@iam-brain/opencode-codex-auth 1.2.3 → 1.2.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +15 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +41 -18
- package/dist/index.js.map +1 -1
- package/dist/lib/accounts-tools.d.ts.map +1 -1
- package/dist/lib/accounts-tools.js +114 -29
- package/dist/lib/accounts-tools.js.map +1 -1
- package/dist/lib/cache-io.d.ts.map +1 -1
- package/dist/lib/cache-io.js +8 -2
- package/dist/lib/cache-io.js.map +1 -1
- package/dist/lib/cache-lock.d.ts +1 -0
- package/dist/lib/cache-lock.d.ts.map +1 -1
- package/dist/lib/cache-lock.js +12 -2
- package/dist/lib/cache-lock.js.map +1 -1
- package/dist/lib/codex-native/accounts.d.ts.map +1 -1
- package/dist/lib/codex-native/accounts.js +18 -12
- package/dist/lib/codex-native/accounts.js.map +1 -1
- package/dist/lib/codex-native/acquire-auth.d.ts +1 -1
- package/dist/lib/codex-native/acquire-auth.d.ts.map +1 -1
- package/dist/lib/codex-native/acquire-auth.js +317 -204
- package/dist/lib/codex-native/acquire-auth.js.map +1 -1
- package/dist/lib/codex-native/auth-menu-flow.d.ts.map +1 -1
- package/dist/lib/codex-native/auth-menu-flow.js +27 -12
- package/dist/lib/codex-native/auth-menu-flow.js.map +1 -1
- package/dist/lib/codex-native/auth-menu-quotas.d.ts.map +1 -1
- package/dist/lib/codex-native/auth-menu-quotas.js +11 -4
- package/dist/lib/codex-native/auth-menu-quotas.js.map +1 -1
- package/dist/lib/codex-native/browser.d.ts +2 -0
- package/dist/lib/codex-native/browser.d.ts.map +1 -1
- package/dist/lib/codex-native/browser.js +3 -3
- package/dist/lib/codex-native/browser.js.map +1 -1
- package/dist/lib/codex-native/catalog-auth.d.ts.map +1 -1
- package/dist/lib/codex-native/catalog-auth.js +4 -2
- package/dist/lib/codex-native/catalog-auth.js.map +1 -1
- package/dist/lib/codex-native/chat-hooks.d.ts.map +1 -1
- package/dist/lib/codex-native/chat-hooks.js +0 -8
- package/dist/lib/codex-native/chat-hooks.js.map +1 -1
- package/dist/lib/codex-native/client-identity.d.ts.map +1 -1
- package/dist/lib/codex-native/client-identity.js +13 -5
- package/dist/lib/codex-native/client-identity.js.map +1 -1
- package/dist/lib/codex-native/collaboration.d.ts +1 -1
- package/dist/lib/codex-native/collaboration.d.ts.map +1 -1
- package/dist/lib/codex-native/collaboration.js +9 -116
- package/dist/lib/codex-native/collaboration.js.map +1 -1
- package/dist/lib/codex-native/oauth-auth-methods.d.ts +1 -0
- package/dist/lib/codex-native/oauth-auth-methods.d.ts.map +1 -1
- package/dist/lib/codex-native/oauth-auth-methods.js +36 -6
- package/dist/lib/codex-native/oauth-auth-methods.js.map +1 -1
- package/dist/lib/codex-native/oauth-persistence.d.ts.map +1 -1
- package/dist/lib/codex-native/oauth-persistence.js +6 -0
- package/dist/lib/codex-native/oauth-persistence.js.map +1 -1
- package/dist/lib/codex-native/oauth-server.d.ts +1 -0
- package/dist/lib/codex-native/oauth-server.d.ts.map +1 -1
- package/dist/lib/codex-native/oauth-server.js +114 -43
- package/dist/lib/codex-native/oauth-server.js.map +1 -1
- package/dist/lib/codex-native/openai-loader-fetch.d.ts.map +1 -1
- package/dist/lib/codex-native/openai-loader-fetch.js +122 -33
- package/dist/lib/codex-native/openai-loader-fetch.js.map +1 -1
- package/dist/lib/codex-native/originator.d.ts.map +1 -1
- package/dist/lib/codex-native/originator.js +18 -1
- package/dist/lib/codex-native/originator.js.map +1 -1
- package/dist/lib/codex-native/request-routing.d.ts.map +1 -1
- package/dist/lib/codex-native/request-routing.js +9 -0
- package/dist/lib/codex-native/request-routing.js.map +1 -1
- package/dist/lib/codex-native/request-transform.d.ts.map +1 -1
- package/dist/lib/codex-native/request-transform.js +39 -8
- package/dist/lib/codex-native/request-transform.js.map +1 -1
- package/dist/lib/codex-native/session-affinity-state.d.ts +1 -1
- package/dist/lib/codex-native/session-affinity-state.d.ts.map +1 -1
- package/dist/lib/codex-native/session-affinity-state.js +1 -0
- package/dist/lib/codex-native/session-affinity-state.js.map +1 -1
- package/dist/lib/codex-native.js.map +1 -1
- package/dist/lib/codex-prompts-cache.d.ts.map +1 -1
- package/dist/lib/codex-prompts-cache.js.map +1 -1
- package/dist/lib/codex-quota-fetch.d.ts.map +1 -1
- package/dist/lib/codex-quota-fetch.js +12 -9
- package/dist/lib/codex-quota-fetch.js.map +1 -1
- package/dist/lib/codex-status-storage.d.ts.map +1 -1
- package/dist/lib/codex-status-storage.js.map +1 -1
- package/dist/lib/codex-status.d.ts.map +1 -1
- package/dist/lib/codex-status.js +28 -3
- package/dist/lib/codex-status.js.map +1 -1
- package/dist/lib/config.d.ts +3 -0
- package/dist/lib/config.d.ts.map +1 -1
- package/dist/lib/config.js +41 -21
- package/dist/lib/config.js.map +1 -1
- package/dist/lib/fetch-orchestrator.d.ts +2 -1
- package/dist/lib/fetch-orchestrator.d.ts.map +1 -1
- package/dist/lib/fetch-orchestrator.js +81 -11
- package/dist/lib/fetch-orchestrator.js.map +1 -1
- package/dist/lib/identity.d.ts +6 -0
- package/dist/lib/identity.d.ts.map +1 -1
- package/dist/lib/identity.js +25 -4
- package/dist/lib/identity.js.map +1 -1
- package/dist/lib/opencode-install.d.ts.map +1 -1
- package/dist/lib/opencode-install.js +5 -6
- package/dist/lib/opencode-install.js.map +1 -1
- package/dist/lib/orchestrator-agent.d.ts.map +1 -1
- package/dist/lib/orchestrator-agent.js +2 -1
- package/dist/lib/orchestrator-agent.js.map +1 -1
- package/dist/lib/paths.d.ts.map +1 -1
- package/dist/lib/paths.js +24 -3
- package/dist/lib/paths.js.map +1 -1
- package/dist/lib/proactive-refresh.d.ts.map +1 -1
- package/dist/lib/proactive-refresh.js +50 -13
- package/dist/lib/proactive-refresh.js.map +1 -1
- package/dist/lib/refresh-queue.d.ts.map +1 -1
- package/dist/lib/refresh-queue.js +1 -0
- package/dist/lib/refresh-queue.js.map +1 -1
- package/dist/lib/remote-cache-fetch.d.ts.map +1 -1
- package/dist/lib/remote-cache-fetch.js +5 -1
- package/dist/lib/remote-cache-fetch.js.map +1 -1
- package/dist/lib/request-snapshots.d.ts.map +1 -1
- package/dist/lib/request-snapshots.js +46 -10
