@bitkyc08/opencodex 2.0.2 → 2.1.3

package/src/open-url.ts

@@ -1,9 +1,13 @@
-import { exec } from "node:child_process";
+import { spawn } from "node:child_process";
 
 export function openUrl(url: string): void {
+  if (!/^https?:\/\//i.test(url)) return;
   const cmd =
     process.platform === "darwin" ? "open"
-    : process.platform === "win32" ? 'start ""'
+    : process.platform === "win32" ? "rundll32"
     : "xdg-open";
-  exec(`${cmd} ${JSON.stringify(url)}`);
+  const args = process.platform === "win32"
+    ? ["url.dll,FileProtocolHandler", url]
+    : [url];
+  spawn(cmd, args, { detached: true, stdio: "ignore", shell: false }).unref();
 }

package/src/ports.ts

@@ -0,0 +1,30 @@
+import { createServer } from "node:net";
+
+export async function isPortAvailable(port: number, hostname = "127.0.0.1"): Promise<boolean> {
+  return await new Promise(resolve => {
+    const server = createServer();
+    server.once("error", () => resolve(false));
+    server.once("listening", () => {
+      server.close(() => resolve(true));
+    });
+    server.listen({ port, host: hostname });
+  });
+}
+
+export async function findAvailablePort(preferredPort: number, hostname = "127.0.0.1"): Promise<number> {
+  if (await isPortAvailable(preferredPort, hostname)) return preferredPort;
+  return await new Promise((resolve, reject) => {
+    const server = createServer();
+    server.once("error", reject);
+    server.once("listening", () => {
+      const address = server.address();
+      const port = typeof address === "object" && address ? address.port : 0;
+      server.close(() => {
+        if (port > 0) resolve(port);
+        else reject(new Error("failed to allocate an available port"));
+      });
+    });
+    server.listen({ port: 0, host: hostname });
+  });
+}
+

package/src/providers/registry.ts

@@ -176,7 +176,7 @@ export const PROVIDER_REGISTRY: readonly ProviderRegistryEntry[] = [
   { id: "openrouter", label: "OpenRouter", adapter: "openai-chat", baseUrl: "https://openrouter.ai/api/v1", authKind: "key", featured: true, dashboardUrl: "https://openrouter.ai/keys", jawcodeBundle: "openrouter" },
   { id: "groq", label: "Groq", adapter: "openai-chat", baseUrl: "https://api.groq.com/openai/v1", authKind: "key", featured: true, dashboardUrl: "https://console.groq.com/keys" },
   { id: "google", label: "Google Gemini", adapter: "google", baseUrl: "https://generativelanguage.googleapis.com", authKind: "key", featured: true, dashboardUrl: "https://aistudio.google.com/apikey", defaultModel: "gemini-3-pro", jawcodeBundle: "google", extraMetadataAliases: ["gemini"] },
-  { id: "azure-openai", label: "Azure OpenAI", adapter: "azure-openai", baseUrl: "https://{resource}.openai.azure.com/openai/deployments/{deployment}", authKind: "key", featured: true, dashboardUrl: "https://portal.azure.com" },
+  { id: "azure-openai", label: "Azure OpenAI", adapter: "azure-openai", baseUrl: "https://{resource}.openai.azure.com/openai", authKind: "key", featured: true, dashboardUrl: "https://portal.azure.com" },
   { id: "ollama", label: "Ollama (local)", adapter: "openai-chat", baseUrl: "http://localhost:11434/v1", authKind: "local", featured: true, note: "Local — key usually blank" },
   { id: "vllm", label: "vLLM (local)", adapter: "openai-chat", baseUrl: "http://localhost:8000/v1", authKind: "local", featured: true, note: "Local — key usually blank" },
   { id: "lm-studio", label: "LM Studio (local)", adapter: "openai-chat", baseUrl: "http://localhost:1234/v1", authKind: "local", featured: true, note: "Local — no key needed" },

package/src/responses/parser.ts

@@ -177,15 +177,15 @@ function outputToToolResultContent(output: string | unknown[] | undefined): stri
   return parts;
 }
 
