@bitkyc08/opencodex 2.1.1 → 2.1.5

package/src/server.ts

@@ -16,7 +16,7 @@ import {
   type WsData,
 } from "./ws-bridge";
 import type { ServerWebSocket } from "bun";
-import { DEFAULT_SUBAGENT_MODELS, loadConfig, saveConfig, websocketsEnabled } from "./config";
+import { DEFAULT_SUBAGENT_MODELS, codexAutoStartEnabled, loadConfig, saveConfig, websocketsEnabled } from "./config";
 import { parseRequest } from "./responses/parser";
 import { routeModel } from "./router";
 import { namespacedToolName } from "./types";
@@ -183,20 +183,29 @@ async function handleResponses(
     // whose cancel() aborts the upstream — preventing leaked connections (RC2, passthrough path).
     const upstream = new AbortController();
     linkAbortSignal(upstream, options.abortSignal);
+    const connectMs = config.connectTimeoutMs ?? 30_000;
     let upstreamResponse: Response;
     try {
-      upstreamResponse = await fetch(request.url, {
+      upstreamResponse = await fetchWithHeaderTimeout(request.url, {
         method: request.method,
         headers: request.headers,
         body: request.body,
-        signal: upstream.signal,
-      });
+      }, upstream.signal, connectMs);
     } catch (err) {
-      return formatErrorResponse(502, "upstream_error", `Provider unreachable: ${err instanceof Error ? err.message : String(err)}`);
+      upstream.abort();
+      const msg = err instanceof Error && err.name === "TimeoutError"
+        ? `Provider connect timeout after ${connectMs}ms`
+        : `Provider unreachable: ${err instanceof Error ? err.message : String(err)}`;
+      return formatErrorResponse(502, "upstream_error", msg);
     }
-    return new Response(relayWithAbort(upstreamResponse.body, upstream), {
+    const headers = sanitizePassthroughHeaders(upstreamResponse.headers);
+    const isEventStream = headers.get("content-type")?.toLowerCase().includes("text/event-stream") ?? false;
+    const body = isEventStream
+      ? relaySseWithHeartbeat(upstreamResponse.body, upstream)
+      : relayWithAbort(upstreamResponse.body, upstream);
+    return new Response(body, {
       status: upstreamResponse.status,
-      headers: sanitizePassthroughHeaders(upstreamResponse.headers),
+      headers,
     });
   }
 
@@ -220,15 +229,20 @@ async function handleResponses(
 
   const upstream = new AbortController();
   linkAbortSignal(upstream, options.abortSignal);
+  const connectMs = config.connectTimeoutMs ?? 30_000;
 
   const request = adapter.buildRequest(parsed, { headers: req.headers });
   let upstreamResponse: Response;
   try {
-    upstreamResponse = await fetch(request.url, {
-      method: request.method, headers: request.headers, body: request.body, signal: upstream.signal,
-    });
+    upstreamResponse = await fetchWithHeaderTimeout(request.url, {
+      method: request.method, headers: request.headers, body: request.body,
+    }, upstream.signal, connectMs);
   } catch (err) {
-    return formatErrorResponse(502, "upstream_error", `Provider unreachable: ${err instanceof Error ? err.message : String(err)}`);
+    upstream.abort();
+    const msg = err instanceof Error && err.name === "TimeoutError"
+      ? `Provider connect timeout after ${connectMs}ms`
+      : `Provider unreachable: ${err instanceof Error ? err.message : String(err)}`;
+    return formatErrorResponse(502, "upstream_error", msg);
   }
 
   if (!upstreamResponse.ok) {
@@ -249,7 +263,11 @@ async function handleResponses(
     const sseStream = bridgeToResponsesSSE(
       eventStream, parsed.modelId, toolNsMap, freeformToolNames, toolSearchToolNames,
       () => upstream.abort(), 2_000,
-      options.forceEmptyResponseId ? { responseId: "" } : undefined,
+      {
+        ...(options.forceEmptyResponseId ? { responseId: "" } : {}),
+        stallTimeoutSec: config.stallTimeoutSec,
+        hideThinkingSummary: parsed.options.hideThinkingSummary,
+      },
     );
     return new Response(sseStream, {
       headers: { "Content-Type": "text/event-stream", "Cache-Control": "no-cache", "Connection": "keep-alive", "X-Accel-Buffering": "no" },
@@ -258,7 +276,20 @@ async function handleResponses(
 
