@dexto/agent-management 1.8.1 → 1.8.2

package/dist/auth/chatgpt-oauth.cjs

@@ -0,0 +1,332 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var chatgpt_oauth_exports = {};
+__export(chatgpt_oauth_exports, {
+  CHATGPT_OAUTH_REDIRECT_URI: () => CHATGPT_OAUTH_REDIRECT_URI,
+  createChatGPTRuntimeAuth: () => createChatGPTRuntimeAuth,
+  refreshChatGPTOAuthCredential: () => refreshChatGPTOAuthCredential,
+  startChatGPTBrowserLogin: () => startChatGPTBrowserLogin
+});
+module.exports = __toCommonJS(chatgpt_oauth_exports);
+var import_node_crypto = require("node:crypto");
+var import_node_http = require("node:http");
+const CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
+const ISSUER = "https://auth.openai.com";
+const CALLBACK_HOST = "127.0.0.1";
+const REDIRECT_HOST = "localhost";
+const CALLBACK_PORT = 1455;
+const CALLBACK_PATH = "/auth/callback";
+const CODEX_API_BASE_URL = "https://chatgpt.com/backend-api/codex";
+const DUMMY_API_KEY = "dexto-chatgpt-oauth";
+const DEFAULT_CODEX_INSTRUCTIONS = "You are a helpful assistant.";
+const CHATGPT_OAUTH_REDIRECT_URI = `http://${REDIRECT_HOST}:${CALLBACK_PORT}${CALLBACK_PATH}`;
+function base64Url(input) {
+  return input.toString("base64url");
+}
+function generatePkce() {
+  const verifier = base64Url((0, import_node_crypto.randomBytes)(48));
+  const challenge = base64Url((0, import_node_crypto.createHash)("sha256").update(verifier).digest());
+  return { verifier, challenge };
+}
+function buildAuthorizeUrl(redirectUri, challenge, state) {
+  const params = new URLSearchParams({
+    response_type: "code",
+    client_id: CLIENT_ID,
+    redirect_uri: redirectUri,
+    scope: "openid profile email offline_access",
+    code_challenge: challenge,
+    code_challenge_method: "S256",
+    id_token_add_organizations: "true",
+    codex_cli_simplified_flow: "true",
+    state,
+    originator: "dexto"
+  });
+  return `${ISSUER}/oauth/authorize?${params.toString()}`;
+}
+function parseJwtClaims(token) {
+  if (!token) {
+    return null;
+  }
+  const parts = token.split(".");
+  if (parts.length !== 3 || !parts[1]) {
+    return null;
+  }
+  try {
+    return JSON.parse(
+      Buffer.from(parts[1], "base64url").toString("utf-8")
+    );
+  } catch {
+    return null;
+  }
+}
+function extractAccountId(tokens) {
+  const claims = parseJwtClaims(tokens.id_token) ?? parseJwtClaims(tokens.access_token);
+  return claims?.chatgpt_account_id ?? claims?.["https://api.openai.com/auth"]?.chatgpt_account_id ?? claims?.organizations?.find((org) => typeof org.id === "string")?.id;
+}
+function credentialFromTokens(tokens, previous) {
+  const refreshToken = tokens.refresh_token ?? previous?.refreshToken;
+  if (!refreshToken) {
+    throw new Error("ChatGPT Login did not return a refresh token");
+  }
+  return {
+    type: "oauth",
+    issuer: ISSUER,
+    refreshToken,
+    accessToken: tokens.access_token,
+    expiresAt: Date.now() + (tokens.expires_in ?? 3600) * 1e3,
+    accountId: extractAccountId(tokens) ?? previous?.accountId
+  };
+}
+async function exchangeCodeForTokens(code, redirectUri, verifier) {
+  const response = await fetch(`${ISSUER}/oauth/token`, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      grant_type: "authorization_code",
+      code,
+      redirect_uri: redirectUri,
+      client_id: CLIENT_ID,
+      code_verifier: verifier
+    }).toString()
+  });
+  if (!response.ok) {
+    throw new Error(`ChatGPT token exchange failed: ${response.status}`);
+  }
+  return await response.json();
+}
+async function refreshChatGPTOAuthCredential(credential) {
+  const response = await fetch(`${credential.issuer}/oauth/token`, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      grant_type: "refresh_token",
+      refresh_token: credential.refreshToken,
+      client_id: CLIENT_ID
+    }).toString()
+  });
