@adversity/coding-tool-x 3.0.6 → 3.1.0

package/dist/web/index.html

@@ -5,12 +5,12 @@
     <link rel="icon" href="/favicon.ico">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
     <title>CC-TOOL - ClaudeCode增强工作助手</title>
-    <script type="module" crossorigin src="/assets/index-D2VfwJBa.js"></script>
+    <script type="module" crossorigin src="/assets/index-DI8QOi-E.js"></script>
     <link rel="modulepreload" crossorigin href="/assets/vue-vendor-6JaYHOiI.js">
     <link rel="modulepreload" crossorigin href="/assets/vendors-D2HHw_aW.js">
-    <link rel="modulepreload" crossorigin href="/assets/icons-BxudHPiX.js">
-    <link rel="modulepreload" crossorigin href="/assets/naive-ui-DT-Uur8K.js">
-    <link rel="stylesheet" crossorigin href="/assets/index-oXBzu0bd.css">
+    <link rel="modulepreload" crossorigin href="/assets/icons-CO_2OFES.js">
+    <link rel="modulepreload" crossorigin href="/assets/naive-ui-B1re3c-e.js">
+    <link rel="stylesheet" crossorigin href="/assets/index-uLHGdeZh.css">
   </head>
   <body>
     <div id="app"></div>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adversity/coding-tool-x",
-  "version": "3.0.6",
+  "version": "3.1.0",
   "description": "Vibe Coding 增强工作助手 - 智能会话管理、动态渠道切换、全局搜索、实时监控",
   "main": "src/index.js",
   "bin": {

package/src/commands/daemon.js

@@ -72,11 +72,18 @@ async function handleStart() {
     const config = loadConfig();
     const port = config.ports?.webUI || 10099;
 
+    // 检查是否启用 LAN 访问 (--host 标志)
+    const enableHost = process.argv.includes('--host');
+    const pmArgs = ['ui', '--daemon'];
+    if (enableHost) {
+      pmArgs.push('--host');
+    }
+
     // 启动 PM2 进程
     pm2.start({
       name: PM2_APP_NAME,
       script: path.join(__dirname, '../index.js'),
-      args: ['ui', '--daemon'],
+      args: pmArgs,
       interpreter: 'node',
       autorestart: true,
       max_memory_restart: '500M',
@@ -97,6 +104,9 @@ async function handleStart() {
 
       console.log(chalk.green('\n✅ Coding-Tool 服务已启动（后台运行）\n'));
       console.log(chalk.gray(`Web UI: http://localhost:${port}`));
+      if (enableHost) {
+        console.log(chalk.yellow(`⚠️  LAN 访问已启用 (http://<your-ip>:${port})`));
+      }
       console.log(chalk.gray('\n可以安全关闭此终端窗口'));
       console.log(chalk.gray('\n常用命令:'));
       console.log(chalk.gray('  ') + chalk.cyan('ctx status') + chalk.gray('   - 查看服务状态'));

package/src/commands/ui.js

@@ -8,9 +8,16 @@ async function handleUI() {
   // 检查是否为 daemon 模式（PM2 启动）
   const isDaemon = process.argv.includes('--daemon');
 
+  // 检查是否启用 LAN 访问 (--host 标志)
+  const enableHost = process.argv.includes('--host');
+  const host = enableHost ? '0.0.0.0' : '127.0.0.1';
+
   if (!isDaemon) {
     console.clear();
     console.log(chalk.cyan.bold('\n🌐 启动 Coding-Tool Web UI...\n'));
+    if (enableHost) {
+      console.log(chalk.yellow('⚠️  LAN 访问已启用 (--host)\n'));
+    }
   }
 
   // 从配置加载端口
@@ -19,7 +26,7 @@ async function handleUI() {
   const url = `http://localhost:${port}`;
 
   try {
-    await startServer(port);
+    await startServer(port, host);
 