- package/dist/lib/request-snapshots.js.map +1 -1
- package/dist/lib/rotation.d.ts.map +1 -1
- package/dist/lib/rotation.js +3 -2
- package/dist/lib/rotation.js.map +1 -1
- package/dist/lib/session-affinity.d.ts.map +1 -1
- package/dist/lib/session-affinity.js +35 -20
- package/dist/lib/session-affinity.js.map +1 -1
- package/dist/lib/storage.d.ts.map +1 -1
- package/dist/lib/storage.js +110 -45
- package/dist/lib/storage.js.map +1 -1
- package/dist/lib/ui/auth-menu.d.ts +3 -2
- package/dist/lib/ui/auth-menu.d.ts.map +1 -1
- package/dist/lib/ui/auth-menu.js +1 -1
- package/dist/lib/ui/auth-menu.js.map +1 -1
- package/package.json +20 -8
|
@@ -10,7 +10,7 @@ export type CollaborationInstructionsByKind = {
|
|
|
10
10
|
plan: string;
|
|
11
11
|
code: string;
|
|
12
12
|
};
|
|
13
|
-
export declare const CODEX_PLAN_MODE_INSTRUCTIONS_FALLBACK = "# Plan Mode
|
|
13
|
+
export declare const CODEX_PLAN_MODE_INSTRUCTIONS_FALLBACK = "# Plan Mode\n\nYou are in planning mode.\n\nFocus on clarifying requirements and producing a concrete, decision-complete implementation plan.\n\nUse concise sections that cover:\n- scope and goals\n- implementation steps\n- edge cases and failure handling\n- tests and acceptance criteria\n\nDo not claim changes were implemented unless execution mode is explicitly enabled.";
|
|
14
14
|
export declare function getCodexPlanModeInstructions(): string;
|
|
15
15
|
export declare function setCodexPlanModeInstructions(next: string | undefined): void;
|
|
16
16
|
export declare const CODEX_CODE_MODE_INSTRUCTIONS = "you are now in code mode.";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"collaboration.d.ts","sourceRoot":"","sources":["../../../lib/codex-native/collaboration.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,0BAA0B,GAAG,MAAM,GAAG,MAAM,CAAA;AAExD,MAAM,MAAM,yBAAyB,GAAG;IACtC,OAAO,EAAE,OAAO,CAAA;IAChB,IAAI,CAAC,EAAE,0BAA0B,CAAA;IACjC,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,+BAA+B,GAAG;IAC5C,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED,eAAO,MAAM,qCAAqC,
|
|
1
|
+
{"version":3,"file":"collaboration.d.ts","sourceRoot":"","sources":["../../../lib/codex-native/collaboration.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,0BAA0B,GAAG,MAAM,GAAG,MAAM,CAAA;AAExD,MAAM,MAAM,yBAAyB,GAAG;IACtC,OAAO,EAAE,OAAO,CAAA;IAChB,IAAI,CAAC,EAAE,0BAA0B,CAAA;IACjC,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,cAAc,CAAC,EAAE,OAAO,CAAA;IACxB,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,+BAA+B,GAAG;IAC5C,IAAI,EAAE,MAAM,CAAA;IACZ,IAAI,EAAE,MAAM,CAAA;CACb,CAAA;AAED,eAAO,MAAM,qCAAqC,2XAYiC,CAAA;AAInF,wBAAgB,4BAA4B,IAAI,MAAM,CAErD;AAED,wBAAgB,4BAA4B,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,GAAG,IAAI,CAI3E;AAED,eAAO,MAAM,4BAA4B,8BAA8B,CAAA;AAEvE,eAAO,MAAM,+BAA+B,mcAMsI,CAAA;AA2BlL,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CAKvE;AAyBD,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,OAAO,GAAG,yBAAyB,CA8CrF;AAED,wBAAgB,gCAAgC,CAC9C,IAAI,EAAE,0BAA0B,EAChC,YAAY,EAAE,+BAA+B,GAC5C,MAAM,CAGR;AAED,wBAAgB,uBAAuB,CAAC,YAAY,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAGjF;AAED,wBAAgB,gCAAgC,CAAC,YAAY,EAAE,MAAM,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAUrG;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,MAAM,GAAG,SAAS,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAOjF;AAED,wBAAgB,0BAA0B,CAAC,YAAY,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAiCpF;AAED,wBAAgB,0BAA0B,CAAC,KAAK,EAAE,OAAO,GAAG,MAAM,GAAG,SAAS,CA2B7E"}
|
|
@@ -1,123 +1,16 @@
|
|
|
1
|
-
export const CODEX_PLAN_MODE_INSTRUCTIONS_FALLBACK = `# Plan Mode
|
|
1
|
+
export const CODEX_PLAN_MODE_INSTRUCTIONS_FALLBACK = `# Plan Mode
|
|
2
2
|
|
|
3
|
-
You
|
|
3
|
+
You are in planning mode.
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
Focus on clarifying requirements and producing a concrete, decision-complete implementation plan.
|
|
6
6
|
|
|
7
|
-
|
|
7
|
+
Use concise sections that cover:
|
|
8
|
+
- scope and goals
|
|
9
|
+
- implementation steps
|
|
10
|
+
- edge cases and failure handling
|
|
11
|
+
- tests and acceptance criteria
|
|
8
12
|
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
## Plan Mode vs update_plan tool
|
|
12
|
-
|
|
13
|
-
Plan Mode is a collaboration mode that can involve requesting user input and eventually issuing a <proposed_plan> block.
|
|
14
|
-
|
|
15
|
-
Separately, \`update_plan\` is a checklist/progress/TODOs tool; it does not enter or exit Plan Mode. Do not confuse it with Plan mode or try to use it while in Plan mode. If you try to use \`update_plan\` in Plan mode, it will return an error.
|
|
16
|
-
|
|
17
|
-
## Execution vs. mutation in Plan Mode
|
|
18
|
-
|
|
19
|
-
You may explore and execute **non-mutating** actions that improve the plan. You must not perform **mutating** actions.
|
|
20
|
-
|
|
21
|
-
### Allowed (non-mutating, plan-improving)
|
|
22
|
-
|
|
23
|
-
Actions that gather truth, reduce ambiguity, or validate feasibility without changing repo-tracked state. Examples:
|
|
24
|
-
|
|
25
|
-
* Reading or searching files, configs, schemas, types, manifests, and docs
|
|
26
|
-
* Static analysis, inspection, and repo exploration
|
|
27
|
-
* Dry-run style commands when they do not edit repo-tracked files
|
|
28
|
-
* Tests, builds, or checks that may write to caches or build artifacts (for example, \`target/\`, \`.cache/\`, or snapshots) so long as they do not edit repo-tracked files
|
|
29
|
-
|
|
30
|
-
### Not allowed (mutating, plan-executing)
|
|
31
|
-
|
|
32
|
-
Actions that implement the plan or change repo-tracked state. Examples:
|
|
33
|
-
|
|
34
|
-
* Editing or writing files
|
|
35
|
-
* Running formatters or linters that rewrite files
|
|
36
|
-
* Applying patches, migrations, or codegen that updates repo-tracked files
|
|
37
|
-
* Side-effectful commands whose purpose is to carry out the plan rather than refine it
|
|
38
|
-
|
|
39
|
-
When in doubt: if the action would reasonably be described as "doing the work" rather than "planning the work," do not do it.