+  if (!response.ok) {
+    throw new Error(`ChatGPT token refresh failed: ${response.status}`);
+  }
+  return credentialFromTokens(await response.json(), credential);
+}
+async function closeServer(server) {
+  if (!server.listening) {
+    return;
+  }
+  await new Promise((resolve, reject) => {
+    server.close((error) => {
+      if (error) {
+        reject(error);
+        return;
+      }
+      resolve();
+    });
+  });
+}
+async function listen(server) {
+  await new Promise((resolve, reject) => {
+    server.once("error", reject);
+    server.listen(CALLBACK_PORT, CALLBACK_HOST, () => {
+      server.off("error", reject);
+      resolve();
+    });
+  });
+}
+async function startChatGPTBrowserLogin() {
+  const redirectUri = CHATGPT_OAUTH_REDIRECT_URI;
+  const pkce = generatePkce();
+  const state = base64Url((0, import_node_crypto.randomBytes)(32));
+  let settled = false;
+  let rejectCredential = () => void 0;
+  const server = (0, import_node_http.createServer)();
+  const credentialPromise = new Promise((resolve, reject) => {
+    rejectCredential = reject;
+    server.on("request", async (request, response) => {
+      try {
+        const url = new URL(request.url ?? "/", redirectUri);
+        if (url.pathname !== CALLBACK_PATH) {
+          response.writeHead(404).end("Not found");
+          return;
+        }
+        if (url.searchParams.get("state") !== state) {
+          throw new Error("ChatGPT Login returned an invalid state");
+        }
+        const code = url.searchParams.get("code");
+        if (!code) {
+          throw new Error(
+            url.searchParams.get("error") ?? "ChatGPT Login returned no code"
+          );
+        }
+        const tokens = await exchangeCodeForTokens(code, redirectUri, pkce.verifier);
+        response.writeHead(200, { "Content-Type": "text/html; charset=utf-8" }).end(
+          "<!doctype html><title>Dexto ChatGPT Login</title><p>Authorization complete. You can close this window.</p>"
+        );
+        settled = true;
+        resolve(credentialFromTokens(tokens));
+      } catch (error) {
+        response.writeHead(400, { "Content-Type": "text/plain; charset=utf-8" }).end(error instanceof Error ? error.message : "ChatGPT Login failed");
+        settled = true;
+        reject(error);
+      } finally {
+        void closeServer(server);
+      }
+    });
+    server.once("error", (error) => {
+      settled = true;
+      reject(error);
+    });
+  });
+  credentialPromise.catch(() => void 0);
+  await listen(server);
+  return {
+    authUrl: buildAuthorizeUrl(redirectUri, pkce.challenge, state),
+    waitForCredential: () => credentialPromise,
+    cancel: async () => {
+      if (!settled) {
+        settled = true;
+        rejectCredential(new Error("ChatGPT Login cancelled"));
+      }
+      await closeServer(server);
+    }
+  };
+}
+function removeAuthorizationHeader(headers) {
+  headers.delete("authorization");
+  headers.delete("Authorization");
+}
+function resolveCodexEndpoint(requestInput) {
+  const url = requestInput instanceof URL ? requestInput : new URL(typeof requestInput === "string" ? requestInput : requestInput.url);
+  if (url.pathname.endsWith("/responses") || url.pathname.endsWith("/chat/completions")) {
+    return `${CODEX_API_BASE_URL}/responses`;
+  }
+  return requestInput;
+}
+function contentToInstructionText(content) {
+  if (typeof content === "string") {
+    return content;
+  }
+  if (Array.isArray(content)) {
+    const text = content.map((part) => {
+      if (typeof part === "string") {
+        return part;
+      }
+      if (part && typeof part === "object" && "text" in part && typeof part.text === "string") {
+        return part.text;
+      }
+      return JSON.stringify(part);
+    }).filter((part) => part.trim() !== "").join("\n");
+    return text === "" ? null : text;