-function findToolNameById(messages: OcxMessage[], callId: string): string {
+function findToolById(messages: OcxMessage[], callId: string): { name: string; namespace?: string } {
   for (let i = messages.length - 1; i >= 0; i--) {
     const m = messages[i];
     if (m.role !== "assistant") continue;
     for (const part of m.content) {
-      if (part.type === "toolCall" && part.id === callId) return part.name;
+      if (part.type === "toolCall" && part.id === callId) return { name: part.name, namespace: part.namespace };
     }
   }
-  return "";
+  return { name: "" };
 }
 
 const REASONING_EFFORTS = new Set(["none", "minimal", "low", "medium", "high", "xhigh", "max"]);
@@ -327,9 +327,10 @@ export function parseRequest(body: unknown): OcxParsedRequest {
 
       if (effectiveType === "function_call_output") {
         const output = item as { call_id: string; output?: string | unknown[] };
+        const toolInfo = findToolById(messages, output.call_id);
         messages.push({
           role: "toolResult", toolCallId: output.call_id,
-          toolName: findToolNameById(messages, output.call_id),
+          toolName: toolInfo.name, toolNamespace: toolInfo.namespace,
           content: outputToToolResultContent(output.output), isError: false, timestamp: now,
         });
         continue;
@@ -337,9 +338,10 @@ export function parseRequest(body: unknown): OcxParsedRequest {
 
       if (effectiveType === "custom_tool_call_output") {
         const output = item as { call_id: string; output: string };
+        const toolInfo = findToolById(messages, output.call_id);
         messages.push({
           role: "toolResult", toolCallId: output.call_id,
-          toolName: findToolNameById(messages, output.call_id),
+          toolName: toolInfo.name, toolNamespace: toolInfo.namespace,
           content: output.output ?? "", isError: false, timestamp: now,
         });
       }
@@ -373,7 +375,8 @@ export function parseRequest(body: unknown): OcxParsedRequest {
   if (data.reasoning?.effort && REASONING_EFFORTS.has(data.reasoning.effort)) {
     options.reasoning = data.reasoning.effort;
   }
-  if (data.reasoning?.summary === "none") options.hideThinkingSummary = true;
+  const summaryMode = data.reasoning?.summary;
+  if (!summaryMode || summaryMode === "none") options.hideThinkingSummary = true;
   if (data.presence_penalty !== undefined) options.presencePenalty = data.presence_penalty;
   if (data.frequency_penalty !== undefined) options.frequencyPenalty = data.frequency_penalty;
 

package/src/responses/schema.ts

@@ -50,6 +50,7 @@ const functionCallItemSchema = z.object({
   id: z.string().optional(),
   call_id: z.string().min(1),
   name: z.string().min(1),
+  namespace: z.string().optional(),
   arguments: z.string().optional(),
 });
 const functionCallOutputItemSchema = z.object({

package/src/server.ts

@@ -16,7 +16,7 @@ import {
   type WsData,
 } from "./ws-bridge";
 import type { ServerWebSocket } from "bun";
-import { DEFAULT_SUBAGENT_MODELS, loadConfig, saveConfig, websocketsEnabled } from "./config";
+import { DEFAULT_SUBAGENT_MODELS, codexAutoStartEnabled, loadConfig, saveConfig, websocketsEnabled } from "./config";
 import { parseRequest } from "./responses/parser";
 import { routeModel } from "./router";
 import { namespacedToolName } from "./types";
@@ -86,6 +86,18 @@ function serveGuiFile(pathname: string): Response | null {
   });
 }
 