|
|
40
|
-
|
|
41
|
-
## PHASE 1 - Ground in the environment (explore first, ask second)
|
|
42
|
-
|
|
43
|
-
Begin by grounding yourself in the actual environment. Eliminate unknowns in the prompt by discovering facts, not by asking the user. Resolve all questions that can be answered through exploration or inspection. Identify missing or ambiguous details only if they cannot be derived from the environment. Silent exploration between turns is allowed and encouraged.
|
|
44
|
-
|
|
45
|
-
Before asking the user any question, perform at least one targeted non-mutating exploration pass (for example: search relevant files, inspect likely entrypoints/configs, confirm current implementation shape), unless no local environment/repo is available.
|
|
46
|
-
|
|
47
|
-
Exception: you may ask clarifying questions about the user's prompt before exploring, ONLY if there are obvious ambiguities or contradictions in the prompt itself. However, if ambiguity might be resolved by exploring, always prefer exploring first.
|
|
48
|
-
|
|
49
|
-
Do not ask questions that can be answered from the repo or system (for example, "where is this struct?" or "which UI component should we use?" when exploration can make it clear). Only ask once you have exhausted reasonable non-mutating exploration.
|
|
50
|
-
|
|
51
|
-
## PHASE 2 - Intent chat (what they actually want)
|
|
52
|
-
|
|
53
|
-
* Keep asking until you can clearly state: goal + success criteria, audience, in/out of scope, constraints, current state, and the key preferences/tradeoffs.
|
|
54
|
-
* Bias toward questions over guessing: if any high-impact ambiguity remains, do NOT plan yet-ask.
|
|
55
|
-
|
|
56
|
-
## PHASE 3 - Implementation chat (what/how we'll build)
|
|
57
|
-
|
|
58
|
-
* Once intent is stable, keep asking until the spec is decision complete: approach, interfaces (APIs/schemas/I/O), data flow, edge cases/failure modes, testing + acceptance criteria, rollout/monitoring, and any migrations/compat constraints.
|
|
59
|
-
|
|
60
|
-
## Asking questions
|
|
61
|
-
|
|
62
|
-
Critical rules:
|
|
63
|
-
|
|
64
|
-
* Strongly prefer using the \`request_user_input\` tool to ask any questions.
|
|
65
|
-
* Offer only meaningful multiple-choice options; don't include filler choices that are obviously wrong or irrelevant.
|
|
66
|
-
* In rare cases where an unavoidable, important question can't be expressed with reasonable multiple-choice options (due to extreme ambiguity), you may ask it directly without the tool.
|
|
67
|
-
|
|
68
|
-
You SHOULD ask many questions, but each question must:
|
|
69
|
-
|
|
70
|
-
* materially change the spec/plan, OR
|
|
71
|
-
* confirm/lock an assumption, OR
|
|
72
|
-
* choose between meaningful tradeoffs.
|
|
73
|
-
* not be answerable by non-mutating commands.
|
|
74
|
-
|
|
75
|
-
Use the \`request_user_input\` tool only for decisions that materially change the plan, for confirming important assumptions, or for information that cannot be discovered via non-mutating exploration.
|
|
76
|
-
|
|
77
|
-
## Two kinds of unknowns (treat differently)
|
|
78
|
-
|
|
79
|
-
1. **Discoverable facts** (repo/system truth): explore first.
|
|
80
|
-
|
|
81
|
-
* Before asking, run targeted searches and check likely sources of truth (configs/manifests/entrypoints/schemas/types/constants).
|
|
82
|
-
* Ask only if: multiple plausible candidates; nothing found but you need a missing identifier/context; or ambiguity is actually product intent.
|
|
83
|
-
* If asking, present concrete candidates (paths/service names) + recommend one.
|
|
84
|
-
* Never ask questions you can answer from your environment (e.g., "where is this struct").
|
|
85
|
-
|
|
86
|
-
2. **Preferences/tradeoffs** (not discoverable): ask early.
|
|
87
|
-
|
|
88
|
-
* These are intent or implementation preferences that cannot be derived from exploration.
|
|
89
|
-
* Provide 2-4 mutually exclusive options + a recommended default.
|
|
90
|
-
* If unanswered, proceed with the recommended option and record it as an assumption in the final plan.
|
|
91
|
-
|
|
92
|
-
## Finalization rule
|
|
93
|
-
|
|
94
|
-
Only output the final plan when it is decision complete and leaves no decisions to the implementer.
|
|
95
|
-
|
|
96
|
-
When you present the official plan, wrap it in a <proposed_plan> block so the client can render it specially:
|
|
97
|
-
|
|
98
|
-
1) The opening tag must be on its own line.
|
|
99
|
-
2) Start the plan content on the next line (no text on the same line as the tag).
|
|
100
|
-
3) The closing tag must be on its own line.
|
|
101
|
-
4) Use Markdown inside the block.
|
|
102
|
-
5) Keep the tags exactly as <proposed_plan> and </proposed_plan> (do not translate or rename them), even if the plan content is in another language.
|
|
103
|
-
|
|
104
|
-
Example:
|
|
105
|
-
|
|
106
|
-
<proposed_plan>
|
|
107
|
-
plan content
|
|
108
|
-
</proposed_plan>
|
|
109
|
-
|
|
110
|
-
plan content should be human and agent digestible. The final plan must be plan-only and include:
|
|
111
|
-
|
|
112
|
-
* A clear title
|
|
113
|
-
* A brief summary section
|
|
114
|
-
* Important changes or additions to public APIs/interfaces/types
|
|
115
|
-
* Test cases and scenarios
|
|
116
|
-
* Explicit assumptions and defaults chosen where needed
|
|
117
|
-
|
|
118
|
-
Do not ask "should I proceed?" in the final output. The user can easily switch out of Plan mode and request implementation if you have included a <proposed_plan> block in your response. Alternatively, they can decide to stay in Plan mode and continue refining the plan.