+  }
+  if (content === void 0 || content === null) {
+    return null;
+  }
+  return JSON.stringify(content);
+}
+function isInstructionMessage(message) {
+  return !!message && typeof message === "object" && "role" in message && (message.role === "system" || message.role === "developer");
+}
+function extractInstructionMessages(messages) {
+  if (!Array.isArray(messages)) {
+    return { instructions: [], messages };
+  }
+  const instructions = [];
+  const remaining = [];
+  for (const message of messages) {
+    if (!isInstructionMessage(message)) {
+      remaining.push(message);
+      continue;
+    }
+    const text = contentToInstructionText(message.content);
+    if (text) {
+      instructions.push(text);
+    }
+  }
+  return { instructions, messages: remaining };
+}
+function normalizeCodexRequestBody(body) {
+  const input = extractInstructionMessages(body.input);
+  const messages = extractInstructionMessages(body.messages);
+  const instructions = [
+    ...input.instructions,
+    ...messages.instructions,
+    ...typeof body.instructions === "string" && body.instructions.trim() !== "" ? [body.instructions] : []
+  ];
+  if (input.instructions.length > 0) {
+    body.input = input.messages;
+  }
+  if (messages.instructions.length > 0) {
+    body.messages = messages.messages;
+  }
+  body.instructions = instructions.length > 0 ? instructions.join("\n\n") : DEFAULT_CODEX_INSTRUCTIONS;
+  body.store = false;
+  return body;
+}
+function createCodexRequestInit(init, credential) {
+  const headers = new globalThis.Headers(init?.headers);
+  removeAuthorizationHeader(headers);
+  headers.set("authorization", `Bearer ${credential.accessToken}`);
+  headers.set("originator", "dexto");
+  headers.set("OpenAI-Beta", "responses=experimental");
+  if (credential.accountId) {
+    headers.set("ChatGPT-Account-Id", credential.accountId);
+  }
+  if (typeof init?.body !== "string") {
+    return { ...init, headers };
+  }
+  const body = JSON.parse(init.body);
+  return {
+    ...init,
+    body: JSON.stringify(normalizeCodexRequestBody(body)),
+    headers
+  };
+}
+function createChatGPTRuntimeAuth(input) {
+  let current = input.credential;
+  let refreshPromise = null;
+  async function getFreshCredential() {
+    if (current.expiresAt > Date.now() + 3e4) {
+      return current;
+    }
+    refreshPromise ??= refreshChatGPTOAuthCredential(current).then(async (next) => {
+      current = next;
+      await input.updateCredential(next);
+      return next;
+    }).finally(() => {
+      refreshPromise = null;
+    });
+    return refreshPromise;
+  }
+  return {
+    apiKey: DUMMY_API_KEY,
+    baseURL: CODEX_API_BASE_URL,
+    fetch: async (requestInput, init) => {
+      const credential = await getFreshCredential();
+      return fetch(resolveCodexEndpoint(requestInput), {
+        ...createCodexRequestInit(init, credential)
+      });
+    }
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  CHATGPT_OAUTH_REDIRECT_URI,
+  createChatGPTRuntimeAuth,
+  refreshChatGPTOAuthCredential,
+  startChatGPTBrowserLogin
+});

package/dist/auth/chatgpt-oauth.d.ts

@@ -0,0 +1,28 @@
+declare const ISSUER = "https://auth.openai.com";
+export declare const CHATGPT_OAUTH_REDIRECT_URI = "http://localhost:1455/auth/callback";
+export type ChatGPTOAuthCredential = {
+    type: 'oauth';
+    issuer: typeof ISSUER;
+    refreshToken: string;
+    accessToken: string;
+    expiresAt: number;
+    accountId?: string | undefined;
+};
+export type PendingChatGPTLogin = {
+    authUrl: string;
+    waitForCredential(): Promise<ChatGPTOAuthCredential>;
+    cancel(): Promise<void>;
+};
+export type ChatGPTRuntimeAuth = {
+    apiKey: string;
+    baseURL: string;
+    fetch: typeof fetch;
+};
+export declare function refreshChatGPTOAuthCredential(credential: ChatGPTOAuthCredential): Promise<ChatGPTOAuthCredential>;