+const ANTHROPIC_WIRE_MODELS: Record<string, Set<string>> = {
+  "opencode-go": new Set(["minimax-m2.5", "minimax-m2.7", "minimax-m3", "qwen3.5-plus", "qwen3.6-plus", "qwen3.7-max", "qwen3.7-plus"]),
+};
+
+function resolveWireProtocolOverride(providerName: string, modelId: string, providerConfig: OcxProviderConfig): OcxProviderConfig {
+  const overrideSet = ANTHROPIC_WIRE_MODELS[providerName];
+  if (overrideSet?.has(modelId) && providerConfig.adapter !== "anthropic") {
+    return { ...providerConfig, adapter: "anthropic" };
+  }
+  return providerConfig;
+}
+
 export function resolveAdapter(providerConfig: OcxProviderConfig) {
   switch (providerConfig.adapter) {
     case "openai-chat":
@@ -161,7 +173,8 @@ async function handleResponses(
     await describeImagesInPlace(parsed, visionPlan.forwardProvider, req.headers, visionPlan.settings, options.abortSignal);
   }
 
-  const adapter = resolveAdapter(route.provider);
+  const adapterProvider = resolveWireProtocolOverride(route.providerName, route.modelId, route.provider);
+  const adapter = resolveAdapter(adapterProvider);
 
   if ("passthrough" in adapter && adapter.passthrough) {
     const request = adapter.buildRequest(parsed, { headers: req.headers });
@@ -170,20 +183,29 @@ async function handleResponses(
     // whose cancel() aborts the upstream — preventing leaked connections (RC2, passthrough path).
     const upstream = new AbortController();
     linkAbortSignal(upstream, options.abortSignal);
+    const connectMs = config.connectTimeoutMs ?? 30_000;
     let upstreamResponse: Response;
     try {
-      upstreamResponse = await fetch(request.url, {
+      upstreamResponse = await fetchWithHeaderTimeout(request.url, {
         method: request.method,
         headers: request.headers,
         body: request.body,
-        signal: upstream.signal,
-      });
+      }, upstream.signal, connectMs);
     } catch (err) {
-      return formatErrorResponse(502, "upstream_error", `Provider unreachable: ${err instanceof Error ? err.message : String(err)}`);
+      upstream.abort();
+      const msg = err instanceof Error && err.name === "TimeoutError"
+        ? `Provider connect timeout after ${connectMs}ms`
+        : `Provider unreachable: ${err instanceof Error ? err.message : String(err)}`;
+      return formatErrorResponse(502, "upstream_error", msg);
     }
-    return new Response(relayWithAbort(upstreamResponse.body, upstream), {
+    const headers = sanitizePassthroughHeaders(upstreamResponse.headers);
+    const isEventStream = headers.get("content-type")?.toLowerCase().includes("text/event-stream") ?? false;
+    const body = isEventStream
+      ? relaySseWithHeartbeat(upstreamResponse.body, upstream)
+      : relayWithAbort(upstreamResponse.body, upstream);
+    return new Response(body, {
       status: upstreamResponse.status,
-      headers: sanitizePassthroughHeaders(upstreamResponse.headers),
+      headers,
     });
   }
 
@@ -200,26 +222,27 @@ async function handleResponses(
       incomingHeaders: req.headers,
       settings: wsPlan.settings,
       maxSearches: wsPlan.maxSearches,
+      forceEmptyResponseId: true,
       abortSignal: options.abortSignal,
     });
   }
 
-  const request = adapter.buildRequest(parsed, { headers: req.headers });
-
-  // Abort the upstream fetch if the client (Codex) disconnects mid-stream, so a cancelled turn does
-  // not leak the upstream connection or keep draining tokens. The bridge's cancel() fires upstream.abort() (RC2).
   const upstream = new AbortController();
   linkAbortSignal(upstream, options.abortSignal);
+  const connectMs = config.connectTimeoutMs ?? 30_000;
+
+  const request = adapter.buildRequest(parsed, { headers: req.headers });
   let upstreamResponse: Response;
   try {
-    upstreamResponse = await fetch(request.url, {
-      method: request.method,
-      headers: request.headers,
-      body: request.body,
-      signal: upstream.signal,
-    });
+    upstreamResponse = await fetchWithHeaderTimeout(request.url, {
+      method: request.method, headers: request.headers, body: request.body,
+    }, upstream.signal, connectMs);
   } catch (err) {
-    return formatErrorResponse(502, "upstream_error", `Provider unreachable: ${err instanceof Error ? err.message : String(err)}`);
+    upstream.abort();
+    const msg = err instanceof Error && err.name === "TimeoutError"
+      ? `Provider connect timeout after ${connectMs}ms`
+      : `Provider unreachable: ${err instanceof Error ? err.message : String(err)}`;
+    return formatErrorResponse(502, "upstream_error", msg);
   }
 
