@gajae-code/coding-agent 0.5.0 → 0.5.1

package/src/defaults/gjc/extensions/grok-cli-vendor/src/models/catalog.ts

@@ -0,0 +1,155 @@
+/**
+ * Model definitions for Grok CLI's API.
+ */
+
+// ─── Cost constants ($/M tokens) ──────────────────────────────────────────────
+
+const COST_BUILD = { input: 1, output: 2, cacheRead: 0.2, cacheWrite: 0.2 };
+const COST_COMPOSER_FAST = { input: 3, output: 15, cacheRead: 0.5, cacheWrite: 0 };
+const COST_43 = { input: 1.25, output: 2.5, cacheRead: 0.2, cacheWrite: 0 };
+const COST_420 = { input: 2, output: 6, cacheRead: 0.2, cacheWrite: 0 };
+
+// ─── Model type ───────────────────────────────────────────────────────────────
+
+export interface GrokCliModelConfig {
+  id: string;
+  name: string;
+  reasoning: boolean;
+  input: ('text' | 'image')[];
+  cost: {
+    input: number;
+    output: number;
+    cacheRead: number;
+    cacheWrite: number;
+  };
+  contextWindow: number;
+  maxTokens: number;
+  /** Models that don't support reasoning.effort get a thinkingLevelMap. */
+  thinkingLevelMap?: Record<string, string | null>;
+}
+
+// ─── Hardcoded fallback catalog ───────────────────────────────────────────────
+//
+// These are the models observed via the Grok CLI's /v1/models endpoint and
+// the actual traffic captured through cli-chat-proxy.grok.com.
+
+const FALLBACK_MODELS: GrokCliModelConfig[] = [
+  {
+    id: 'grok-composer-2.5-fast',
+    name: 'Composer 2.5 Fast (Grok CLI)',
+    reasoning: false,
+    input: ['text', 'image'],
+    cost: COST_COMPOSER_FAST,
+    contextWindow: 200_000,
+    maxTokens: 30_000,
+    thinkingLevelMap: {
+      off: 'none',
+      minimal: null,
+      low: null,
+      medium: null,
+      high: null,
+      xhigh: null,
+    },
+  },
+  {
+    id: 'grok-build',
+    name: 'Grok Build',
+    reasoning: true,
+    input: ['text', 'image'],
+    cost: COST_BUILD,
+    contextWindow: 512_000,
+    maxTokens: 30_000,
+  },
+  {
+    id: 'grok-4.3',
+    name: 'Grok 4.3',
+    reasoning: true,
+    input: ['text', 'image'],
+    cost: COST_43,
+    contextWindow: 1_000_000,
+    maxTokens: 30_000,
+  },
+  {
+    id: 'grok-4.20-0309-reasoning',
+    name: 'Grok 4.20 Reasoning',
+    reasoning: true,
+    input: ['text', 'image'],
+    cost: COST_420,
+    contextWindow: 2_000_000,
+    maxTokens: 30_000,
+  },
+  {
+    id: 'grok-4.20-0309-non-reasoning',
+    name: 'Grok 4.20 Non-Reasoning',
+    reasoning: false,
+    input: ['text', 'image'],
+    cost: COST_420,
+    contextWindow: 2_000_000,
+    maxTokens: 30_000,
+    thinkingLevelMap: {
+      off: 'none',
+      minimal: null,
+      low: null,
+      medium: null,
+      high: null,
+      xhigh: null,
+    },
+  },
+  {
+    id: 'grok-4.20-multi-agent-0309',
+    name: 'Grok 4.20 Multi-Agent',
+    reasoning: true,
+    input: ['text', 'image'],
+    cost: COST_420,
+    contextWindow: 2_000_000,
+    maxTokens: 30_000,
+  },
+];
+
+const EFFORT_CAPABLE_PREFIXES = ['grok-3-mini', 'grok-4.20-multi-agent', 'grok-4.3'];
+
+export function supportsReasoningEffort(modelId: string): boolean {
+  const parts = modelId.split('/');
+  const name = (parts.at(-1) ?? modelId).toLowerCase();
+  if (!EFFORT_CAPABLE_PREFIXES.some((prefix) => name.startsWith(prefix))) {
+    return false;
+  }
+  const model = resolveModels().find((entry) => entry.id.toLowerCase() === name);
+  if (model) {
+    if (!model.reasoning) return false;
+    if (!model.thinkingLevelMap) return true;
+    return Object.values(model.thinkingLevelMap).some(
+      (level) => level !== null && level !== 'none',
+    );
+  }
+  // Effort-capable id not listed in GJC_GROK_CLI_MODELS env list — still honor prefix (avoids spurious 400s).