+export declare function startChatGPTBrowserLogin(): Promise<PendingChatGPTLogin>;
+export declare function createChatGPTRuntimeAuth(input: {
+    credential: ChatGPTOAuthCredential;
+    updateCredential(credential: ChatGPTOAuthCredential): Promise<void>;
+}): ChatGPTRuntimeAuth;
+export {};
+//# sourceMappingURL=chatgpt-oauth.d.ts.map

package/dist/auth/chatgpt-oauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"chatgpt-oauth.d.ts","sourceRoot":"","sources":["../../src/auth/chatgpt-oauth.ts"],"names":[],"mappings":"AAIA,QAAA,MAAM,MAAM,4BAA4B,CAAC;AAQzC,eAAO,MAAM,0BAA0B,wCAA6D,CAAC;AAiBrG,MAAM,MAAM,sBAAsB,GAAG;IACjC,IAAI,EAAE,OAAO,CAAC;IACd,MAAM,EAAE,OAAO,MAAM,CAAC;IACtB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAClC,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAC9B,OAAO,EAAE,MAAM,CAAC;IAChB,iBAAiB,IAAI,OAAO,CAAC,sBAAsB,CAAC,CAAC;IACrD,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CAC3B,CAAC;AAEF,MAAM,MAAM,kBAAkB,GAAG;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,OAAO,KAAK,CAAC;CACvB,CAAC;AAiGF,wBAAsB,6BAA6B,CAC/C,UAAU,EAAE,sBAAsB,GACnC,OAAO,CAAC,sBAAsB,CAAC,CAcjC;AA4BD,wBAAsB,wBAAwB,IAAI,OAAO,CAAC,mBAAmB,CAAC,CAmE7E;AAuID,wBAAgB,wBAAwB,CAAC,KAAK,EAAE;IAC5C,UAAU,EAAE,sBAAsB,CAAC;IACnC,gBAAgB,CAAC,UAAU,EAAE,sBAAsB,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACvE,GAAG,kBAAkB,CAgCrB"}

package/dist/auth/chatgpt-oauth.js

@@ -0,0 +1,305 @@
+import { createHash, randomBytes } from "node:crypto";
+import { createServer } from "node:http";
+const CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
+const ISSUER = "https://auth.openai.com";
+const CALLBACK_HOST = "127.0.0.1";
+const REDIRECT_HOST = "localhost";
+const CALLBACK_PORT = 1455;
+const CALLBACK_PATH = "/auth/callback";
+const CODEX_API_BASE_URL = "https://chatgpt.com/backend-api/codex";
+const DUMMY_API_KEY = "dexto-chatgpt-oauth";
+const DEFAULT_CODEX_INSTRUCTIONS = "You are a helpful assistant.";
+const CHATGPT_OAUTH_REDIRECT_URI = `http://${REDIRECT_HOST}:${CALLBACK_PORT}${CALLBACK_PATH}`;
+function base64Url(input) {
+  return input.toString("base64url");
+}
+function generatePkce() {
+  const verifier = base64Url(randomBytes(48));
+  const challenge = base64Url(createHash("sha256").update(verifier).digest());
+  return { verifier, challenge };
+}
+function buildAuthorizeUrl(redirectUri, challenge, state) {
+  const params = new URLSearchParams({
+    response_type: "code",
+    client_id: CLIENT_ID,
+    redirect_uri: redirectUri,
+    scope: "openid profile email offline_access",
+    code_challenge: challenge,
+    code_challenge_method: "S256",
+    id_token_add_organizations: "true",
+    codex_cli_simplified_flow: "true",
+    state,
+    originator: "dexto"
+  });
+  return `${ISSUER}/oauth/authorize?${params.toString()}`;
+}
+function parseJwtClaims(token) {
+  if (!token) {
+    return null;
+  }
+  const parts = token.split(".");
+  if (parts.length !== 3 || !parts[1]) {
+    return null;
+  }
+  try {
+    return JSON.parse(
+      Buffer.from(parts[1], "base64url").toString("utf-8")
+    );
+  } catch {
+    return null;
+  }
+}
+function extractAccountId(tokens) {
+  const claims = parseJwtClaims(tokens.id_token) ?? parseJwtClaims(tokens.access_token);
+  return claims?.chatgpt_account_id ?? claims?.["https://api.openai.com/auth"]?.chatgpt_account_id ?? claims?.organizations?.find((org) => typeof org.id === "string")?.id;
+}
+function credentialFromTokens(tokens, previous) {
+  const refreshToken = tokens.refresh_token ?? previous?.refreshToken;
+  if (!refreshToken) {
+    throw new Error("ChatGPT Login did not return a refresh token");
+  }
+  return {
+    type: "oauth",
+    issuer: ISSUER,
+    refreshToken,
+    accessToken: tokens.access_token,
+    expiresAt: Date.now() + (tokens.expires_in ?? 3600) * 1e3,
+    accountId: extractAccountId(tokens) ?? previous?.accountId