   if (!upstreamResponse.ok) {
@@ -229,8 +252,6 @@ async function handleResponses(
 
   if (parsed.stream) {
     const eventStream = adapter.parseStream(upstreamResponse);
-    // Map flattened MCP tool names back to {namespace, name} so the bridge can restore the
-    // namespace field Codex needs to route the call to the right MCP server.
     const toolNsMap = new Map<string, { namespace: string; name: string }>();
     const freeformToolNames = new Set<string>();
     const toolSearchToolNames = new Set<string>();
@@ -240,31 +261,36 @@ async function handleResponses(
       if (t.toolSearch) toolSearchToolNames.add(t.name);
     }
     const sseStream = bridgeToResponsesSSE(
-      eventStream,
-      parsed.modelId,
-      toolNsMap,
-      freeformToolNames,
-      toolSearchToolNames,
-      () => upstream.abort(),
-      2_000,
-      options.forceEmptyResponseId ? { responseId: "" } : undefined,
+      eventStream, parsed.modelId, toolNsMap, freeformToolNames, toolSearchToolNames,
+      () => upstream.abort(), 2_000,
+      {
+        ...(options.forceEmptyResponseId ? { responseId: "" } : {}),
+        stallTimeoutSec: config.stallTimeoutSec,
+        hideThinkingSummary: parsed.options.hideThinkingSummary,
+      },
     );
     return new Response(sseStream, {
-      headers: {
-        "Content-Type": "text/event-stream",
-        "Cache-Control": "no-cache",
-        "Connection": "keep-alive",
-        "X-Accel-Buffering": "no",
-      },
+      headers: { "Content-Type": "text/event-stream", "Cache-Control": "no-cache", "Connection": "keep-alive", "X-Accel-Buffering": "no" },
     });
   }
 
   if (adapter.parseResponse) {
     const events = await adapter.parseResponse(upstreamResponse);
-    const json = buildResponseJSON(events, parsed.modelId);
-    return new Response(JSON.stringify(json), {
-      headers: { "Content-Type": "application/json" },
+    const toolNsMap = new Map<string, { namespace: string; name: string }>();
+    const freeformToolNames = new Set<string>();
+    const toolSearchToolNames = new Set<string>();
+    for (const t of parsed.context.tools ?? []) {
+      if (t.namespace) toolNsMap.set(namespacedToolName(t.namespace, t.name), { namespace: t.namespace, name: t.name });
+      if (t.freeform) freeformToolNames.add(t.name);
+      if (t.toolSearch) toolSearchToolNames.add(t.name);
+    }
+    const json = buildResponseJSON(events, parsed.modelId, {
+      hideThinkingSummary: parsed.options.hideThinkingSummary,
+      toolNsMap,
+      freeformToolNames,
+      toolSearchToolNames,
     });
+    return new Response(JSON.stringify(json), { headers: { "Content-Type": "application/json" } });
   }
 
   return formatErrorResponse(500, "internal_error", "Non-streaming not supported by this adapter");
@@ -279,6 +305,26 @@ export function linkAbortSignal(upstream: AbortController, signal?: AbortSignal)
   signal.addEventListener("abort", () => upstream.abort(signal.reason), { once: true });
 }
 