+  return true;
+}
+
+// ─── GJC_GROK_CLI_MODELS env override ─────────────────────────────────────
+
+/**
+ * Resolve the active model list. If `GJC_GROK_CLI_MODELS` is set,
+ * it filters/reorders the fallback list; unknown IDs get sensible defaults.
+ */
+export function resolveModels(): GrokCliModelConfig[] {
+  const env = (process.env.GJC_GROK_CLI_MODELS || '')
+    .split(',')
+    .map((s) => s.trim())
+    .filter(Boolean);
+  if (env.length === 0) return FALLBACK_MODELS;
+
+  const byId = new Map(FALLBACK_MODELS.map((m) => [m.id, m]));
+  return env.map(
+    (id) =>
+      byId.get(id) ?? {
+        id,
+        name: id,
+        reasoning: true,
+        input: ['text'] as ('text' | 'image')[],
+        cost: COST_BUILD,
+        contextWindow: 1_000_000,
+        maxTokens: 30_000,
+      },
+  );
+}

package/src/defaults/gjc/extensions/grok-cli-vendor/src/payload/sanitize.ts

@@ -0,0 +1,361 @@
+/**
+ * Payload sanitization for xAI's Responses API via cli-chat-proxy.grok.com.
+ *
+ * xAI's endpoint has quirks compared to stock OpenAI:
+ *   - Replayed or encrypted `reasoning` items in input cause 400 errors.
+ *   - `reasoning.effort` is only supported on a subset of models.
+ *   - Empty-string content items cause validation failures.
+ *   - `function_call_output.output` cannot contain image arrays.
+ *   - `image_url` parts must be normalized to `input_image` with data URIs.
+ *   - Local image paths must be resolved to base64 data URIs.
+ *   - xAI rejects `role: "developer"` and `role: "system"` in the input
+ *     array; these must be moved to top-level `instructions`.
+ *   - xAI uses `text.format` instead of OpenAI's `response_format`.
+ *   - xAI uses `prompt_cache_key` for conversation caching.
+ *   - xAI doesn't support `prompt_cache_retention`.