   if (adapter.parseResponse) {
     const events = await adapter.parseResponse(upstreamResponse);
-    const json = buildResponseJSON(events, parsed.modelId);
+    const toolNsMap = new Map<string, { namespace: string; name: string }>();
+    const freeformToolNames = new Set<string>();
+    const toolSearchToolNames = new Set<string>();
+    for (const t of parsed.context.tools ?? []) {
+      if (t.namespace) toolNsMap.set(namespacedToolName(t.namespace, t.name), { namespace: t.namespace, name: t.name });
+      if (t.freeform) freeformToolNames.add(t.name);
+      if (t.toolSearch) toolSearchToolNames.add(t.name);
+    }
+    const json = buildResponseJSON(events, parsed.modelId, {
+      hideThinkingSummary: parsed.options.hideThinkingSummary,
+      toolNsMap,
+      freeformToolNames,
+      toolSearchToolNames,
+    });
     return new Response(JSON.stringify(json), { headers: { "Content-Type": "application/json" } });
   }
 
@@ -274,6 +305,26 @@ export function linkAbortSignal(upstream: AbortController, signal?: AbortSignal)
   signal.addEventListener("abort", () => upstream.abort(signal.reason), { once: true });
 }
 
+async function fetchWithHeaderTimeout(
+  url: string,
+  init: Omit<RequestInit, "signal">,
+  abortSignal: AbortSignal,
+  timeoutMs: number,
+): Promise<Response> {
+  const timeout = new AbortController();
+  const timer = setTimeout(() => {
+    if (!timeout.signal.aborted) timeout.abort(new DOMException("Timeout elapsed", "TimeoutError"));
+  }, timeoutMs);
+  try {
+    return await fetch(url, {
+      ...init,
+      signal: AbortSignal.any([abortSignal, timeout.signal]),
+    });
+  } finally {
+    clearTimeout(timer);
+  }
+}
+
 const requestLog: { timestamp: number; model: string; provider: string; status: number; durationMs: number }[] = [];
 const MAX_LOG_SIZE = 200;
 
@@ -315,6 +366,56 @@ export function relayWithAbort(
   });
 }
 
+export function relaySseWithHeartbeat(
+  body: ReadableStream<Uint8Array> | null,
+  upstream: AbortController,
+  heartbeatMs = 15_000,
+): ReadableStream<Uint8Array> | null {
+  if (!body) return null;
+  const reader = body.getReader();
+  const heartbeat = new TextEncoder().encode(": opencodex keepalive\n\n");
+  let timer: ReturnType<typeof setInterval> | undefined;
+  let closed = false;
+
+  const cleanup = () => {
+    closed = true;
+    if (timer) clearInterval(timer);
+    timer = undefined;
+  };
+
+  return new ReadableStream<Uint8Array>({
+    start(controller) {
+      timer = setInterval(() => {
+        if (closed) return;
+        try {
+          controller.enqueue(heartbeat);
+        } catch {
+          cleanup();
+        }
+      }, heartbeatMs);
+    },
+    async pull(controller) {
+      try {
+        const { done, value } = await reader.read();
+        if (done) {
+          cleanup();
+          controller.close();
+          return;
+        }
+        controller.enqueue(value);
+      } catch (err) {
+        cleanup();
+        try { controller.error(err); } catch { /* already torn down */ }
+      }
+    },
+    cancel(reason) {
+      cleanup();
+      upstream.abort(reason);
+      reader.cancel(reason).catch(() => {});
+    },
+  });
+}
+
 /**
  * Bun's fetch auto-decompresses the response body but leaves the upstream `content-encoding`
  * (and a now-stale `content-length`) on `response.headers`. Relaying those with the already-decoded
@@ -358,7 +459,18 @@ function jsonResponse(data: unknown, status = 200): Response {
   });
 }
 