+async function fetchWithHeaderTimeout(
+  url: string,
+  init: Omit<RequestInit, "signal">,
+  abortSignal: AbortSignal,
+  timeoutMs: number,
+): Promise<Response> {
+  const timeout = new AbortController();
+  const timer = setTimeout(() => {
+    if (!timeout.signal.aborted) timeout.abort(new DOMException("Timeout elapsed", "TimeoutError"));
+  }, timeoutMs);
+  try {
+    return await fetch(url, {
+      ...init,
+      signal: AbortSignal.any([abortSignal, timeout.signal]),
+    });
+  } finally {
+    clearTimeout(timer);
+  }
+}
+
 const requestLog: { timestamp: number; model: string; provider: string; status: number; durationMs: number }[] = [];
 const MAX_LOG_SIZE = 200;
 
@@ -320,6 +366,56 @@ export function relayWithAbort(
   });
 }
 
+export function relaySseWithHeartbeat(
+  body: ReadableStream<Uint8Array> | null,
+  upstream: AbortController,
+  heartbeatMs = 15_000,
+): ReadableStream<Uint8Array> | null {
+  if (!body) return null;
+  const reader = body.getReader();
+  const heartbeat = new TextEncoder().encode(": opencodex keepalive\n\n");
+  let timer: ReturnType<typeof setInterval> | undefined;
+  let closed = false;
+
+  const cleanup = () => {
+    closed = true;
+    if (timer) clearInterval(timer);
+    timer = undefined;
+  };
+
+  return new ReadableStream<Uint8Array>({
+    start(controller) {
+      timer = setInterval(() => {
+        if (closed) return;
+        try {
+          controller.enqueue(heartbeat);
+        } catch {
+          cleanup();
+        }
+      }, heartbeatMs);
+    },
+    async pull(controller) {
+      try {
+        const { done, value } = await reader.read();
+        if (done) {
+          cleanup();
+          controller.close();
+          return;
+        }
+        controller.enqueue(value);
+      } catch (err) {
+        cleanup();
+        try { controller.error(err); } catch { /* already torn down */ }
+      }
+    },
+    cancel(reason) {
+      cleanup();
+      upstream.abort(reason);
+      reader.cancel(reason).catch(() => {});
+    },
+  });
+}
+
 /**
  * Bun's fetch auto-decompresses the response body but leaves the upstream `content-encoding`
  * (and a now-stale `content-length`) on `response.headers`. Relaying those with the already-decoded
@@ -346,9 +442,11 @@ export function sanitizePassthroughHeaders(upstream: Headers): Headers {
   return out;
 }
 
+let _corsOrigin = "http://localhost:10100";
+function setCorsOrigin(port: number): void { _corsOrigin = `http://localhost:${port}`; }
 function corsHeaders(): Record<string, string> {
   return {
-    "Access-Control-Allow-Origin": "*",
+    "Access-Control-Allow-Origin": _corsOrigin,
     "Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, OPTIONS",
     "Access-Control-Allow-Headers": "Content-Type, Authorization",
   };
@@ -361,7 +459,18 @@ function jsonResponse(data: unknown, status = 200): Response {
   });
 }
 
+function isLocalOrigin(req: Request): boolean {
+  const origin = req.headers.get("Origin");
+  if (!origin) return true;
+  const localhostOrigin = _corsOrigin;
+  const loopbackOrigin = _corsOrigin.replace("localhost", "127.0.0.1");
+  return origin === localhostOrigin || origin === loopbackOrigin;
+}
+
 async function handleManagementAPI(req: Request, url: URL, config: OcxConfig): Promise<Response | null> {
+  if ((req.method === "POST" || req.method === "PUT" || req.method === "DELETE") && !isLocalOrigin(req)) {
+    return jsonResponse({ error: "cross-origin request blocked" }, 403);
+  }
   async function refreshCodexCatalogBestEffort(): Promise<void> {
     try {
       const { refreshCodexModelCatalog } = await import("./codex-refresh");
@@ -373,6 +482,7 @@ async function handleManagementAPI(req: Request, url: URL, config: OcxConfig): P
 