+ *
+ * Additional Grok CLI-specific behavior:
+ *   - Adds x-grok-* headers for client identification
+ *   - Uses prompt_cache_key for session affinity
+ */
+
+import { existsSync, readFileSync, realpathSync } from 'node:fs';
+import { extname, isAbsolute, resolve, sep } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { supportsReasoningEffort } from '../models/catalog.js';
+
+// ─── Content text extraction ─────────────────────────────────────────────────
+
+function textFromContent(content: unknown): string {
+  if (typeof content === 'string') return content;
+  if (!Array.isArray(content)) return '';
+  return content
+    .map((part) => {
+      if (typeof part === 'string') return part;
+      if (!part || typeof part !== 'object') return '';
+      const item = part as Record<string, unknown>;
+      const type = typeof item.type === 'string' ? item.type : '';
+      return ['text', 'input_text', 'output_text'].includes(type) && typeof item.text === 'string'
+        ? item.text
+        : '';
+    })
+    .filter(Boolean)
+    .join('\n');
+}
+
+// ─── Image helpers ────────────────────────────────────────────────────────────
+
+function stripShellQuotes(value: string): string {
+  const trimmed = value.trim();
+  if (
+    trimmed.length >= 2 &&
+    ((trimmed.startsWith('"') && trimmed.endsWith('"')) ||
+      (trimmed.startsWith("'") && trimmed.endsWith("'")))
+  ) {
+    return trimmed.slice(1, -1);
+  }
+  return trimmed;
+}
+
+function unescapeShellPath(value: string): string {
+  return stripShellQuotes(value).replace(/\\([\\\s'"()&;@])/g, '$1');
+}
+
+function imageMimeTypeForPath(path: string): string {
+  switch (extname(path).toLowerCase()) {
+    case '.jpg':
+    case '.jpeg':
+      return 'image/jpeg';
+    case '.png':
+      return 'image/png';
+    default:
+      throw new Error('xAI image understanding supports local .jpg, .jpeg, and .png files only');
+  }
+}
+
+function ensurePathWithinWorkspace(cwd: string, filePath: string) {
+  const realCwd = realpathSync(cwd);
+  const realPath = realpathSync(filePath);
+  if (realPath !== realCwd && !realPath.startsWith(`${realCwd}${sep}`)) {
+    throw new Error('Image path is outside the workspace');
+  }
+  return realPath;
+}
+
+function resolveLocalImagePath(value: string, cwd: string): string | undefined {
+  const cleaned = unescapeShellPath(value);
+  if (!cleaned) return undefined;
+
+  if (cleaned.startsWith('file://')) {
+    try {
+      const filePath = fileURLToPath(cleaned);
+      return existsSync(filePath) ? ensurePathWithinWorkspace(cwd, filePath) : undefined;
+    } catch {
+      return undefined;
+    }
+  }
+
+  const candidate = isAbsolute(cleaned) ? cleaned : resolve(cwd, cleaned);
+
+  return existsSync(candidate) ? ensurePathWithinWorkspace(cwd, candidate) : undefined;
+}
+
+function normalizeImageInput(value: unknown, cwd: string): string | undefined {
+  if (typeof value !== 'string' || !value.trim()) return undefined;
+  const cleaned = stripShellQuotes(value);
+
+  if (/^https?:\/\//i.test(cleaned) || /^data:image\//i.test(cleaned)) {
+    return cleaned;
+  }
+
+  const localPath = resolveLocalImagePath(cleaned, cwd);
+  if (!localPath) {
+    throw new Error(`Image file does not exist or is not a valid URL: ${cleaned}`);
+  }
+
+  const mimeType = imageMimeTypeForPath(localPath);
+  const data = readFileSync(localPath).toString('base64');
+  return `data:${mimeType};base64,${data}`;
+}
+
+// ─── Content part normalization ───────────────────────────────────────────────
+
+function isInputImagePart(value: unknown): value is Record<string, unknown> {
+  return (
+    !!value &&
+    typeof value === 'object' &&
+    (value as Record<string, unknown>).type === 'input_image'
+  );
+}
+
+function getImageUrlAndDetail(obj: Record<string, unknown>): {
+  imageUrl: unknown;
+  detail: unknown;
+} {
+  if (typeof obj.image_url === 'object' && obj.image_url) {
+    const imageUrl = obj.image_url as Record<string, unknown>;
+    return { imageUrl: imageUrl.url, detail: imageUrl.detail };
+  }
+
+  return { imageUrl: obj.image_url, detail: obj.detail };
+}
+
+function normalizeImageParts(value: unknown, cwd: string): unknown {
+  if (Array.isArray(value)) return value.map((item) => normalizeImageParts(item, cwd));
+  if (!value || typeof value !== 'object') return value;
+
+  const obj = { ...(value as Record<string, unknown>) };
+
+  if (obj.type === 'image' && typeof obj.data === 'string' && typeof obj.mimeType === 'string') {