+function isLocalOrigin(req: Request): boolean {
+  const origin = req.headers.get("Origin");
+  if (!origin) return true;
+  const localhostOrigin = _corsOrigin;
+  const loopbackOrigin = _corsOrigin.replace("localhost", "127.0.0.1");
+  return origin === localhostOrigin || origin === loopbackOrigin;
+}
+
 async function handleManagementAPI(req: Request, url: URL, config: OcxConfig): Promise<Response | null> {
+  if ((req.method === "POST" || req.method === "PUT" || req.method === "DELETE") && !isLocalOrigin(req)) {
+    return jsonResponse({ error: "cross-origin request blocked" }, 403);
+  }
   async function refreshCodexCatalogBestEffort(): Promise<void> {
     try {
       const { refreshCodexModelCatalog } = await import("./codex-refresh");
@@ -370,6 +482,7 @@ async function handleManagementAPI(req: Request, url: URL, config: OcxConfig): P
 
   if (url.pathname === "/api/config" && req.method === "GET") {
     const safeConfig = JSON.parse(JSON.stringify(config));
+    safeConfig.codexAutoStart = codexAutoStartEnabled(config);
     for (const prov of Object.values(safeConfig.providers as Record<string, OcxProviderConfig>)) {
       if (prov.apiKey) prov.apiKey = prov.apiKey.slice(0, 8) + "...";
     }
@@ -380,6 +493,56 @@ async function handleManagementAPI(req: Request, url: URL, config: OcxConfig): P
     return jsonResponse({ error: "Full config PUT is disabled. Use /api/providers POST for provider changes." }, 405);
   }
 
+  if (url.pathname === "/api/settings" && req.method === "GET") {
+    return jsonResponse({
+      codexAutoStart: codexAutoStartEnabled(config),
+      port: config.port,
+      hostname: config.hostname ?? "127.0.0.1",
+    });
+  }
+
+  if (url.pathname === "/api/settings" && req.method === "PUT") {
+    let body: { codexAutoStart?: unknown };
+    try { body = await req.json(); } catch { return jsonResponse({ error: "invalid JSON body" }, 400); }
+    if (typeof body.codexAutoStart !== "boolean") {
+      return jsonResponse({ error: "codexAutoStart boolean is required" }, 400);
+    }
+    config.codexAutoStart = body.codexAutoStart;
+    saveConfig(config);
+    return jsonResponse({ ok: true, codexAutoStart: codexAutoStartEnabled(config) });
+  }
+
+  if (url.pathname === "/api/sidecar-settings" && req.method === "GET") {
+    const ws = config.webSearchSidecar ?? {};
+    const vs = config.visionSidecar ?? {};
+    return jsonResponse({
+      webSearch: { model: ws.model ?? "gpt-5.4-mini", reasoning: ws.reasoning ?? "low" },
+      vision: { model: vs.model ?? "gpt-5.4-mini" },
+    });
+  }
+
+  if (url.pathname === "/api/sidecar-settings" && req.method === "PUT") {
+    let body: { webSearch?: { model?: string; reasoning?: string }; vision?: { model?: string } };
+    try { body = await req.json(); } catch { return jsonResponse({ error: "invalid JSON body" }, 400); }
+    if (body.webSearch) {
+      config.webSearchSidecar = { ...config.webSearchSidecar };
+      if (typeof body.webSearch.model === "string") config.webSearchSidecar.model = body.webSearch.model;
+      if (typeof body.webSearch.reasoning === "string") config.webSearchSidecar.reasoning = body.webSearch.reasoning;
+    }
+    if (body.vision) {
+      config.visionSidecar = { ...config.visionSidecar };
+      if (typeof body.vision.model === "string") config.visionSidecar.model = body.vision.model;
+    }
+    saveConfig(config);
+    const ws = config.webSearchSidecar ?? {};
+    const vs = config.visionSidecar ?? {};
+    return jsonResponse({
+      ok: true,
+      webSearch: { model: ws.model ?? "gpt-5.4-mini", reasoning: ws.reasoning ?? "low" },
+      vision: { model: vs.model ?? "gpt-5.4-mini" },
+    });
+  }
+
   if (url.pathname === "/api/logs" && req.method === "GET") {
     return jsonResponse(requestLog);
   }
@@ -573,6 +736,9 @@ export function startServer(port?: number) {
       // Responses WebSocket (phase 120.2). Codex upgrades the same /v1/responses path; auth is
       // handshake-time only, so capture inbound headers and thread them into the pipeline.
       if (url.pathname === "/v1/responses" && req.headers.get("upgrade")?.toLowerCase() === "websocket") {
+        if (!isLocalOrigin(req)) {
+          return formatErrorResponse(403, "origin_rejected", "WebSocket upgrade blocked: non-local Origin");
+        }
         if (server.upgrade(req, { data: { headers: selectForwardHeaders(req.headers) } })) return undefined as unknown as Response;
         return formatErrorResponse(426, "upgrade_required", "WebSocket upgrade failed");
       }
@@ -608,6 +774,9 @@ export function startServer(port?: number) {
       }
 