   if (url.pathname === "/api/config" && req.method === "GET") {
     const safeConfig = JSON.parse(JSON.stringify(config));
+    safeConfig.codexAutoStart = codexAutoStartEnabled(config);
     for (const prov of Object.values(safeConfig.providers as Record<string, OcxProviderConfig>)) {
       if (prov.apiKey) prov.apiKey = prov.apiKey.slice(0, 8) + "...";
     }
@@ -380,10 +490,57 @@ async function handleManagementAPI(req: Request, url: URL, config: OcxConfig): P
   }
 
   if (url.pathname === "/api/config" && req.method === "PUT") {
-    const body = await req.json() as OcxConfig;
-    const { saveConfig: save } = await import("./config");
-    save(body);
-    return jsonResponse({ success: true });
+    return jsonResponse({ error: "Full config PUT is disabled. Use /api/providers POST for provider changes." }, 405);
+  }
+
+  if (url.pathname === "/api/settings" && req.method === "GET") {
+    return jsonResponse({
+      codexAutoStart: codexAutoStartEnabled(config),
+      port: config.port,
+      hostname: config.hostname ?? "127.0.0.1",
+    });
+  }
+
+  if (url.pathname === "/api/settings" && req.method === "PUT") {
+    let body: { codexAutoStart?: unknown };
+    try { body = await req.json(); } catch { return jsonResponse({ error: "invalid JSON body" }, 400); }
+    if (typeof body.codexAutoStart !== "boolean") {
+      return jsonResponse({ error: "codexAutoStart boolean is required" }, 400);
+    }
+    config.codexAutoStart = body.codexAutoStart;
+    saveConfig(config);
+    return jsonResponse({ ok: true, codexAutoStart: codexAutoStartEnabled(config) });
+  }
+
+  if (url.pathname === "/api/sidecar-settings" && req.method === "GET") {
+    const ws = config.webSearchSidecar ?? {};
+    const vs = config.visionSidecar ?? {};
+    return jsonResponse({
+      webSearch: { model: ws.model ?? "gpt-5.4-mini", reasoning: ws.reasoning ?? "low" },
+      vision: { model: vs.model ?? "gpt-5.4-mini" },
+    });
+  }
+
+  if (url.pathname === "/api/sidecar-settings" && req.method === "PUT") {
+    let body: { webSearch?: { model?: string; reasoning?: string }; vision?: { model?: string } };
+    try { body = await req.json(); } catch { return jsonResponse({ error: "invalid JSON body" }, 400); }
+    if (body.webSearch) {
+      config.webSearchSidecar = { ...config.webSearchSidecar };
+      if (typeof body.webSearch.model === "string") config.webSearchSidecar.model = body.webSearch.model;
+      if (typeof body.webSearch.reasoning === "string") config.webSearchSidecar.reasoning = body.webSearch.reasoning;
+    }
+    if (body.vision) {
+      config.visionSidecar = { ...config.visionSidecar };
+      if (typeof body.vision.model === "string") config.visionSidecar.model = body.vision.model;
+    }
+    saveConfig(config);
+    const ws = config.webSearchSidecar ?? {};
+    const vs = config.visionSidecar ?? {};
+    return jsonResponse({
+      ok: true,
+      webSearch: { model: ws.model ?? "gpt-5.4-mini", reasoning: ws.reasoning ?? "low" },
+      vision: { model: vs.model ?? "gpt-5.4-mini" },
+    });
   }
 
   if (url.pathname === "/api/logs" && req.method === "GET") {
@@ -563,9 +720,11 @@ export function startServer(port?: number) {
     saveConfig(config);
   }
   const listenPort = port ?? config.port ?? 10100;
+  setCorsOrigin(listenPort);
 
