :quit
           when :submit then handle_submit
           when :model_selected, :model_select_cancel then dispatch_model_action(action)
           when :cancel_streaming, :tool_approved, :tool_approved_all, :tool_rejected then dispatch_llm_action(action)
-          when :plan_clarification_selected, :plan_clarification_custom, :plan_clarification_skip
-            dispatch_plan_clarification(action)
+          when *PLAN_ACTIONS then dispatch_plan_clarification(action)
+          when *LOGIN_ACTIONS then dispatch_login_action(action)
           when :scroll_up, :scroll_down, :scroll_top, :scroll_bottom then handle_scroll(action)
           end
         end
@@ -64,6 +74,16 @@ module RubyCoded
           @llm_bridge.send_async(response)
         end
 
+        def dispatch_login_action(action)
+          case action
+          when :login_provider_selected then handle_login_provider_selected
+          when :login_method_selected   then handle_login_method_selected
+          when :login_key_submitted     then handle_login_key_submitted
+          when :login_oauth_cancel      then handle_login_oauth_cancel
+          when :login_cancel            then handle_login_cancel
+          end
+        end
+
         def handle_scroll(action)
           case action
           when :scroll_up then @state.scroll_up

data/lib/ruby_coded/chat/app/login_handler.rb

@@ -0,0 +1,79 @@
+# frozen_string_literal: true
+
+module RubyCoded
+  module Chat
+    class App
+      # Handles login step navigation: provider selection, auth method selection,
+      # API key submission, and login cancellation.
+      module LoginHandler
+        private
+
+        def handle_login_provider_selected
+          selected = @state.login_selected_item
+          return @state.exit_login_flow! unless selected
+
+          provider_name = selected[:key]
+          provider = Auth::AuthManager::PROVIDERS[provider_name]
+          methods = provider.auth_methods
+
+          if methods.size == 1
+            @state.login_advance_to_api_key!(provider_name, methods.first[:key])
+          else
+            @state.login_advance_to_auth_method!(provider_name)
+          end
+        end
+
+        def handle_login_method_selected
+          selected = @state.login_selected_item
+          return @state.exit_login_flow! unless selected
+
+          case selected[:key]
+          when :oauth   then start_oauth_flow
+          when :api_key then @state.login_advance_to_api_key!(@state.login_provider, :api_key)
+          end
+        end
+
+        def handle_login_key_submitted
+          key = @state.login_key_buffer.strip
+          provider = @state.login_provider_module
+          unless provider.key_pattern.match?(key)
+            @state.login_set_error!("Invalid API key format for #{provider.display_name}.")
+            return
+          end
+          save_api_key_credentials(key, provider)
+        rescue StandardError => e
+          @state.login_set_error!("Login failed: #{e.message}")
+        end
+
+        def save_api_key_credentials(key, provider)
+          credentials = { "auth_method" => "api_key", "key" => key }
+          @credentials_store.store(@state.login_provider, credentials)
+          @auth_manager&.configure_ruby_llm!
+          recreate_bridge!
+          @state.exit_login_flow!
+          @state.add_message(:system, "Logged in to #{provider.display_name} with API key.")
+        end
+
+        def handle_login_oauth_cancel
+          cleanup_oauth!
+          @state.exit_login_flow!
+          @state.add_message(:system, "Login cancelled.")
+        end
+
+        def handle_login_cancel
+          cleanup_oauth! if @state.login_step == :oauth_waiting
+          @state.exit_login_flow!
+        end
+
+        def cleanup_oauth!
+          @oauth_server&.shutdown
+          @oauth_wait_thread&.kill
+          @oauth_server = nil
+          @oauth_wait_thread = nil
+          @oauth_pkce = nil
+          @oauth_state = nil
+        end
+      end
+    end
+  end
+end