     // 自动打开浏览器（仅非 daemon 模式）
     if (!isDaemon) {

package/src/index.js

@@ -48,8 +48,10 @@ function showHelp() {
   console.log('  ctx status              查看服务状态\n');
 
   console.log(chalk.yellow('📱 UI 管理:'));
-  console.log('  ctx ui                  前台启动 Web UI（默认）');
+  console.log('  ctx ui                  前台启动 Web UI（仅本地访问）');
+  console.log('  ctx ui --host           前台启动 Web UI（允许 LAN 访问）');
   console.log('  ctx ui start            后台启动 Web UI');
+  console.log('  ctx ui start --host     后台启动 Web UI（允许 LAN 访问）');
   console.log('  ctx ui stop             停止 Web UI');
   console.log('  ctx ui restart          重启 Web UI\n');
 

package/src/server/api/oauth.js

@@ -0,0 +1,294 @@
+'use strict';
+
+const express = require('express');
+const router = express.Router();
+const { OAUTH_PROVIDERS, getProviderConfig } = require('../config/oauth-providers');
+const {
+  startFlow,
+  getPendingFlow,
+  completeFlow,
+  failFlow,
+  cancelFlow,
+  exchangeCodeForToken,
+  refreshToken
+} = require('../services/oauth-service');
+const {
+  startCallbackServer,
+  stopCallbackServer,
+  isServerRunning
+} = require('../services/oauth-callback-server');
+const {
+  getAllTokens,
+  getToken,
+  saveToken,
+  updateToken,
+  deleteToken
+} = require('../services/oauth-token-storage');
+
+// Track callback servers by state
+const stateToPort = new Map();
+
+// GET /api/oauth/providers - List available OAuth providers
+router.get('/providers', (req, res) => {
+  try {
+    const providers = Object.entries(OAUTH_PROVIDERS).map(([id, config]) => ({
+      id,
+      name: config.name,
+      scopes: config.scopes
+    }));
+    res.json({ providers });
+  } catch (error) {
+    console.error('Error fetching OAuth providers:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// POST /api/oauth/start - Start OAuth flow
+router.post('/start', async (req, res) => {
+  try {
+    const { provider, channelId, mode = 'browser' } = req.body;
+
+    if (!provider) {
+      return res.status(400).json({ error: 'Missing required field: provider' });
+    }
+
+    // Validate provider
+    if (!OAUTH_PROVIDERS[provider]) {
+      return res.status(400).json({ error: `Unknown provider: ${provider}` });
+    }
+
+    const providerConfig = getProviderConfig(provider);
+    const { state, authUrl } = startFlow(provider, channelId);
+    const callbackPort = providerConfig.callbackPort;
+    const callbackPath = providerConfig.callbackPath;
+
+    // Track state -> port mapping
+    stateToPort.set(state, callbackPort);
+
+    // Start callback server
+    await startCallbackServer(callbackPort, callbackPath, async (callbackData) => {
+      const { code, state: cbState, error, errorDescription } = callbackData;
+
+      if (error) {
+        failFlow(cbState, `${error}: ${errorDescription || 'Unknown error'}`);
+        return;
+      }
+
+      if (!code) {
+        failFlow(cbState, 'No authorization code received');
+        return;
+      }
+
+      // Get pending flow to retrieve code verifier
+      const flow = getPendingFlow(cbState);
+      if (!flow) {
+        console.error('OAuth callback received for unknown state:', cbState);
+        return;
+      }
+
+      try {
+        // Exchange code for token
+        const tokenResult = await exchangeCodeForToken(
+          flow.provider,
+          code,
+          flow.codeVerifier
+        );
+
+        // Calculate expiry time
+        const now = Date.now();
+        const expiresAt = tokenResult.expiresIn
+          ? now + (tokenResult.expiresIn * 1000)
+          : null;
+
+        // Save token
+        const savedToken = saveToken({
+          provider: flow.provider,
+          channelId: flow.channelId,
+          accessToken: tokenResult.accessToken,
+          refreshToken: tokenResult.refreshToken,
+          idToken: tokenResult.idToken,
+          expiresAt,
+          scope: tokenResult.scope
+        });
+
+        // Mark flow as completed
+        completeFlow(cbState, savedToken.id);
+        console.log(`OAuth flow completed for provider: ${flow.provider}, tokenId: ${savedToken.id}`);
+      } catch (err) {
+        console.error('Error exchanging code for token:', err);
+        failFlow(cbState, err.message);
+      }
+    });
+
+    // Open browser if mode is 'browser'
+    if (mode === 'browser') {
+      try {
+        const open = require('open');
+        await open(authUrl);
+      } catch (err) {
+        console.error('Failed to open browser:', err);