|
|
119
|
-
|
|
120
|
-
Only produce at most one <proposed_plan> block per turn, and only when you are presenting a complete spec.`;
|
|
13
|
+
Do not claim changes were implemented unless execution mode is explicitly enabled.`;
|
|
121
14
|
let codexPlanModeInstructions = CODEX_PLAN_MODE_INSTRUCTIONS_FALLBACK;
|
|
122
15
|
export function getCodexPlanModeInstructions() {
|
|
123
16
|
return codexPlanModeInstructions;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"collaboration.js","sourceRoot":"","sources":["../../../lib/codex-native/collaboration.ts"],"names":[],"mappings":"AAeA,MAAM,CAAC,MAAM,qCAAqC,GAAG
|
|
1
|
+
{"version":3,"file":"collaboration.js","sourceRoot":"","sources":["../../../lib/codex-native/collaboration.ts"],"names":[],"mappings":"AAeA,MAAM,CAAC,MAAM,qCAAqC,GAAG;;;;;;;;;;;;mFAY8B,CAAA;AAEnF,IAAI,yBAAyB,GAAG,qCAAqC,CAAA;AAErE,MAAM,UAAU,4BAA4B;IAC1C,OAAO,yBAAyB,CAAA;AAClC,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,IAAwB;IACnE,MAAM,OAAO,GAAG,IAAI,EAAE,IAAI,EAAE,CAAA;IAC5B,MAAM,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,qCAAqC,CAAA;IACxE,yBAAyB,GAAG,gCAAgC,CAAC,MAAM,CAAC,IAAI,MAAM,CAAA;AAChF,CAAC;AAED,MAAM,CAAC,MAAM,4BAA4B,GAAG,2BAA2B,CAAA;AAEvE,MAAM,CAAC,MAAM,+BAA+B,GAAG;;;;;;kLAMmI,CAAA;AAElL,MAAM,qBAAqB,GACzB,0HAA0H,CAAA;AAE5H,MAAM,sBAAsB,GAAoD;IAC9E,EAAE,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,EAAE;IACtD,EAAE,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,MAAM,EAAE;IACnD,EAAE,OAAO,EAAE,oBAAoB,EAAE,WAAW,EAAE,MAAM,EAAE;IACtD,EAAE,OAAO,EAAE,gBAAgB,EAAE,WAAW,EAAE,MAAM,EAAE;IAClD,EAAE,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,EAAE;IACrD,EAAE,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,EAAE;IACrD,EAAE,OAAO,EAAE,kBAAkB,EAAE,WAAW,EAAE,MAAM,EAAE;IACpD,EAAE,OAAO,EAAE,mBAAmB,EAAE,WAAW,EAAE,iBAAiB,EAAE;IAChE,EAAE,OAAO,EAAE,iBAAiB,EAAE,WAAW,EAAE,aAAa,EAAE;CAC3D,CAAA;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,OAAO,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAA;AAC7E,CAAC;AAED,SAAS,QAAQ,CAAC,KAAc;IAC9B,IAAI,OAAO,KAAK,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAA;IAC/C,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAA;IAC5B,OAAO,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CAAA;AACtC,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,KAAc;IACjD,MAAM,MAAM,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAA;IAC9B,IAAI,MAAM;QAAE,OAAO,MAAM,CAAA;IACzB,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,SAAS,CAAA;IACtC,OAAO,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,QAAQ,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;AACtD,CAAC;AAED,SAAS,kBAAkB,CAAC,SAAiB;IAC3C,OAAO,SAAS,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAA;AAC5D,CAAC;AAED,SAAS,iBAAiB,CAAC,mBAA2B;IACpD,OAAO,mBAAmB;SACvB,KAAK,CAAC,UAAU,CAAC;SACjB,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;SAC5B,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;AACxC,CAAC;AAED,SAAS,aAAa,CAAC,MAAgB;IACrC,OAAO,MAAM,CAAC,CAAC,CAAC,KAAK,OAAO,CAAA;AAC9B,CAAC;AAED,SAAS,aAAa,CAAC,MAAgB;IACrC,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,MAAM,CAAA;AACpD,CAAC;AAED,SAAS,qBAAqB,CAAC,MAAgB;IAC7C,OAAO,MAAM,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,CAAC,CAAC,KAAK,cAAc,CAAA;AAC5D,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,KAAc;IACxD,MAAM,IAAI,GAAG,oBAAoB,CAAC,KAAK,CAAC,CAAA;IACxC,IAAI,CAAC,IAAI;QAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAA;IAEpC,MAAM,mBAAmB,GAAG,kBAAkB,CAAC,IAAI,CAAC,CAAA;IACpD,MAAM,MAAM,GAAG,iBAAiB,CAAC,mBAAmB,CAAC,CAAA;IACrD,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAA;IAEvE,MAAM,WAAW,GAAG,aAAa,CAAC,MAAM,CAAC,CAAA;IACzC,MAAM,YAAY,GAAG,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAA;IAC1E,MAAM,oBAAoB,GAAG,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;IAE5D,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,YAAY,CAAC,CAAC,IAAI,CAAC,oBAAoB,EAAE,CAAC;QACtF,OAAO;YACL,OAAO,EAAE,IAAI;YACb,mBAAmB;YACnB,IAAI,EAAE,MAAM;YACZ,cAAc,EAAE,KAAK;YACrB,iBAAiB,EAAE,MAAM;SAC1B,CAAA;IACH,CAAC;IAED,IAAI,qBAAqB,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,oBAAoB,CAAC,EAAE,CAAC;QAC3E,OAAO;YACL,OAAO,EAAE,IAAI;YACb,mBAAmB;YACnB,IAAI,EAAE,MAAM;YACZ,cAAc,EAAE,IAAI;SACrB,CAAA;IACH,CAAC;IAED,IACE,WAAW;QACX,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CACpB,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,EAAE,iBAAiB,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAC7G,EACD,CAAC;QACD,OAAO;YACL,OAAO,EAAE,IAAI;YACb,mBAAmB;YACnB,IAAI,EAAE,MAAM;YACZ,cAAc,EAAE,KAAK;SACtB,CAAA;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAA;AAChD,CAAC;AAED,MAAM,UAAU,gCAAgC,CAC9C,IAAgC,EAChC,YAA6C;IAE7C,IAAI,IAAI,KAAK,MAAM;QAAE,OAAO,YAAY,CAAC,IAAI,CAAA;IAC7C,OAAO,YAAY,CAAC,IAAI,CAAA;AAC1B,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,YAAgC;IACtE,IAAI,CAAC,YAAY;QAAE,OAAO,KAAK,CAAA;IAC/B,OAAO,qBAAqB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAA;AACjD,CAAC;AAED,MAAM,UAAU,gCAAgC,CAAC,YAAgC;IAC/E,MAAM,UAAU,GAAG,YAAY,EAAE,IAAI,EAAE,CAAA;IACvC,IAAI,CAAC,UAAU;QAAE,OAAO,YAAY,CAAA;IACpC,IAAI,CAAC,uBAAuB,CAAC,UAAU,CAAC;QAAE,OAAO,YAAY,CAAA;IAE7D,IAAI,GAAG,GAAG,UAAU,CAAA;IACpB,KAAK,MAAM,WAAW,IAAI,sBAAsB,EAAE,CAAC;QACjD,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,OAAO,EAAE,WAAW,CAAC,WAAW,CAAC,CAAA;IACjE,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,IAAwB,EAAE,KAAa;IACvE,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,EAAE,CAAA;IACpC,IAAI,CAAC,eAAe;QAAE,OAAO,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAA;IAC/C,MAAM,cAAc,GAAG,IAAI,EAAE,IAAI,EAAE,CAAA;IACnC,IAAI,CAAC,cAAc;QAAE,OAAO,eAAe,CAAA;IAC3C,IAAI,cAAc,CAAC,QAAQ,CAAC,eAAe,CAAC;QAAE,OAAO,cAAc,CAAA;IACnE,OAAO,GAAG,cAAc,OAAO,eAAe,EAAE,CAAA;AAClD,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,YAAgC;IACzE,IAAI,CAAC,YAAY;QAAE,OAAO,KAAK,CAAA;IAC/B,MAAM,UAAU,GAAG,YAAY,CAAC,IAAI,EAAE,CAAA;IACtC,IAAI,CAAC,UAAU;QAAE,OAAO,KAAK,CAAA;IAC7B,IAAI,UAAU,CAAC,QAAQ,CAAC,uFAAuF,CAAC,EAAE,CAAC;QACjH,OAAO,IAAI,CAAA;IACb,CAAC;IACD,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,cAAc,CAAC;QAAE,OAAO,KAAK,CAAA;IAEtD,MAAM,KAAK,GAAG,UAAU,CAAC,WAAW,EAAE,CAAA;IACtC,IAAI,iBAAiB,CAAC,IAAI,CAAC,KAAK,CAAC;QAAE,OAAO,IAAI,CAAA;IAE9C,MAAM,aAAa,GAAG;QACpB,+CAA+C;QAC/C,wFAAwF;KACzF,CAAA;IACD,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IAEvE,MAAM,aAAa,GAAG;QACpB,wFAAwF;QACxF,iKAAiK;QACjK,mLAAmL;QACnL,uCAAuC;QACvC,0CAA0C;QAC1C,qGAAqG;KACtG,CAAA;IACD,IAAI,aAAa,CAAC,IAAI,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,KAAK,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAAE,OAAO,IAAI,CAAA;IAEvE,OAAO,CACL,KAAK,CAAC,QAAQ,CAAC,uCAAuC,CAAC;QACvD,CAAC,KAAK,CAAC,QAAQ,CAAC,4BAA4B,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC;QACrF,KAAK,CAAC,QAAQ,CAAC,YAAY,CAAC,CAC7B,CAAA;AACH,CAAC;AAED,MAAM,UAAU,0BAA0B,CAAC,KAAc;IACvD,MAAM,OAAO,GAAG,2BAA2B,CAAC,KAAK,CAAC,CAAA;IAClD,MAAM,UAAU,GAAG,OAAO,CAAC,mBAAmB,CAAA;IAC9C,IAAI,CAAC,OAAO,CAAC,OAAO,IAAI,CAAC,UAAU,EAAE,CAAC;QACpC,OAAO,SAAS,CAAA;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,iBAAiB,CAAC,UAAU,CAAC,CAAA;IAC5C,MAAM,SAAS,GACb,aAAa,CAAC,MAAM,CAAC;QACrB,qBAAqB,CAAC,MAAM,CAAC;QAC7B,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,OAAO;YACpB,CAAC,MAAM,CAAC,QAAQ,CAAC,cAAc,CAAC;gBAC9B,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC1B,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACvB,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACvB,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC1B,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC;gBAC1B,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC;gBACvB,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAA;IAE1C,IAAI,SAAS;QAAE,OAAO,SAAS,CAAA;IAC/B,IAAI,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAAE,OAAO,QAAQ,CAAA;IAC9C,IAAI,MAAM,CAAC,QAAQ,CAAC,SAAS,CAAC,IAAI,MAAM,CAAC,QAAQ,CAAC,YAAY,CAAC,IAAI,UAAU,KAAK,YAAY,EAAE,CAAC;QAC/F,OAAO,SAAS,CAAA;IAClB,CAAC;IACD,OAAO,cAAc,CAAA;AACvB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-auth-methods.d.ts","sourceRoot":"","sources":["../../../lib/codex-native/oauth-auth-methods.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAClD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAGjD,OAAO,EAYL,KAAK,SAAS,EACd,KAAK,aAAa,EACnB,MAAM,kBAAkB,CAAA;AAEzB,KAAK,YAAY,GAAG;IAClB,IAAI,EAAE,SAAS,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,KAAK,YAAY,GAAG;IAClB,IAAI,EAAE,QAAQ,CAAA;CACf,CAAA;AAED,KAAK,mBAAmB,GAAG,YAAY,GAAG,YAAY,CAAA;AAEtD,KAAK,qBAAqB,GAAG;IAC3B,GAAG,EAAE,MAAM,CAAA;IACX,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,OAAO,CAAC,mBAAmB,CAAC,CAAA;CAC7C,CAAA;
|
|
1
|
+
{"version":3,"file":"oauth-auth-methods.d.ts","sourceRoot":"","sources":["../../../lib/codex-native/oauth-auth-methods.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAClD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAGjD,OAAO,EAYL,KAAK,SAAS,EACd,KAAK,aAAa,EACnB,MAAM,kBAAkB,CAAA;AAEzB,KAAK,YAAY,GAAG;IAClB,IAAI,EAAE,SAAS,CAAA;IACf,OAAO,EAAE,MAAM,CAAA;IACf,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,MAAM,CAAA;IACf,SAAS,CAAC,EAAE,MAAM,CAAA;CACnB,CAAA;AAED,KAAK,YAAY,GAAG;IAClB,IAAI,EAAE,QAAQ,CAAA;CACf,CAAA;AAED,KAAK,mBAAmB,GAAG,YAAY,GAAG,YAAY,CAAA;AAEtD,KAAK,qBAAqB,GAAG;IAC3B,GAAG,EAAE,MAAM,CAAA;IACX,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,MAAM,EAAE,MAAM,CAAA;IACd,QAAQ,EAAE,MAAM,OAAO,CAAC,mBAAmB,CAAC,CAAA;CAC7C,CAAA;AAcD,KAAK,cAAc,GAAG,KAAK,GAAG,MAAM,CAAA;AAEpC,KAAK,oBAAoB,GAAG;IAC1B,QAAQ,EAAE,cAAc,CAAA;IACxB,SAAS,EAAE,cAAc,CAAA;IACzB,sBAAsB,EAAE,CAAC,OAAO,EAAE;QAAE,SAAS,EAAE,OAAO,CAAA;KAAE,KAAK,OAAO,CAAC,cAAc,CAAC,CAAA;IACpF,gBAAgB,EAAE,MAAM,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IACxD,oBAAoB,EAAE,CAAC,IAAI,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc,KAAK,OAAO,CAAC,aAAa,CAAC,CAAA;IAC1G,uBAAuB,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,GAAG,OAAO,GAAG,OAAO,KAAK,IAAI,CAAA;IACzF,kBAAkB,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;IAC5D,WAAW,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAA;IAClC,eAAe,EAAE,MAAM,CAAA;IACvB,oBAAoB,EAAE,MAAM,CAAA;CAC7B,CAAA;AAED,KAAK,qBAAqB,GAAG;IAC3B,SAAS,EAAE,cAAc,CAAA;IACzB,kBAAkB,EAAE,CAAC,MAAM,EAAE,aAAa,KAAK,OAAO,CAAC,IAAI,CAAC,CAAA;CAC7D,CAAA;AAoBD,wBAAgB,2BAA2B,CAAC,IAAI,EAAE,oBAAoB,IACtD,SAAS,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,KAAG,OAAO,CAAC,qBAAqB,CAAC,CAqH/E;AAED,wBAAgB,4BAA4B,CAAC,IAAI,EAAE,qBAAqB,SACrD,OAAO,CAAC,qBAAqB,CAAC,CA6GhD"}
|
|
@@ -1,6 +1,18 @@
|
|
|
1
1
|
import { resolveRequestUserAgent } from "./client-identity.js";
|
|
2
2
|
import { resolveCodexOriginator } from "./originator.js";
|
|
3
3
|
import { buildAuthorizeUrl, CLIENT_ID, extractAccountId, fetchWithTimeout, generatePKCE, generateState, ISSUER, OAUTH_DEVICE_AUTH_TIMEOUT_MS, OAUTH_HTTP_TIMEOUT_MS, OAUTH_POLLING_SAFETY_MARGIN_MS, sleep } from "./oauth-utils.js";
|
|
4
|
+
function redactOAuthDisplayUrl(url) {
|
|
5
|
+
try {
|
|
6
|
+
const parsed = new URL(url);
|
|
7
|
+
if (parsed.searchParams.has("state")) {
|
|
8
|
+
parsed.searchParams.set("state", "[redacted]");