+    return {
+      type: 'input_image',
+      image_url: `data:${obj.mimeType};base64,${obj.data}`,
+      detail: typeof obj.detail === 'string' && obj.detail ? obj.detail : 'auto',
+    };
+  }
+
+  if (obj.type === 'image_url') {
+    const { imageUrl, detail } = getImageUrlAndDetail(obj);
+    obj.type = 'input_image';
+    obj.image_url = imageUrl;
+    if (typeof detail === 'string' && detail) obj.detail = detail;
+  }
+
+  if (obj.type === 'input_image') {
+    const { imageUrl, detail } = getImageUrlAndDetail(obj);
+    const normalized = normalizeImageInput(imageUrl, cwd);
+    if (normalized) obj.image_url = normalized;
+    if (typeof detail === 'string' && detail) obj.detail = detail;
+    if (typeof obj.detail !== 'string' || !obj.detail) obj.detail = 'auto';
+  }
+
+  if (Array.isArray(obj.content)) obj.content = normalizeImageParts(obj.content, cwd);
+  if (Array.isArray(obj.output)) obj.output = normalizeImageParts(obj.output, cwd);
+  return obj;
+}
+
+// ─── function_call_output rewrite ─────────────────────────────────────────────
+
+function rewriteFunctionCallOutput(input: Record<string, unknown>[]): Record<string, unknown>[] {
+  const rewritten: Record<string, unknown>[] = [];
+
+  for (const item of input) {
+    if (
+      !item ||
+      typeof item !== 'object' ||
+      item.type !== 'function_call_output' ||
+      !Array.isArray(item.output)
+    ) {
+      rewritten.push(item);
+      continue;
+    }
+
+    const outputParts = item.output as unknown[];
+    const imageParts = outputParts.filter(isInputImagePart);
+    const textParts = outputParts.filter((p) => !isInputImagePart(p));
+
+    const textChunks: string[] = [];
+    for (const part of textParts) {
+      if (typeof part === 'string') {
+        textChunks.push(part);
+      } else if (part && typeof part === 'object') {
+        const p = part as Record<string, unknown>;
+        if (typeof p.text === 'string') textChunks.push(p.text);
+      }
+    }
+    let imageCount = 0;
+    for (const _ of imageParts) imageCount++;
+
+    const outputText = textChunks.join('\n') || '(tool returned no text output)';
+    rewritten.push({ ...item, output: outputText });
+
+    if (imageCount > 0) {
+      const callId = item.call_id ? ` (${String(item.call_id)})` : '';
+      const label = `The previous tool result${callId} included ${imageCount} image${imageCount === 1 ? '' : 's'}. Use the attached image${imageCount === 1 ? '' : 's'} as the visual output from that tool.`;
+      rewritten.push({
+        role: 'user',
+        content: [{ type: 'input_text', text: label }, ...imageParts],
+      });
+    }
+  }
+
+  return rewritten;
+}
+
+// ─── xAI 400 guards ───────────────────────────────────────────────────────────
+
+const REPLAYED_INPUT_TYPES = new Set([
+  'reasoning',
+  'reasoning.encrypted_content',
+  'encrypted_content',
+  'item_reference',
+]);
+
+function isReplayedOrUnsupportedInputItem(obj: Record<string, unknown>): boolean {
+  const type = typeof obj.type === 'string' ? obj.type : '';
+  if (REPLAYED_INPUT_TYPES.has(type)) return true;
+  if (type.startsWith('reasoning')) return true;
+  if ('encrypted_content' in obj || 'reasoning_encrypted_content' in obj) return true;
+  return false;
+}
+
+function isEmptyMessageItem(obj: Record<string, unknown>): boolean {
+  if (typeof obj.content === 'string') return obj.content.trim().length === 0;
+  if (!Array.isArray(obj.content)) return false;
+  const parts = obj.content as unknown[];
+  if (parts.length === 0) return true;
+  return parts.every((part) => {
+    if (typeof part === 'string') return part.length === 0;
+    if (!part || typeof part !== 'object') return true;
+    const p = part as Record<string, unknown>;
+    const t = typeof p.type === 'string' ? p.type : '';
+    if (['text', 'input_text', 'output_text'].includes(t)) {
+      return typeof p.text !== 'string' || p.text.trim().length === 0;
+    }
+    return false;
+  });
+}
+
+function stripUnsupportedTopLevelFields(next: Record<string, unknown>): void {
+  delete next.prompt_cache_retention;
+  delete next.parallel_tool_calls;
+  delete next.store;
+  delete next.metadata;
+  delete next.user;
+  delete next.service_tier;
+  delete next.truncation;
+}
+
+// ─── Main sanitization ────────────────────────────────────────────────────────
+
+/**
+ * Sanitize a provider request payload for xAI's Responses API via
+ * cli-chat-proxy.grok.com.