+        // Don't fail the request, user can still open URL manually
+      }
+    }
+
+    res.json({
+      success: true,
+      stateId: state,
+      authUrl,
+      callbackPort
+    });
+  } catch (error) {
+    console.error('Error starting OAuth flow:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// GET /api/oauth/status/:stateId - Get OAuth flow status
+router.get('/status/:stateId', (req, res) => {
+  try {
+    const { stateId } = req.params;
+    const flow = getPendingFlow(stateId);
+
+    if (!flow) {
+      return res.status(404).json({
+        status: 'not_found',
+        error: 'OAuth flow not found or expired'
+      });
+    }
+
+    const response = {
+      status: flow.status
+    };
+
+    if (flow.status === 'completed' && flow.tokenId) {
+      response.tokenId = flow.tokenId;
+    }
+
+    if (flow.status === 'failed' && flow.error) {
+      response.error = flow.error;
+    }
+
+    res.json(response);
+  } catch (error) {
+    console.error('Error fetching OAuth status:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// POST /api/oauth/cancel/:stateId - Cancel OAuth flow
+router.post('/cancel/:stateId', (req, res) => {
+  try {
+    const { stateId } = req.params;
+
+    // Get port for this state
+    const port = stateToPort.get(stateId);
+
+    // Stop callback server if running
+    if (port && isServerRunning(port)) {
+      stopCallbackServer(port);
+    }
+
+    // Cancel the flow
+    cancelFlow(stateId);
+
+    // Clean up state -> port mapping
+    stateToPort.delete(stateId);
+
+    res.json({ success: true });
+  } catch (error) {
+    console.error('Error cancelling OAuth flow:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// GET /api/oauth/tokens - List all tokens (masked)
+router.get('/tokens', (req, res) => {
+  try {
+    const tokens = getAllTokens();
+    res.json({ tokens });
+  } catch (error) {
+    console.error('Error fetching OAuth tokens:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// GET /api/oauth/tokens/:tokenId - Get single token (masked)
+router.get('/tokens/:tokenId', (req, res) => {
+  try {
+    const token = getToken(req.params.tokenId);
+    if (!token) {
+      return res.status(404).json({ error: 'Token not found' });
+    }
+    // Return masked token info
+    const masked = {
+      ...token,
+      accessToken: token.accessToken ? token.accessToken.substring(0, 8) + '...' : null,
+      refreshToken: token.refreshToken ? token.refreshToken.substring(0, 8) + '...' : null
+    };
+    res.json(masked);
+  } catch (error) {
+    console.error('Error fetching OAuth token:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// DELETE /api/oauth/tokens/:tokenId - Delete a token
+router.delete('/tokens/:tokenId', (req, res) => {
+  try {
+    const { tokenId } = req.params;
+    const result = deleteToken(tokenId);
+    res.json(result);
+  } catch (error) {
+    if (error.message === 'Token not found') {
+      return res.status(404).json({ error: 'Token not found' });
+    }
+    console.error('Error deleting OAuth token:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+// POST /api/oauth/refresh/:tokenId - Refresh a token
+router.post('/refresh/:tokenId', async (req, res) => {
+  try {
+    const { tokenId } = req.params;
+    const token = getToken(tokenId);
+
+    if (!token) {
+      return res.status(404).json({ error: 'Token not found' });
+    }
+
+    if (!token.refreshToken) {
+      return res.status(400).json({ error: 'Token does not have a refresh token' });
+    }
+
+    // Refresh the token
+    const refreshResult = await refreshToken(token.provider, token.refreshToken);
+
+    // Calculate new expiry time
+    const now = Date.now();
+    const expiresAt = refreshResult.expiresIn
+      ? now + (refreshResult.expiresIn * 1000)
+      : null;
+
+    // Update token in storage
+    const updatedToken = updateToken(tokenId, {
+      accessToken: refreshResult.accessToken,
+      refreshToken: refreshResult.refreshToken || token.refreshToken,
+      expiresAt,
+      scope: refreshResult.scope || token.scope
+    });
+
+    res.json({
+      success: true,
+      expiresAt: updatedToken.expiresAt
+    });
+  } catch (error) {
+    if (error.message === 'Token not found') {
+      return res.status(404).json({ error: 'Token not found' });
+    }
+    console.error('Error refreshing OAuth token:', error);
+    res.status(500).json({ error: error.message });
+  }
+});
+
+module.exports = router;