data/lib/ruby_coded/chat/app/oauth_handler.rb

@@ -0,0 +1,105 @@
+# frozen_string_literal: true
+
+module RubyCoded
+  module Chat
+    class App
+      # Manages the OAuth authorization flow: browser launch, callback server,
+      # token exchange, and credential storage.
+      module OAuthHandler
+        private
+
+        def start_oauth_flow
+          provider_name = @state.login_provider
+          provider = Auth::AuthManager::PROVIDERS[provider_name]
+          @oauth_pkce = Auth::PKCE.generate
+          @oauth_state = SecureRandom.hex(16)
+          @oauth_server = Auth::OAuthCallbackServer.new
+          @oauth_server.start
+          open_browser(build_oauth_url(provider, @oauth_pkce[:challenge], @oauth_state))
+          @state.login_advance_to_oauth!(provider_name)
+          start_oauth_callback_thread!
+        end
+
+        def start_oauth_callback_thread!
+          @oauth_wait_thread = Thread.new do
+            result = @oauth_server.wait_for_callback
+            @state.login_set_oauth_result!(result)
+          rescue StandardError => e
+            @state.login_set_oauth_result!({ error: e.message })
+          end
+        end
+
+        def poll_oauth_result
+          result = @state.login_oauth_result
+          return unless result
+
+          @state.login_clear_oauth_result!
+          process_oauth_result(result)
+        end
+
+        def process_oauth_result(result)
+          return fail_oauth!("OAuth failed: #{result[:error]}") if result[:error]
+          return fail_oauth!("OAuth failed: state mismatch.") if result[:state] != @oauth_state
+
+          complete_oauth_login(result)
+        rescue StandardError => e
+          fail_oauth!("OAuth failed: #{e.message}")
+        end
+
+        def fail_oauth!(message)
+          @state.exit_login_flow!
+          @state.add_message(:system, message)
+        end
+
+        def complete_oauth_login(result)
+          provider_name = @state.login_provider
+          provider = Auth::AuthManager::PROVIDERS[provider_name]
+          tokens = exchange_oauth_code(provider, result[:code], @oauth_pkce[:verifier])
+          @credentials_store.store(provider_name, build_oauth_credentials(tokens))
+          @auth_manager&.configure_ruby_llm!
+          recreate_bridge!
+          @state.exit_login_flow!
+          @state.add_message(:system, "Logged in to #{provider.display_name} with OAuth.")
+        end
+
+        def build_oauth_url(provider, challenge, state)
+          params = {
+            client_id: provider.client_id, redirect_uri: provider.redirect_uri,
+            response_type: "code", scope: provider.scopes, code_challenge: challenge,
+            code_challenge_method: "S256", state: state
+          }
+          params.merge!(provider.codex_auth_params) if provider.respond_to?(:codex_auth_params)
+          "#{provider.auth_url}?#{URI.encode_www_form(params)}"
+        end
+
+        def exchange_oauth_code(provider, code, verifier)
+          response = Faraday.post(provider.token_url, {
+                                    "grant_type" => "authorization_code",
+                                    "code" => code,
+                                    "redirect_uri" => provider.redirect_uri,
+                                    "client_id" => provider.client_id,
+                                    "code_verifier" => verifier
+                                  })
+          JSON.parse(response.body)
+        end
+
+        def build_oauth_credentials(tokens)
+          {
+            "auth_method" => "oauth",
+            "access_token" => tokens["access_token"],
+            "refresh_token" => tokens["refresh_token"],
+            "expires_at" => (Time.now + tokens["expires_in"].to_i).iso8601
+          }
+        end
+
+        def open_browser(url)
+          case RbConfig::CONFIG["host_os"]
+          when /darwin/ then system("open", url)
+          when /linux/ then system("xdg-open", url)
+          when /mswin|mingw/ then system("start", url)
+          end
+        end
+      end
+    end
+  end
+end