       if (url.pathname === "/v1/responses" && req.method === "POST") {
+        if (!isLocalOrigin(req)) {
+          return formatErrorResponse(403, "origin_rejected", "cross-origin data-plane request blocked");
+        }
         const start = Date.now();
         const logCtx = { model: "unknown", provider: "unknown" };
         const response = await handleResponses(req, config, logCtx);

package/src/service.ts

@@ -85,6 +85,12 @@ function systemdEnvironmentAssignment(name: string, value: string | undefined):
   return `Environment=${systemdQuote(`${name}=${value}`)}`;
 }
 
+function systemdOutputTarget(value: string): string {
+  // StandardOutput/StandardError use output specifiers such as append:/path.
+  // Quoting the full specifier makes systemd reject it as an invalid output target.
+  return value.replace(/%/g, "%%").replace(/\n/g, "\\n");
+}
+
 function sh(cmd: string): string {
   return execSync(cmd, { encoding: "utf8", stdio: ["pipe", "pipe", "pipe"] }).trim();
 }
@@ -183,8 +189,8 @@ ExecStart=${systemdQuote(bun)} ${systemdQuote(cli)} start
 Restart=on-failure
 RestartSec=5
 ${envLines}
-StandardOutput=${systemdQuote(`append:${log}`)}
-StandardError=${systemdQuote(`append:${log}`)}
+StandardOutput=${systemdOutputTarget(`append:${log}`)}
+StandardError=${systemdOutputTarget(`append:${log}`)}
 
 [Install]
 WantedBy=default.target
@@ -256,6 +262,27 @@ export function stopServiceIfInstalled(): boolean {
   return false;
 }
 
+/**
+ * Best-effort service removal for full uninstall. Unlike `ocx service uninstall`, this is quiet
+ * when no service exists and never exits the process just because the platform has no service
+ * manager.
+ */
+export function uninstallServiceIfInstalled(): boolean {
+  if (process.platform === "darwin") {
+    if (existsSync(plistPath())) {
+      try { uninstallLaunchd(); return true; } catch { return false; }
+    }
+  } else if (process.platform === "win32") {
+    try {
+      const q = sh(`schtasks /query /tn ${TASK} 2>nul`);
+      if (q.includes(TASK)) { uninstallWindows(); return true; }
+    } catch { /* task not found */ }
+  } else if (process.platform === "linux" && isSystemd() && existsSync(unitPath())) {
+    try { uninstallSystemd(); return true; } catch { return false; }
+  }
+  return false;
+}
+
 export function serviceCommand(sub?: string): void {
   const ops = platformOps();
   if (!ops) {