package/src/server/codex-proxy-server.js

@@ -10,7 +10,7 @@ const DEFAULT_CONFIG = require('../config/default');
 const { resolvePricing } = require('./utils/pricing');
 const { recordRequest: recordCodexRequest } = require('./services/codex-statistics-service');
 const { saveProxyStartTime, clearProxyStartTime, getProxyStartTime, getProxyRuntime } = require('./services/proxy-runtime');
-const { getEnabledChannels, writeCodexConfigForMultiChannel } = require('./services/codex-channels');
+const { getEnabledChannels, writeCodexConfigForMultiChannel, getEffectiveApiKey } = require('./services/codex-channels');
 const { CLAUDE_MODEL_PRICING } = require('../config/model-pricing');
 
 let proxyServer = null;
@@ -257,7 +257,8 @@ async function startCodexProxyServer(options = {}) {
       });
 
       proxyReq.removeHeader('authorization');
-      proxyReq.setHeader('authorization', `Bearer ${activeChannel.apiKey}`);
+      const effectiveKey = getEffectiveApiKey(activeChannel);
+      proxyReq.setHeader('authorization', `Bearer ${effectiveKey}`);
       proxyReq.setHeader('openai-beta', 'responses=experimental');
       if (!proxyReq.getHeader('content-type')) {
         proxyReq.setHeader('content-type', 'application/json');

package/src/server/config/oauth-providers.js

@@ -0,0 +1,68 @@
+'use strict';
+
+const OAUTH_PROVIDERS = {
+  claude: {
+    name: 'Claude Pro',
+    authUrl: 'https://claude.ai/oauth/authorize',
+    tokenUrl: 'https://console.anthropic.com/v1/oauth/token',
+    clientId: '9d1c250a-e61b-44d9-88ed-5944d1962f5e',
+    redirectUri: 'http://localhost:54545/callback',
+    scopes: ['org:create_api_key', 'user:profile', 'user:inference'],
+    authType: 'pkce',
+    callbackPort: 54545,
+    callbackPath: '/callback'
+  },
+
+  codex: {
+    name: 'OpenAI Codex',
+    authUrl: 'https://auth.openai.com/oauth/authorize',
+    tokenUrl: 'https://auth.openai.com/oauth/token',
+    clientId: 'app_EMoamEEZ73f0CkXaXp7hrann',
+    redirectUri: 'http://localhost:1455/auth/callback',
+    scopes: ['openid', 'profile', 'email', 'offline_access'],
+    authType: 'pkce',
+    extraParams: {
+      codex_cli_simplified_flow: 'true',
+      originator: 'ctx'
+    },
+    tokenContentType: 'application/x-www-form-urlencoded',
+    callbackPort: 1455,
+    callbackPath: '/auth/callback'
+  },
+
+  gemini: {
+    name: 'Google Gemini',
+    authUrl: 'https://accounts.google.com/o/oauth2/v2/auth',
+    tokenUrl: 'https://oauth2.googleapis.com/token',
+    clientId: '681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com',
+    clientSecret: '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',
+    redirectUri: 'http://localhost:51121/callback',
+    scopes: [
+      'https://www.googleapis.com/auth/cloud-platform',
+      'https://www.googleapis.com/auth/userinfo.email',
+      'https://www.googleapis.com/auth/userinfo.profile',
+      'https://www.googleapis.com/auth/cclog',
+      'https://www.googleapis.com/auth/experimentsandconfigs'
+    ],
+    authType: 'standard',
+    extraParams: {
+      access_type: 'offline',
+      prompt: 'consent'
+    },
+    callbackPort: 51121,
+    callbackPath: '/callback'
+  }
+};
+
+function getProviderConfig(provider) {
+  const config = OAUTH_PROVIDERS[provider];
+  if (!config) {
+    throw new Error(`Unknown OAuth provider: ${provider}`);
+  }
+  return { ...config };
+}
+
+module.exports = {
+  OAUTH_PROVIDERS,
+  getProviderConfig
+};

package/src/server/gemini-proxy-server.js

@@ -10,6 +10,7 @@ const DEFAULT_CONFIG = require('../config/default');
 const { resolvePricing } = require('./utils/pricing');
 const { recordRequest: recordGeminiRequest } = require('./services/gemini-statistics-service');
 const { saveProxyStartTime, clearProxyStartTime, getProxyStartTime, getProxyRuntime } = require('./services/proxy-runtime');
+const { getEffectiveApiKey } = require('./services/gemini-channels');
 