|
|
9
|
+
}
|
|
10
|
+
return parsed.toString();
|
|
11
|
+
}
|
|
12
|
+
catch {
|
|
13
|
+
return url;
|
|
14
|
+
}
|
|
15
|
+
}
|
|
4
16
|
function resolveDeviceAuthUserAgent(spoofMode) {
|
|
5
17
|
const originator = resolveCodexOriginator(spoofMode);
|
|
6
18
|
const userAgent = resolveRequestUserAgent(spoofMode, originator);
|
|
@@ -93,8 +105,10 @@ export function createBrowserOAuthAuthorize(deps) {
|
|
|
93
105
|
const authUrl = buildAuthorizeUrl(redirectUri, pkce, state, deps.spoofMode === "codex" ? "codex_cli_rs" : "opencode");
|
|
94
106
|
const callbackPromise = deps.waitForOAuthCallback(pkce, state, deps.authMode);
|
|
95
107
|
deps.openAuthUrl(authUrl);
|
|
108
|
+
const displayUrl = redactOAuthDisplayUrl(authUrl);
|
|
96
109
|
return {
|
|
97
110
|
url: authUrl,
|
|
111
|
+
displayUrl,
|
|
98
112
|
instructions: "Complete authorization in your browser. If you close the tab early, cancel (Ctrl+C) and retry.",
|
|
99
113
|
method: "auto",
|
|
100
114
|
callback: async () => {
|
|
@@ -104,10 +118,7 @@ export function createBrowserOAuthAuthorize(deps) {
|
|
|
104
118
|
await deps.persistOAuthTokens(tokens);
|
|
105
119
|
return toOAuthSuccess(tokens);
|
|
106
120
|
}
|
|
107
|
-
catch
|
|
108
|
-
if (error instanceof Error) {
|
|
109
|
-
// callback failures map to a generic failed result
|
|
110
|
-
}
|
|
121
|
+
catch {
|
|
111
122
|
authFailed = true;
|
|
112
123
|
return { type: "failed" };
|
|
113
124
|
}
|
|
@@ -139,6 +150,7 @@ export function createHeadlessOAuthAuthorize(deps) {
|
|
|
139
150
|
method: "auto",
|
|
140
151
|
async callback() {
|
|
141
152
|
const startedAt = Date.now();
|
|
153
|
+
let pollIntervalMs = interval;
|
|
142
154
|
while (true) {
|
|
143
155
|
if (Date.now() - startedAt > OAUTH_DEVICE_AUTH_TIMEOUT_MS) {
|
|
144
156
|
return { type: "failed" };
|
|
@@ -174,10 +186,28 @@ export function createHeadlessOAuthAuthorize(deps) {
|
|
|
174
186
|
await deps.persistOAuthTokens(tokens);
|
|
175
187
|
return toOAuthSuccess(tokens);
|
|
176
188
|
}
|
|
177
|
-
if (response.status
|
|
189
|
+
if (response.status === 400) {
|
|
190
|
+
try {
|
|
191
|
+
const payload = (await response.json());
|
|
192
|
+
const code = typeof payload.error === "string" ? payload.error : undefined;
|
|
193
|
+
if (code !== "authorization_pending" && code !== "slow_down") {
|
|
194
|
+
return { type: "failed" };
|
|
195
|
+
}
|
|
196
|
+
if (code === "slow_down") {
|
|
197
|
+
pollIntervalMs = Math.min(pollIntervalMs + interval, 30_000);
|
|
198
|
+
}
|
|
199
|
+
}
|
|
200
|
+
catch (error) {
|
|
201
|
+
return { type: "failed" };
|
|
202
|
+
}
|
|
203
|
+
}
|
|
204
|
+
else if (response.status === 403 || response.status === 404 || response.status === 429 || response.status >= 500) {
|
|
205
|
+
// recoverable poll result; continue until timeout
|
|
206
|
+
}
|
|
207
|
+
else {
|
|
178
208
|
return { type: "failed" };
|
|
179
209
|
}
|
|
180
|
-
await sleep(
|
|
210
|
+
await sleep(pollIntervalMs + OAUTH_POLLING_SAFETY_MARGIN_MS);
|
|
181
211
|
}
|
|
182
212
|
}
|
|
183
213
|
};
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-auth-methods.js","sourceRoot":"","sources":["../../../lib/codex-native/oauth-auth-methods.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAA;AAC9D,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAA;AACxD,OAAO,EACL,iBAAiB,EACjB,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,YAAY,EACZ,aAAa,EACb,MAAM,EACN,4BAA4B,EAC5B,qBAAqB,EACrB,8BAA8B,EAC9B,KAAK,EAGN,MAAM,kBAAkB,CAAA;
|
|
1
|
+
{"version":3,"file":"oauth-auth-methods.js","sourceRoot":"","sources":["../../../lib/codex-native/oauth-auth-methods.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,uBAAuB,EAAE,MAAM,sBAAsB,CAAA;AAC9D,OAAO,EAAE,sBAAsB,EAAE,MAAM,iBAAiB,CAAA;AACxD,OAAO,EACL,iBAAiB,EACjB,SAAS,EACT,gBAAgB,EAChB,gBAAgB,EAChB,YAAY,EACZ,aAAa,EACb,MAAM,EACN,4BAA4B,EAC5B,qBAAqB,EACrB,8BAA8B,EAC9B,KAAK,EAGN,MAAM,kBAAkB,CAAA;AAwBzB,SAAS,qBAAqB,CAAC,GAAW;IACxC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAA;QAC3B,IAAI,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;YACrC,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;QAChD,CAAC;QACD,OAAO,MAAM,CAAC,QAAQ,EAAE,CAAA;IAC1B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,GAAG,CAAA;IACZ,CAAC;AACH,CAAC;AAsBD,SAAS,0BAA0B,CAAC,SAAyB;IAC3D,MAAM,UAAU,GAAG,sBAAsB,CAAC,SAAS,CAAC,CAAA;IACpD,MAAM,SAAS,GAAG,uBAAuB,CAAC,SAAS,EAAE,UAAU,CAAC,CAAA;IAChE,IAAI,SAAS,KAAK,QAAQ;QAAE,OAAO,SAAS,CAAA;IAC5C,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IACzC,OAAO,MAAM,IAAI,SAAS,CAAA;AAC5B,CAAC;AAED,SAAS,cAAc,CAAC,MAAqB;IAC3C,OAAO;QACL,IAAI,EAAE,SAAS;QACf,OAAO,EAAE,MAAM,CAAC,aAAa;QAC7B,MAAM,EAAE,MAAM,CAAC,YAAY;QAC3B,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,IAAI;QACxD,SAAS,EAAE,gBAAgB,CAAC,MAAM,CAAC;KACpC,CAAA;AACH,CAAC;AAED,MAAM,UAAU,2BAA2B,CAAC,IAA0B;IACpE,OAAO,KAAK,EAAE,MAA+B,EAAkC,EAAE;QAC/E,MAAM,2BAA2B,GAAG,KAAK,IAAmC,EAAE;YAC5E,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAA;YACrD,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;YACjC,MAAM,KAAK,GAAG,aAAa,EAAE,CAAA;YAC7B,MAAM,OAAO,GAAG,iBAAiB,CAC/B,WAAW,EACX,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,SAAS,KAAK,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CACzD,CAAA;YACD,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAA;YAC7E,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;YACzB,MAAM,eAAe,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAA;YACxC,IAAI,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC9C,eAAe,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC,CAAA;YACzD,CAAC;YACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,YAAY,eAAe,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAA;YAChE,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,iFAAiF,CAAC,CAAA;YAEvG,IAAI,UAAU,GAAG,KAAK,CAAA;YACtB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,eAAe,CAAA;gBACpC,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAA;gBACrC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAA;gBAC5C,OAAO,MAAM,CAAA;YACf,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,UAAU,GAAG,IAAI,CAAA;gBACjB,MAAM,MAAM,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,sBAAsB,CAAA;gBAC9E,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,MAAM,MAAM,CAAC,CAAA;gBAC7D,OAAO,IAAI,CAAA;YACb,CAAC;oBAAS,CAAC;gBACT,IAAI,CAAC,uBAAuB,CAC1B,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,EAC7D,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CACjC,CAAA;YACH,CAAC;QACH,CAAC,CAAA;QAED,MAAM,6BAA6B,GAAG,KAAK,IAAoC,EAAE;YAC/E,IAAI,eAA0C,CAAA;YAC9C,OAAO,IAAI,EAAE,CAAC;gBACZ,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;gBACzE,IAAI,UAAU,KAAK,MAAM,EAAE,CAAC;oBAC1B,IAAI,CAAC,eAAe,EAAE,CAAC;wBACrB,OAAO;4BACL,GAAG,EAAE,EAAE;4BACP,MAAM,EAAE,MAAM;4BACd,YAAY,EAAE,kBAAkB;4BAChC,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;yBAC3C,CAAA;oBACH,CAAC;oBAED,MAAM,MAAM,GAAG,eAAe,CAAA;oBAC9B,OAAO;wBACL,GAAG,EAAE,EAAE;wBACP,MAAM,EAAE,MAAM;wBACd,YAAY,EAAE,EAAE;wBAChB,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC,cAAc,CAAC,MAAM,CAAC;qBAC7C,CAAA;gBACH,CAAC;gBAED,MAAM,MAAM,GAAG,MAAM,2BAA2B,EAAE,CAAA;gBAClD,IAAI,MAAM,EAAE,CAAC;oBACX,eAAe,GAAG,MAAM,CAAA;oBACxB,SAAQ;gBACV,CAAC;gBAED,OAAO;oBACL,GAAG,EAAE,EAAE;oBACP,MAAM,EAAE,MAAM;oBACd,YAAY,EAAE,uBAAuB;oBACrC,QAAQ,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;iBAC3C,CAAA;YACH,CAAC;QACH,CAAC,CAAA;QAED,IAAI,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,KAAK,GAAG,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACrG,OAAO,6BAA6B,EAAE,CAAA;QACxC,CAAC;QAED,MAAM,EAAE,WAAW,EAAE,GAAG,MAAM,IAAI,CAAC,gBAAgB,EAAE,CAAA;QACrD,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;QACjC,MAAM,KAAK,GAAG,aAAa,EAAE,CAAA;QAC7B,MAAM,OAAO,GAAG,iBAAiB,CAC/B,WAAW,EACX,IAAI,EACJ,KAAK,EACL,IAAI,CAAC,SAAS,KAAK,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,UAAU,CACzD,CAAA;QACD,MAAM,eAAe,GAAG,IAAI,CAAC,oBAAoB,CAAC,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,CAAA;QAC7E,IAAI,CAAC,WAAW,CAAC,OAAO,CAAC,CAAA;QACzB,MAAM,UAAU,GAAG,qBAAqB,CAAC,OAAO,CAAC,CAAA;QAEjD,OAAO;YACL,GAAG,EAAE,OAAO;YACZ,UAAU;YACV,YAAY,EAAE,gGAAgG;YAC9G,MAAM,EAAE,MAAM;YACd,QAAQ,EAAE,KAAK,IAAI,EAAE;gBACnB,IAAI,UAAU,GAAG,KAAK,CAAA;gBACtB,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,MAAM,eAAe,CAAA;oBACpC,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAA;oBACrC,OAAO,cAAc,CAAC,MAAM,CAAC,CAAA;gBAC/B,CAAC;gBAAC,MAAM,CAAC;oBACP,UAAU,GAAG,IAAI,CAAA;oBACjB,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;gBAC3B,CAAC;wBAAS,CAAC;oBACT,IAAI,CAAC,uBAAuB,CAC1B,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,EAC7D,UAAU,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,SAAS,CACjC,CAAA;gBACH,CAAC;YACH,CAAC;SACF,CAAA;IACH,CAAC,CAAA;AACH,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,IAA2B;IACtE,OAAO,KAAK,IAAoC,EAAE;QAChD,MAAM,cAAc,GAAG,MAAM,gBAAgB,CAC3C,GAAG,MAAM,mCAAmC,EAC5C;YACE,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,YAAY,EAAE,0BAA0B,CAAC,IAAI,CAAC,SAAS,CAAC;aACzD;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;SAC/C,EACD,qBAAqB,CACtB,CAAA;QAED,IAAI,CAAC,cAAc,CAAC,EAAE,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAA;QAC5D,CAAC;QAED,MAAM,UAAU,GAAG,CAAC,MAAM,cAAc,CAAC,IAAI,EAAE,CAI9C,CAAA;QAED,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAA;QAEvE,OAAO;YACL,GAAG,EAAE,GAAG,MAAM,eAAe;YAC7B,YAAY,EAAE,eAAe,UAAU,CAAC,SAAS,EAAE;YACnD,MAAM,EAAE,MAAM;YACd,KAAK,CAAC,QAAQ;gBACZ,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;gBAC5B,IAAI,cAAc,GAAG,QAAQ,CAAA;gBAC7B,OAAO,IAAI,EAAE,CAAC;oBACZ,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,4BAA4B,EAAE,CAAC;wBAC1D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;oBAC3B,CAAC;oBAED,MAAM,QAAQ,GAAG,MAAM,gBAAgB,CACrC,GAAG,MAAM,gCAAgC,EACzC;wBACE,MAAM,EAAE,MAAM;wBACd,OAAO,EAAE;4BACP,cAAc,EAAE,kBAAkB;4BAClC,YAAY,EAAE,0BAA0B,CAAC,IAAI,CAAC,SAAS,CAAC;yBACzD;wBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,cAAc,EAAE,UAAU,CAAC,cAAc;4BACzC,SAAS,EAAE,UAAU,CAAC,SAAS;yBAChC,CAAC;qBACH,EACD,qBAAqB,CACtB,CAAA;oBAED,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;wBAChB,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAGlC,CAAA;wBAED,MAAM,aAAa,GAAG,MAAM,gBAAgB,CAC1C,GAAG,MAAM,cAAc,EACvB;4BACE,MAAM,EAAE,MAAM;4BACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;4BAChE,IAAI,EAAE,IAAI,eAAe,CAAC;gCACxB,UAAU,EAAE,oBAAoB;gCAChC,IAAI,EAAE,IAAI,CAAC,kBAAkB;gCAC7B,YAAY,EAAE,GAAG,MAAM,sBAAsB;gCAC7C,SAAS,EAAE,SAAS;gCACpB,aAAa,EAAE,IAAI,CAAC,aAAa;6BAClC,CAAC,CAAC,QAAQ,EAAE;yBACd,EACD,qBAAqB,CACtB,CAAA;wBAED,IAAI,CAAC,aAAa,CAAC,EAAE,EAAE,CAAC;4BACtB,MAAM,IAAI,KAAK,CAAC,0BAA0B,aAAa,CAAC,MAAM,EAAE,CAAC,CAAA;wBACnE,CAAC;wBAED,MAAM,MAAM,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAAkB,CAAA;wBAC5D,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAA;wBACrC,OAAO,cAAc,CAAC,MAAM,CAAC,CAAA;oBAC/B,CAAC;oBAED,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;wBAC5B,IAAI,CAAC;4BACH,MAAM,OAAO,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAA;4BAClE,MAAM,IAAI,GAAG,