+  };
+}
+async function exchangeCodeForTokens(code, redirectUri, verifier) {
+  const response = await fetch(`${ISSUER}/oauth/token`, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      grant_type: "authorization_code",
+      code,
+      redirect_uri: redirectUri,
+      client_id: CLIENT_ID,
+      code_verifier: verifier
+    }).toString()
+  });
+  if (!response.ok) {
+    throw new Error(`ChatGPT token exchange failed: ${response.status}`);
+  }
+  return await response.json();
+}
+async function refreshChatGPTOAuthCredential(credential) {
+  const response = await fetch(`${credential.issuer}/oauth/token`, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      grant_type: "refresh_token",
+      refresh_token: credential.refreshToken,
+      client_id: CLIENT_ID
+    }).toString()
+  });
+  if (!response.ok) {
+    throw new Error(`ChatGPT token refresh failed: ${response.status}`);
+  }
+  return credentialFromTokens(await response.json(), credential);
+}
+async function closeServer(server) {
+  if (!server.listening) {
+    return;
+  }
+  await new Promise((resolve, reject) => {
+    server.close((error) => {
+      if (error) {
+        reject(error);
+        return;
+      }
+      resolve();
+    });
+  });
+}
+async function listen(server) {
+  await new Promise((resolve, reject) => {
+    server.once("error", reject);
+    server.listen(CALLBACK_PORT, CALLBACK_HOST, () => {
+      server.off("error", reject);
+      resolve();
+    });
+  });
+}
+async function startChatGPTBrowserLogin() {
+  const redirectUri = CHATGPT_OAUTH_REDIRECT_URI;
+  const pkce = generatePkce();
+  const state = base64Url(randomBytes(32));
+  let settled = false;
+  let rejectCredential = () => void 0;
+  const server = createServer();
+  const credentialPromise = new Promise((resolve, reject) => {
+    rejectCredential = reject;
+    server.on("request", async (request, response) => {
+      try {
+        const url = new URL(request.url ?? "/", redirectUri);
+        if (url.pathname !== CALLBACK_PATH) {
+          response.writeHead(404).end("Not found");
+          return;
+        }
+        if (url.searchParams.get("state") !== state) {
+          throw new Error("ChatGPT Login returned an invalid state");
+        }
+        const code = url.searchParams.get("code");
+        if (!code) {
+          throw new Error(
+            url.searchParams.get("error") ?? "ChatGPT Login returned no code"
+          );
+        }
+        const tokens = await exchangeCodeForTokens(code, redirectUri, pkce.verifier);
+        response.writeHead(200, { "Content-Type": "text/html; charset=utf-8" }).end(
+          "<!doctype html><title>Dexto ChatGPT Login</title><p>Authorization complete. You can close this window.</p>"
+        );
+        settled = true;
+        resolve(credentialFromTokens(tokens));
+      } catch (error) {
+        response.writeHead(400, { "Content-Type": "text/plain; charset=utf-8" }).end(error instanceof Error ? error.message : "ChatGPT Login failed");
+        settled = true;
+        reject(error);
+      } finally {
+        void closeServer(server);
+      }
+    });
+    server.once("error", (error) => {
+      settled = true;
+      reject(error);
+    });
+  });
+  credentialPromise.catch(() => void 0);
+  await listen(server);
+  return {
+    authUrl: buildAuthorizeUrl(redirectUri, pkce.challenge, state),
+    waitForCredential: () => credentialPromise,
+    cancel: async () => {
+      if (!settled) {
+        settled = true;
+        rejectCredential(new Error("ChatGPT Login cancelled"));
+      }
+      await closeServer(server);
+    }
+  };
+}
+function removeAuthorizationHeader(headers) {
+  headers.delete("authorization");
+  headers.delete("Authorization");
+}
+function resolveCodexEndpoint(requestInput) {