+ *
+ * Returns the modified payload.  Mutates the input in place for efficiency.
+ */
+export function sanitizePayload(
+  params: Record<string, unknown>,
+  modelId: string,
+  sessionId: string | undefined,
+  cwd: string,
+): Record<string, unknown> {
+  const next = params;
+
+  // ── Sanitize input array ──────────────────────────────────────────────
+  if (Array.isArray(next.input)) {
+    let input = (next.input as unknown[])
+      .map((item: unknown) => {
+        if (!item || typeof item !== 'object') return item;
+        const obj = item as Record<string, unknown>;
+
+        if (isReplayedOrUnsupportedInputItem(obj)) return null;
+        if (isEmptyMessageItem(obj)) return null;
+
+        return obj;
+      })
+      .filter(Boolean) as Record<string, unknown>[];
+
+    // Move system/developer messages to top-level instructions.
+    // xAI rejects role: "developer" and role: "system" in the input array.
+    const instructionParts: string[] = [];
+    input = input.filter((item) => {
+      const role = (item as Record<string, unknown>).role;
+      if (role !== 'developer' && role !== 'system') return true;
+      const text = textFromContent((item as Record<string, unknown>).content).trim();
+      if (text) instructionParts.push(text);
+      return false;
+    });
+    if (instructionParts.length > 0) {
+      const existing =
+        typeof next.instructions === 'string' && next.instructions ? next.instructions : '';
+      const merged = [existing, ...instructionParts].filter((part) => part.length > 0).join('\n\n');
+      next.instructions = merged;
+    }
+
+    // Normalize image parts (resolve local paths, fix types)
+    input = normalizeImageParts(input, cwd) as Record<string, unknown>[];
+
+    // Rewrite function_call_output with images
+    input = rewriteFunctionCallOutput(input);
+
+    next.input = input;
+  } else if (typeof next.input === 'string') {
+    // String input is valid and should stay string-shaped.
+  }
+
+  // ── response_format → text.format ────────────────────────────────────
+  if (next.response_format) {
+    if (!next.text) next.text = { format: next.response_format };
+    delete next.response_format;
+  }
+
+  // ── Reasoning effort ──────────────────────────────────────────────────
+  if (supportsReasoningEffort(modelId)) {
+    const reasoning = next.reasoning as Record<string, unknown> | undefined;
+    if (reasoning) {
+      const effort = reasoning.effort === 'minimal' ? 'low' : reasoning.effort;
+      next.reasoning = reasoning.summary !== undefined ? { effort } : { ...reasoning, effort };
+    }
+  } else {
+    delete next.reasoning;
+    delete next.reasoningEffort;
+  }
+
+  // ── Strip/filter unsupported fields ──────────────────────────────────
+  if (Array.isArray(next.include)) {
+    next.include = (next.include as unknown[]).filter(
+      (item) => item !== 'reasoning.encrypted_content',
+    );
+    if ((next.include as unknown[]).length === 0) delete next.include;
+  }
+
+  stripUnsupportedTopLevelFields(next);
+
+  // Add prompt_cache_key for conversation caching (routes to same server).