data/lib/ruby_coded/chat/app.rb

@@ -1,29 +1,49 @@
 # frozen_string_literal: true
 
 require "ratatui_ruby"
+require "securerandom"
+require "faraday"
+require "json"
+require "uri"
 
 require_relative "state"
 require_relative "input_handler"
 require_relative "renderer"
 require_relative "command_handler"
 require_relative "llm_bridge"
+require_relative "codex_bridge"
+require_relative "codex_models"
 require_relative "../auth/credentials_store"
+require_relative "../auth/jwt_decoder"
+require_relative "../auth/pkce"
+require_relative "../auth/oauth_callback_server"
 require_relative "app/event_dispatch"
+require_relative "app/login_handler"
+require_relative "app/oauth_handler"
 
 module RubyCoded
   module Chat
     # Main class for the AI chat interface
     class App
       include EventDispatch
+      include LoginHandler
+      include OAuthHandler
 
-      def initialize(model:, user_config: nil)
+      def initialize(model:, user_config: nil, auth_manager: nil, fallback_from_model: nil)
         @model = model
         @user_config = user_config
+        @auth_manager = auth_manager
+        @fallback_from_model = fallback_from_model
         apply_plugin_extensions!
-        @state = State.new(model: model)
-        @llm_bridge = LLMBridge.new(@state)
-        @input_handler = InputHandler.new(@state)
+        build_components!
+        announce_model_fallback
+      end
+
+      def build_components!
+        @state = State.new(model: @model)
         @credentials_store = Auth::CredentialsStore.new
+        @llm_bridge = create_bridge
+        @input_handler = InputHandler.new(@state)
         @command_handler = build_command_handler
       end
 
@@ -47,6 +67,7 @@ module RubyCoded
       def run_event_loop
         loop do
           refresh_screen
+          poll_oauth_result if @state.login_active? && @state.login_step == :oauth_waiting
           event = @tui.poll_event(timeout: poll_timeout)
           next if event.none?
 
@@ -75,8 +96,18 @@ module RubyCoded
       end
 
       def build_command_handler
-        CommandHandler.new(
-          @state, llm_bridge: @llm_bridge, user_config: @user_config, credentials_store: @credentials_store
+        CommandHandler.new(@state, llm_bridge: @llm_bridge, user_config: @user_config,
+                                   credentials_store: @credentials_store, auth_manager: @auth_manager)
+      end
+
+      def announce_model_fallback
+        return unless @fallback_from_model && !@fallback_from_model.to_s.strip.empty?
+        return if @fallback_from_model == @model
+
+        @state.add_message(
+          :system,
+          "Model #{@fallback_from_model} is not available (provider not authenticated). " \
+          "Switched to #{@model}. Use /login to authenticate or /model to change."
         )
       end
 
@@ -99,6 +130,34 @@ module RubyCoded
         @state.add_message(:system, "Model switched to #{model_name}.")
       end
 
+      def create_bridge
+        openai_creds = @credentials_store.retrieve(:openai)
+        if openai_creds && openai_creds["auth_method"] == "oauth"
+          @state.codex_mode = true
+          ensure_valid_codex_model!
+          CodexBridge.new(@state, credentials_store: @credentials_store, auth_manager: @auth_manager)
+        else
+          @state.codex_mode = false
+          LLMBridge.new(@state)
+        end
+      end
+
+      def ensure_valid_codex_model!
+        return if CodexModels.codex_model?(@state.model)
+
+        @state.model = CodexBridge::DEFAULT_MODEL
+        @user_config&.set_config("model", CodexBridge::DEFAULT_MODEL)
+      end
+
+      def recreate_bridge!
+        agentic = @llm_bridge.agentic_mode
+        plan = @llm_bridge.plan_mode
+        @llm_bridge = create_bridge
+        @llm_bridge.toggle_agentic_mode!(agentic) if agentic
+        @llm_bridge.toggle_plan_mode!(plan) if plan
+        @command_handler = build_command_handler
+      end
+
     end
   end
 end