 let proxyServer = null;
 let proxyApp = null;
@@ -152,7 +153,8 @@ async function startGeminiProxyServer(options = {}) {
 
       proxyReq.removeHeader('authorization');
       proxyReq.removeHeader('x-goog-api-key');
-      proxyReq.setHeader('authorization', `Bearer ${activeChannel.apiKey}`);
+      const effectiveKey = getEffectiveApiKey(activeChannel);
+      proxyReq.setHeader('authorization', `Bearer ${effectiveKey}`);
       if (!proxyReq.getHeader('content-type')) {
         proxyReq.setHeader('content-type', 'application/json');
       }

package/src/server/index.js

@@ -14,7 +14,7 @@ const { startProxyServer } = require('./proxy-server');
 const { startCodexProxyServer } = require('./codex-proxy-server');
 const { startGeminiProxyServer } = require('./gemini-proxy-server');
 
-async function startServer(port) {
+async function startServer(port, host = '127.0.0.1') {
   const config = loadConfig();
   // 使用配置的端口，如果没有传入参数
   if (!port) {
@@ -154,6 +154,9 @@ async function startServer(port) {
   // 配置同步 API
   app.use('/api/config-sync', require('./api/config-sync'));
 
+  // OAuth API
+  app.use('/api/oauth', require('./api/oauth'));
+
   // 配置注册表 API (集中管理 skills/commands/agents/rules 的启用/禁用)
   app.use('/api/config-registry', require('./api/config-registry'));
 
@@ -170,9 +173,15 @@ async function startServer(port) {
   }
 
   // Start server
-  const server = app.listen(port, () => {
+  const server = app.listen(port, host, () => {
     console.log(`\n🚀 Coding-Tool Web UI running at:`);
-    console.log(`   http://localhost:${port}`);
+    if (host === '0.0.0.0') {
+      console.log(chalk.yellow(`   ⚠️  警告: 服务正在监听所有网络接口 (LAN 可访问)`));
+      console.log(`   http://localhost:${port}`);
+      console.log(chalk.gray(`   http://<your-ip>:${port} (LAN 访问)`));
+    } else {
+      console.log(`   http://localhost:${port}`);
+    }
 
     // 附加 WebSocket 服务器到同一个端口
     attachWebSocketServer(server);

package/src/server/proxy-server.js

@@ -13,6 +13,7 @@ const { recordRequest } = require('./services/statistics-service');
 const { saveProxyStartTime, clearProxyStartTime, getProxyStartTime, getProxyRuntime } = require('./services/proxy-runtime');
 const eventBus = require('../plugins/event-bus');
 const { CLAUDE_MODEL_PRICING } = require('../config/model-pricing');
+const { getEffectiveApiKey } = require('./services/channels');
 
 let proxyServer = null;
 let proxyApp = null;
@@ -185,9 +186,10 @@ async function startProxyServer(options = {}) {
         });
 
         proxyReq.removeHeader('x-api-key');
-        proxyReq.setHeader('x-api-key', selectedChannel.apiKey);
+        const effectiveKey = getEffectiveApiKey(selectedChannel);
+        proxyReq.setHeader('x-api-key', effectiveKey);
         proxyReq.removeHeader('authorization');
-        proxyReq.setHeader('authorization', `Bearer ${selectedChannel.apiKey}`);
+        proxyReq.setHeader('authorization', `Bearer ${effectiveKey}`);
 
         if (!proxyReq.getHeader('anthropic-version')) {
           proxyReq.setHeader('anthropic-version', '2023-06-01');

package/src/server/services/channels.js

@@ -65,6 +65,11 @@ function applyChannelDefaults(channel) {
     normalized.enabled = !!normalized.enabled;
   }
 