+  if (sessionId && !next.prompt_cache_key) {
+    next.prompt_cache_key = sessionId;
+  }
+
+  return next;
+}

package/src/defaults/gjc/extensions/grok-cli-vendor/src/provider/billing.ts

@@ -0,0 +1,57 @@
+import { getBaseUrl } from '../shared/base-url.js';
+
+interface BillingUsage {
+  monthlyLimit: number;
+  used: number;
+  billingPeriodEnd: string;
+}
+
+function parseBillingUsage(payload: unknown): BillingUsage {
+  if (!payload || typeof payload !== 'object') throw new Error('invalid billing payload');
+  const config = (payload as Record<string, unknown>).config;
+  if (!config || typeof config !== 'object') throw new Error('invalid billing payload');
+  const monthlyLimit = ((config as Record<string, unknown>).monthlyLimit as Record<string, unknown>)
+    ?.val;
+  const used = ((config as Record<string, unknown>).used as Record<string, unknown>)?.val;
+  const billingPeriodEnd = (config as Record<string, unknown>).billingPeriodEnd;
+  if (
+    typeof monthlyLimit !== 'number' ||
+    !Number.isFinite(monthlyLimit) ||
+    typeof used !== 'number' ||
+    !Number.isFinite(used) ||
+    typeof billingPeriodEnd !== 'string' ||
+    !Number.isFinite(new Date(billingPeriodEnd).getTime())
+  ) {
+    throw new Error('invalid billing payload');
+  }
+  return { monthlyLimit, used, billingPeriodEnd };
+}
+
+export async function fetchBillingUsage(token: string): Promise<BillingUsage> {
+  const response = await fetch(`${getBaseUrl()}/billing`, {
+    headers: {
+      authorization: `Bearer ${token}`,
+      'x-xai-token-auth': 'xai-grok-cli',
+      accept: 'application/json',
+    },
+  });
+  if (!response.ok) throw new Error(`billing endpoint returned ${response.status}`);
+  return parseBillingUsage(await response.json());
+}
+
+export function formatQuota(usage: BillingUsage | undefined) {
+  if (!usage) {
+    return [
+      '  Usage:',
+      '    no billing data available — run /login grok-build or set GROK_CLI_OAUTH_TOKEN',
+    ];
+  }
+
+  const resetDate = new Date(new Date(usage.billingPeriodEnd).getTime() - 8 * 60 * 60 * 1000);
+  return [
+    '  Usage:',
+    `    ${usage.used.toLocaleString()} / ${usage.monthlyLimit.toLocaleString()} credits used (${Math.round((usage.used / usage.monthlyLimit) * 100)}%)`,
+    `    ${(usage.monthlyLimit - usage.used).toLocaleString()} credits remaining`,
+    `    Resets at ${['Jan', 'Feb', 'Mar', 'Apr', 'May', 'Jun', 'Jul', 'Aug', 'Sep', 'Oct', 'Nov', 'Dec'][resetDate.getUTCMonth()]} ${resetDate.getUTCDate()} ${resetDate.getUTCHours().toString().padStart(2, '0')}:${resetDate.getUTCMinutes().toString().padStart(2, '0')} PT`,
+  ];
+}

package/src/defaults/gjc/extensions/grok-cli-vendor/src/provider/register.ts

@@ -0,0 +1,99 @@
+/**
+ * GJC Grok Build provider — SuperGrok OAuth + cli-chat-proxy models.