   const server = Bun.serve<WsData>({
     port: listenPort,
+    hostname: config.hostname ?? "127.0.0.1",
     idleTimeout: 255,
     async fetch(req) {
       const url = new URL(req.url);
@@ -577,6 +736,9 @@ export function startServer(port?: number) {
       // Responses WebSocket (phase 120.2). Codex upgrades the same /v1/responses path; auth is
       // handshake-time only, so capture inbound headers and thread them into the pipeline.
       if (url.pathname === "/v1/responses" && req.headers.get("upgrade")?.toLowerCase() === "websocket") {
+        if (!isLocalOrigin(req)) {
+          return formatErrorResponse(403, "origin_rejected", "WebSocket upgrade blocked: non-local Origin");
+        }
         if (server.upgrade(req, { data: { headers: selectForwardHeaders(req.headers) } })) return undefined as unknown as Response;
         return formatErrorResponse(426, "upgrade_required", "WebSocket upgrade failed");
       }
@@ -612,6 +774,9 @@ export function startServer(port?: number) {
       }
 
       if (url.pathname === "/v1/responses" && req.method === "POST") {
+        if (!isLocalOrigin(req)) {
+          return formatErrorResponse(403, "origin_rejected", "cross-origin data-plane request blocked");
+        }
         const start = Date.now();
         const logCtx = { model: "unknown", provider: "unknown" };
         const response = await handleResponses(req, config, logCtx);

package/src/service.ts

@@ -85,6 +85,12 @@ function systemdEnvironmentAssignment(name: string, value: string | undefined):
   return `Environment=${systemdQuote(`${name}=${value}`)}`;
 }
 
+function systemdOutputTarget(value: string): string {
+  // StandardOutput/StandardError use output specifiers such as append:/path.
+  // Quoting the full specifier makes systemd reject it as an invalid output target.
+  return value.replace(/%/g, "%%").replace(/\n/g, "\\n");
+}
+
 function sh(cmd: string): string {
   return execSync(cmd, { encoding: "utf8", stdio: ["pipe", "pipe", "pipe"] }).trim();
 }
@@ -183,8 +189,8 @@ ExecStart=${systemdQuote(bun)} ${systemdQuote(cli)} start
 Restart=on-failure
 RestartSec=5
 ${envLines}
-StandardOutput=${systemdQuote(`append:${log}`)}
-StandardError=${systemdQuote(`append:${log}`)}
+StandardOutput=${systemdOutputTarget(`append:${log}`)}
+StandardError=${systemdOutputTarget(`append:${log}`)}
 
 [Install]
 WantedBy=default.target
@@ -256,6 +262,27 @@ export function stopServiceIfInstalled(): boolean {
   return false;
 }
 
+/**
+ * Best-effort service removal for full uninstall. Unlike `ocx service uninstall`, this is quiet
+ * when no service exists and never exits the process just because the platform has no service
+ * manager.
+ */
+export function uninstallServiceIfInstalled(): boolean {
+  if (process.platform === "darwin") {
+    if (existsSync(plistPath())) {
+      try { uninstallLaunchd(); return true; } catch { return false; }
+    }
+  } else if (process.platform === "win32") {
+    try {
+      const q = sh(`schtasks /query /tn ${TASK} 2>nul`);
+      if (q.includes(TASK)) { uninstallWindows(); return true; }
+    } catch { /* task not found */ }
+  } else if (process.platform === "linux" && isSystemd() && existsSync(unitPath())) {
+    try { uninstallSystemd(); return true; } catch { return false; }
+  }
+  return false;
+}
+
 export function serviceCommand(sub?: string): void {
   const ops = platformOps();
   if (!ops) {