+  // OAuth 字段默认值（向后兼容）
+  if (!normalized.authType) {
+    normalized.authType = 'apiKey';
+  }
+
   normalized.weight = normalizeNumber(normalized.weight, 1, 100);
 
   if (normalized.maxConcurrency === undefined ||
@@ -189,7 +194,11 @@ function createChannel(name, baseUrl, apiKey, websiteUrl, extraConfig = {}) {
     modelConfig: extraConfig.modelConfig || null,
     modelRedirects: extraConfig.modelRedirects || [],
     proxyUrl: extraConfig.proxyUrl || '',
-    speedTestModel: extraConfig.speedTestModel || null
+    speedTestModel: extraConfig.speedTestModel || null,
+    // OAuth 支持
+    authType: extraConfig.authType || 'apiKey',
+    oauthProvider: extraConfig.oauthProvider || null,
+    oauthTokenId: extraConfig.oauthTokenId || null
   });
 
   data.channels.push(newChannel);
@@ -381,6 +390,27 @@ function updateClaudeSettings(baseUrl, apiKey) {
   fs.writeFileSync(settingsPath, JSON.stringify(settings, null, 2), 'utf8');
 }
 
+/**
+ * 获取渠道的有效 API Key
+ * 如果渠道使用 OAuth 认证，返回有效的 OAuth 令牌；否则返回静态 API Key
+ *
+ * @param {Object} channel - 渠道对象
+ * @returns {string|null} 有效的 API Key，OAuth 令牌无效/过期时返回 null
+ */
+function getEffectiveApiKey(channel) {
+  if (channel.authType === 'oauth' && channel.oauthTokenId) {
+    const { getToken, isTokenExpired } = require('./oauth-token-storage');
+    const token = getToken(channel.oauthTokenId);
+    if (token && !isTokenExpired(token)) {
+      return token.accessToken;
+    }
+    // OAuth 令牌无效或已过期，返回 null（调用方应处理刷新或报错）
+    console.warn(`[Channels] OAuth token expired or not found for channel ${channel.name}`);
+    return null;
+  }
+  return channel.apiKey;
+}
+
 module.exports = {
   getAllChannels,
   getCurrentSettings,
@@ -390,5 +420,6 @@ module.exports = {
   applyChannelToSettings,
   getBestChannelForRestore,
   updateClaudeSettings,
-  updateClaudeSettingsWithModelConfig
+  updateClaudeSettingsWithModelConfig,
+  getEffectiveApiKey
 };

package/src/server/services/codex-channels.js

@@ -49,7 +49,8 @@ function loadChannels() {
         weight: ch.weight || 1,
         maxConcurrency: ch.maxConcurrency || null,
         modelRedirects: ch.modelRedirects || [],
-        speedTestModel: ch.speedTestModel || null
+        speedTestModel: ch.speedTestModel || null,
+        authType: ch.authType || 'apiKey' // 默认 API Key 认证
       }));
     }
     return data;
@@ -179,6 +180,9 @@ function createChannel(name, providerKey, baseUrl, apiKey, wireApi = 'responses'
     maxConcurrency: extraConfig.maxConcurrency || null,
     modelRedirects: extraConfig.modelRedirects || [],
     speedTestModel: extraConfig.speedTestModel || null,
+    authType: extraConfig.authType || 'apiKey',
+    oauthProvider: extraConfig.oauthProvider || null,
+    oauthTokenId: extraConfig.oauthTokenId || null,
     createdAt: Date.now(),
     updatedAt: Date.now()
   };
@@ -649,6 +653,26 @@ try {
   console.warn('[Codex Channels] Auto sync env vars failed:', err.message);
 }
 
+/**
+ * 获取渠道的有效 API Key
+ * 如果渠道使用 OAuth 认证，返回 OAuth 令牌；否则返回静态 API Key
+ *
+ * @param {Object} channel - 渠道对象
+ * @returns {string|null} 有效的 API Key
+ */
+function getEffectiveApiKey(channel) {
+  if (channel.authType === 'oauth' && channel.oauthTokenId) {
+    const { getToken, isTokenExpired } = require('./oauth-token-storage');
+    const token = getToken(channel.oauthTokenId);
+    if (token && !isTokenExpired(token)) {
+      return token.accessToken;
+    }
+    // OAuth 令牌无效或已过期，返回 null
+    return null;
+  }
+  return channel.apiKey;
+}
+
 module.exports = {
   getChannels,
   createChannel,
@@ -658,5 +682,6 @@ module.exports = {
   saveChannelOrder,
   syncAllChannelEnvVars,
   writeCodexConfigForMultiChannel,
-  applyChannelToSettings
+  applyChannelToSettings,
+  getEffectiveApiKey
 };