+ */
+
+import type { Api, Model } from '@gajae-code/ai';
+import { Effort } from '@gajae-code/ai/model-thinking';
+import type { OAuthCredentials, OAuthLoginCallbacks } from '@gajae-code/ai/utils/oauth/types';
+import { loginXai, refreshXaiToken, XAI_OAUTH_SCOPE } from '@gajae-code/ai/utils/oauth/xai';
+import type { ExtensionAPI, ProviderConfig } from '@gajae-code/coding-agent';
+import { type GrokCliModelConfig, resolveModels } from '../models/catalog.js';
+import { sanitizePayload } from '../payload/sanitize.js';
+import { getBaseUrl, isGrokBuildBaseUrlOverrideIgnored } from '../shared/base-url.js';
+import { streamGrokCli } from './stream.js';
+import { registerUsageCommand } from './usage.js';
+
+const GROK_BUILD_XAI_AUTHORIZE_PARAMS = {
+  plan: 'generic',
+  referrer: 'gjc-grok-cli',
+} satisfies Readonly<Record<string, string>>;
+
+const GROK_BUILD_XAI_REFRESH_PARAMS = {
+  scope: XAI_OAUTH_SCOPE,
+  ...GROK_BUILD_XAI_AUTHORIZE_PARAMS,
+} satisfies Readonly<Record<string, string>>;
+
+export default function registerGrokCli(api: ExtensionAPI) {
+  const baseUrl = getBaseUrl();
+  const models = resolveModels();
+
+  api.registerProvider('grok-build', {
+    baseUrl,
+    apiKey: process.env.GROK_CLI_OAUTH_TOKEN ? 'GROK_CLI_OAUTH_TOKEN' : undefined,
+    api: 'grok-cli-responses',
+    models: models.map((m: GrokCliModelConfig) => ({
+      id: m.id,
+      name: m.name,
+      reasoning: m.reasoning,
+      thinking: m.reasoning
+        ? { minLevel: Effort.Low, maxLevel: Effort.XHigh, mode: 'effort' }
+        : undefined,
+      input: m.input,
+      cost: m.cost,
+      contextWindow: m.contextWindow,
+      maxTokens: m.maxTokens,
+    })),
+    oauth: {
+      name: 'Grok Build',
+
+      async login(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials> {
+        return loginXai(callbacks, { extraAuthorizeParams: GROK_BUILD_XAI_AUTHORIZE_PARAMS });
+      },
+
+      async refreshToken(credentials: OAuthCredentials): Promise<OAuthCredentials> {
+        return refreshXaiToken(credentials.refresh, {
+          extraTokenParams: GROK_BUILD_XAI_REFRESH_PARAMS,
+        });
+      },
+
+      getApiKey(credentials: OAuthCredentials): string {
+        return credentials.access;
+      },
+
+      modifyModels(models: Model<Api>[], _credentials: OAuthCredentials) {
+        const effectiveBaseUrl = getBaseUrl().replace(/\/+$/, '');
+
+        return models.map((m) =>
+          m.provider === 'grok-build' ? { ...m, baseUrl: effectiveBaseUrl } : m,
+        );
+      },
+    } satisfies ProviderConfig['oauth'],
+
+    streamSimple: streamGrokCli,
+  });
+
+  api.on('session_start', (_event, ctx) => {
+    if (process.env.GROK_CLI_OAUTH_TOKEN) {
+      ctx.ui.notify(
+        '[Grok Build] Using GROK_CLI_OAUTH_TOKEN env bypass — no auto-refresh, no model discovery. Login with /login grok-build for persisted refreshable auth.',
+        'warning',
+      );
+    }
+    if (isGrokBuildBaseUrlOverrideIgnored()) {
+      ctx.ui.notify(
+        '[Grok Build] Ignoring unsafe Grok base URL override for OAuth credential safety. Set GJC_GROK_CLI_ALLOW_UNSAFE_BASE_URL=1 only for trusted local testing.',
+        'warning',
+      );
+    }
+  });
+
+  api.on('before_provider_request', (event, ctx) => {
+    if (ctx.model?.provider !== 'grok-build') return;
+
+    const modelId = ctx.model?.id ?? '';
+    const sessionId = ctx.sessionManager?.getSessionId();
+    return sanitizePayload(event.payload as Record<string, unknown>, modelId, sessionId, ctx.cwd);
+  });
+
+  registerUsageCommand(api);
+}