+  const url = requestInput instanceof URL ? requestInput : new URL(typeof requestInput === "string" ? requestInput : requestInput.url);
+  if (url.pathname.endsWith("/responses") || url.pathname.endsWith("/chat/completions")) {
+    return `${CODEX_API_BASE_URL}/responses`;
+  }
+  return requestInput;
+}
+function contentToInstructionText(content) {
+  if (typeof content === "string") {
+    return content;
+  }
+  if (Array.isArray(content)) {
+    const text = content.map((part) => {
+      if (typeof part === "string") {
+        return part;
+      }
+      if (part && typeof part === "object" && "text" in part && typeof part.text === "string") {
+        return part.text;
+      }
+      return JSON.stringify(part);
+    }).filter((part) => part.trim() !== "").join("\n");
+    return text === "" ? null : text;
+  }
+  if (content === void 0 || content === null) {
+    return null;
+  }
+  return JSON.stringify(content);
+}
+function isInstructionMessage(message) {
+  return !!message && typeof message === "object" && "role" in message && (message.role === "system" || message.role === "developer");
+}
+function extractInstructionMessages(messages) {
+  if (!Array.isArray(messages)) {
+    return { instructions: [], messages };
+  }
+  const instructions = [];
+  const remaining = [];
+  for (const message of messages) {
+    if (!isInstructionMessage(message)) {
+      remaining.push(message);
+      continue;
+    }
+    const text = contentToInstructionText(message.content);
+    if (text) {
+      instructions.push(text);
+    }
+  }
+  return { instructions, messages: remaining };
+}
+function normalizeCodexRequestBody(body) {
+  const input = extractInstructionMessages(body.input);
+  const messages = extractInstructionMessages(body.messages);
+  const instructions = [
+    ...input.instructions,
+    ...messages.instructions,
+    ...typeof body.instructions === "string" && body.instructions.trim() !== "" ? [body.instructions] : []
+  ];
+  if (input.instructions.length > 0) {
+    body.input = input.messages;
+  }
+  if (messages.instructions.length > 0) {
+    body.messages = messages.messages;
+  }
+  body.instructions = instructions.length > 0 ? instructions.join("\n\n") : DEFAULT_CODEX_INSTRUCTIONS;
+  body.store = false;
+  return body;
+}
+function createCodexRequestInit(init, credential) {
+  const headers = new globalThis.Headers(init?.headers);
+  removeAuthorizationHeader(headers);
+  headers.set("authorization", `Bearer ${credential.accessToken}`);
+  headers.set("originator", "dexto");
+  headers.set("OpenAI-Beta", "responses=experimental");
+  if (credential.accountId) {
+    headers.set("ChatGPT-Account-Id", credential.accountId);
+  }
+  if (typeof init?.body !== "string") {
+    return { ...init, headers };
+  }
+  const body = JSON.parse(init.body);
+  return {
+    ...init,
+    body: JSON.stringify(normalizeCodexRequestBody(body)),
+    headers
+  };
+}
+function createChatGPTRuntimeAuth(input) {
+  let current = input.credential;
+  let refreshPromise = null;
+  async function getFreshCredential() {
+    if (current.expiresAt > Date.now() + 3e4) {
+      return current;
+    }
+    refreshPromise ??= refreshChatGPTOAuthCredential(current).then(async (next) => {
+      current = next;
+      await input.updateCredential(next);
+      return next;
+    }).finally(() => {
+      refreshPromise = null;
+    });
+    return refreshPromise;
+  }
+  return {
+    apiKey: DUMMY_API_KEY,
+    baseURL: CODEX_API_BASE_URL,
+    fetch: async (requestInput, init) => {
+      const credential = await getFreshCredential();
+      return fetch(resolveCodexEndpoint(requestInput), {
+        ...createCodexRequestInit(init, credential)
+      });
+    }
+  };
+}
+export {
+  CHATGPT_OAUTH_REDIRECT_URI,
+  createChatGPTRuntimeAuth,
+  refreshChatGPTOAuthCredential,
+  startChatGPTBrowserLogin
+};