package/src/types.ts

@@ -54,6 +54,8 @@ export interface OcxToolResultMessage {
   role: "toolResult";
   toolCallId: string;
   toolName: string;
+  /** MCP namespace from the originating tool call, if any. */
+  toolNamespace?: string;
   /** Text, or content parts when a tool (e.g. Codex view_image) returns an image in its output. */
   content: string | OcxContentPart[];
   isError: boolean;
@@ -177,8 +179,14 @@ export interface OcxConfig {
   disabledModels?: string[];
   /** Bind hostname. Default "127.0.0.1" (loopback only). Set "0.0.0.0" to expose on all interfaces. */
   hostname?: string;
+  /** Upstream stall timeout (seconds). After this many seconds of no upstream data, emits response.incomplete. Default 90. Min 1. */
+  stallTimeoutSec?: number;
+  /** Connect timeout (ms) for upstream fetch — covers DNS, TCP, TLS, and response header. Default 30000. */
+  connectTimeoutMs?: number;
   /** Advertise supports_websockets so Codex opens the WS endpoint. Default false; set true to opt in. */
   websockets?: boolean;
+  /** Auto-start/sync the proxy from the Codex shim before launching Codex. Default true. */
+  codexAutoStart?: boolean;
   /** Freshness window (ms) for the per-provider live `/models` cache. Defaults to 5 min. */
   modelCacheTtlMs?: number;
   /** Web-search sidecar: route web_search for non-OpenAI models through a gpt-mini via ChatGPT passthrough. */

package/src/update.ts

@@ -32,7 +32,7 @@ function latestVersion(): string | null {
  * `ocx update` — self-update opencodex to the latest published version, using the same package
  * manager it was installed with (bun or npm global). A source checkout is told to `git pull` instead.
  */
-export function runUpdate(): void {
+export async function runUpdate(): Promise<void> {
   const installer = detectInstall();
   const current = currentVersion();
   console.log(`opencodex v${current} (installed via ${installer})`);
@@ -56,7 +56,17 @@ export function runUpdate(): void {
 
   const r = spawnSync(bin, cmdArgs, { stdio: "inherit", timeout: 180000, windowsHide: true });
   if (r.status === 0) {
-    console.log(`\n✅ Updated${latest ? ` to v${latest}` : ""}. Restart the proxy:  ocx stop && ocx start`);
+    console.log(`\n✅ Updated${latest ? ` to v${latest}` : ""}.`);
+    if (process.platform === "win32") {
+      try {
+        const { installCodexShim } = await import("./codex-shim");
+        const result = installCodexShim();
+        if (result.installed) console.log(`🔧 ${result.message}`);
+      } catch (e) {
+        console.warn(`⚠️  Shim repair skipped: ${e instanceof Error ? e.message : e}`);
+      }
+    }
+    console.log("Restart the proxy:  ocx stop && ocx start");
   } else {
     console.error(`\n⚠️  Update failed (${bin} exit ${r.status ?? "?"}). Try manually:  ${bin} ${cmdArgs.join(" ")}`);
     process.exit(1);

package/src/web-search/loop.ts

@@ -193,7 +193,10 @@ export async function runWithWebSearch(deps: WebSearchLoopDeps): Promise<Respons
   const sse = bridgeToResponsesSSE(
     replay(finalEvents), parsed.modelId, toolNsMap, freeform, toolSearch,
     undefined, undefined,
-    deps.forceEmptyResponseId ? { responseId: "" } : undefined,
+    {
+      ...(deps.forceEmptyResponseId ? { responseId: "" } : {}),
+      hideThinkingSummary: parsed.options.hideThinkingSummary,
+    },
   );
   return new Response(sse, { headers: SSE_HEADERS });
 }

package/src/ws-bridge.ts

@@ -223,7 +223,7 @@ export function sendResponsesJsonAsEvents(
     ? response.status
     : "completed";
   sendJsonFrame(ws, {
-    type: finalStatus === "failed" ? "response.failed" : "response.completed",
+    type: `response.${finalStatus}` as "response.completed" | "response.failed" | "response.incomplete",
     response: { ...response, status: finalStatus },
   });
 }