package/src/types.ts

@@ -54,6 +54,8 @@ export interface OcxToolResultMessage {
   role: "toolResult";
   toolCallId: string;
   toolName: string;
+  /** MCP namespace from the originating tool call, if any. */
+  toolNamespace?: string;
   /** Text, or content parts when a tool (e.g. Codex view_image) returns an image in its output. */
   content: string | OcxContentPart[];
   isError: boolean;
@@ -175,8 +177,16 @@ export interface OcxConfig {
   subagentModels?: string[];
   /** Routed model ids ("<provider>/<model>") hidden from Codex (excluded from the catalog + /v1/models). */
   disabledModels?: string[];
+  /** Bind hostname. Default "127.0.0.1" (loopback only). Set "0.0.0.0" to expose on all interfaces. */
+  hostname?: string;
+  /** Upstream stall timeout (seconds). After this many seconds of no upstream data, emits response.incomplete. Default 90. Min 1. */
+  stallTimeoutSec?: number;
+  /** Connect timeout (ms) for upstream fetch — covers DNS, TCP, TLS, and response header. Default 30000. */
+  connectTimeoutMs?: number;
   /** Advertise supports_websockets so Codex opens the WS endpoint. Default false; set true to opt in. */
   websockets?: boolean;
+  /** Auto-start/sync the proxy from the Codex shim before launching Codex. Default true. */
+  codexAutoStart?: boolean;
   /** Freshness window (ms) for the per-provider live `/models` cache. Defaults to 5 min. */
   modelCacheTtlMs?: number;
   /** Web-search sidecar: route web_search for non-OpenAI models through a gpt-mini via ChatGPT passthrough. */

package/src/update.ts

@@ -32,7 +32,7 @@ function latestVersion(): string | null {
  * `ocx update` — self-update opencodex to the latest published version, using the same package
  * manager it was installed with (bun or npm global). A source checkout is told to `git pull` instead.
  */
-export function runUpdate(): void {
+export async function runUpdate(): Promise<void> {
   const installer = detectInstall();
   const current = currentVersion();
   console.log(`opencodex v${current} (installed via ${installer})`);
@@ -56,7 +56,17 @@ export function runUpdate(): void {
 
   const r = spawnSync(bin, cmdArgs, { stdio: "inherit", timeout: 180000, windowsHide: true });
   if (r.status === 0) {
-    console.log(`\n✅ Updated${latest ? ` to v${latest}` : ""}. Restart the proxy:  ocx stop && ocx start`);
+    console.log(`\n✅ Updated${latest ? ` to v${latest}` : ""}.`);
+    if (process.platform === "win32") {
+      try {
+        const { installCodexShim } = await import("./codex-shim");
+        const result = installCodexShim();
+        if (result.installed) console.log(`🔧 ${result.message}`);
+      } catch (e) {
+        console.warn(`⚠️  Shim repair skipped: ${e instanceof Error ? e.message : e}`);
+      }
+    }
+    console.log("Restart the proxy:  ocx stop && ocx start");
   } else {
     console.error(`\n⚠️  Update failed (${bin} exit ${r.status ?? "?"}). Try manually:  ${bin} ${cmdArgs.join(" ")}`);
     process.exit(1);

package/src/web-search/loop.ts

@@ -95,6 +95,7 @@ export interface WebSearchLoopDeps {
   incomingHeaders: Headers;
   settings: SidecarSettings;
   maxSearches: number;
+  forceEmptyResponseId?: boolean;
   abortSignal?: AbortSignal;
 }
 
@@ -189,6 +190,13 @@ export async function runWithWebSearch(deps: WebSearchLoopDeps): Promise<Respons
     if (t.freeform) freeform.add(t.name);
     if (t.toolSearch) toolSearch.add(t.name);
   }
-  const sse = bridgeToResponsesSSE(replay(finalEvents), parsed.modelId, toolNsMap, freeform, toolSearch);
+  const sse = bridgeToResponsesSSE(
+    replay(finalEvents), parsed.modelId, toolNsMap, freeform, toolSearch,
+    undefined, undefined,
+    {
+      ...(deps.forceEmptyResponseId ? { responseId: "" } : {}),
+      hideThinkingSummary: parsed.options.hideThinkingSummary,
+    },
+  );
   return new Response(sse, { headers: SSE_HEADERS });
 }

package/src/ws-bridge.ts

@@ -223,7 +223,7 @@ export function sendResponsesJsonAsEvents(
     ? response.status
     : "completed";
   sendJsonFrame(ws, {
-    type: finalStatus === "failed" ? "response.failed" : "response.completed",
+    type: `response.${finalStatus}` as "response.completed" | "response.failed" | "response.incomplete",
     response: { ...response, status: finalStatus },
   });
 }