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAA;4BAC1E,IAAI,IAAI,KAAK,uBAAuB,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;gCAC7D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;4BAC3B,CAAC;4BACD,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;gCACzB,cAAc,GAAG,IAAI,CAAC,GAAG,CAAC,cAAc,GAAG,QAAQ,EAAE,MAAM,CAAC,CAAA;4BAC9D,CAAC;wBACH,CAAC;wBAAC,OAAO,KAAK,EAAE,CAAC;4BACf,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;wBAC3B,CAAC;oBACH,CAAC;yBAAM,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC;wBACnH,kDAAkD;oBACpD,CAAC;yBAAM,CAAC;wBACN,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;oBAC3B,CAAC;oBAED,MAAM,KAAK,CAAC,cAAc,GAAG,8BAA8B,CAAC,CAAA;gBAC9D,CAAC;YACH,CAAC;SACF,CAAA;IACH,CAAC,CAAA;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-persistence.d.ts","sourceRoot":"","sources":["../../../lib/codex-native/oauth-persistence.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAiB,cAAc,EAAE,MAAM,aAAa,CAAA;AAEhE,OAAO,EAAoB,KAAK,aAAa,EAAE,MAAM,kBAAkB,CAAA;AAEvE,wBAAsB,yBAAyB,CAAC,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,
|
|
1
|
+
{"version":3,"file":"oauth-persistence.d.ts","sourceRoot":"","sources":["../../../lib/codex-native/oauth-persistence.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAiB,cAAc,EAAE,MAAM,aAAa,CAAA;AAEhE,OAAO,EAAoB,KAAK,aAAa,EAAE,MAAM,kBAAkB,CAAA;AAEvE,wBAAsB,yBAAyB,CAAC,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CA8B9G"}
|
|
@@ -17,6 +17,12 @@ export async function persistOAuthTokensForMode(tokens, authMode) {
|
|
|
17
17
|
lastUsed: now
|
|
18
18
|
};
|
|
19
19
|
await saveAuthStorage(undefined, async (authFile) => {
|
|
20
|
+
if (!authFile.openai || authFile.openai.type !== "oauth") {
|
|
21
|
+
authFile.openai = {
|
|
22
|
+
type: "oauth",
|
|
23
|
+
accounts: []
|
|
24
|
+
};
|
|
25
|
+
}
|
|
20
26
|
const domain = ensureOpenAIOAuthDomain(authFile, authMode);
|
|
21
27
|
const stored = upsertAccount(domain, { ...account, authTypes: [authMode] });
|
|
22
28
|
if (stored.identityKey) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-persistence.js","sourceRoot":"","sources":["../../../lib/codex-native/oauth-persistence.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAC5F,OAAO,EAAE,uBAAuB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAExE,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AAC7C,OAAO,EAAE,gBAAgB,EAAsB,MAAM,kBAAkB,CAAA;AAEvE,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,MAAqB,EAAE,QAAwB;IAC7F,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACtB,MAAM,OAAO,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,IAAI,CAAA;IACxD,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,YAAY,CAAC,CAAA;IAErE,MAAM,OAAO,GAAkB;QAC7B,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,MAAM,CAAC,aAAa;QAC7B,MAAM,EAAE,MAAM,CAAC,YAAY;QAC3B,OAAO;QACP,SAAS,EAAE,gBAAgB,CAAC,MAAM,CAAC;QACnC,KAAK,EAAE,sBAAsB,CAAC,MAAM,CAAC;QACrC,IAAI,EAAE,qBAAqB,CAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,GAAG;KACd,CAAA;IAED,MAAM,eAAe,CAAC,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE;QAClD,MAAM,MAAM,GAAG,uBAAuB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QAC1D,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;QAC3E,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,MAAM,CAAC,iBAAiB,GAAG,MAAM,CAAC,WAAW,CAAA;QAC/C,CAAC;QACD,OAAO,QAAQ,CAAA;IACjB,CAAC,CAAC,CAAA;AACJ,CAAC"}
|
|
1
|
+
{"version":3,"file":"oauth-persistence.js","sourceRoot":"","sources":["../../../lib/codex-native/oauth-persistence.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,sBAAsB,EAAE,qBAAqB,EAAE,cAAc,EAAE,MAAM,cAAc,CAAA;AAC5F,OAAO,EAAE,uBAAuB,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAExE,OAAO,EAAE,aAAa,EAAE,MAAM,eAAe,CAAA;AAC7C,OAAO,EAAE,gBAAgB,EAAsB,MAAM,kBAAkB,CAAA;AAEvE,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAAC,MAAqB,EAAE,QAAwB;IAC7F,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAA;IACtB,MAAM,OAAO,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,IAAI,CAAA;IACxD,MAAM,MAAM,GAAG,cAAc,CAAC,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,YAAY,CAAC,CAAA;IAErE,MAAM,OAAO,GAAkB;QAC7B,OAAO,EAAE,IAAI;QACb,OAAO,EAAE,MAAM,CAAC,aAAa;QAC7B,MAAM,EAAE,MAAM,CAAC,YAAY;QAC3B,OAAO;QACP,SAAS,EAAE,gBAAgB,CAAC,MAAM,CAAC;QACnC,KAAK,EAAE,sBAAsB,CAAC,MAAM,CAAC;QACrC,IAAI,EAAE,qBAAqB,CAAC,MAAM,CAAC;QACnC,QAAQ,EAAE,GAAG;KACd,CAAA;IAED,MAAM,eAAe,CAAC,SAAS,EAAE,KAAK,EAAE,QAAQ,EAAE,EAAE;QAClD,IAAI,CAAC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,MAAM,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;YACzD,QAAQ,CAAC,MAAM,GAAG;gBAChB,IAAI,EAAE,OAAO;gBACb,QAAQ,EAAE,EAAE;aACb,CAAA;QACH,CAAC;QACD,MAAM,MAAM,GAAG,uBAAuB,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAA;QAC1D,MAAM,MAAM,GAAG,aAAa,CAAC,MAAM,EAAE,EAAE,GAAG,OAAO,EAAE,SAAS,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAA;QAC3E,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,MAAM,CAAC,iBAAiB,GAAG,MAAM,CAAC,WAAW,CAAA;QAC/C,CAAC;QACD,OAAO,QAAQ,CAAA;IACjB,CAAC,CAAC,CAAA;AACJ,CAAC"}
|
|
@@ -14,6 +14,7 @@ type OAuthServerControllerInput<TPkce, TTokens> = {
|
|
|
14
14
|
composeCodexSuccessRedirectUrl: (tokens: TTokens) => string;
|
|
15
15
|
exchangeCodeForTokens: (code: string, redirectUri: string, pkce: TPkce) => Promise<TTokens>;
|
|
16
16
|
};
|
|
17
|
+
export declare function isLoopbackRemoteAddress(remoteAddress: string | undefined): boolean;
|
|
17
18
|
export declare function createOAuthServerController<TPkce, TTokens>(input: OAuthServerControllerInput<TPkce, TTokens>): {
|
|
18
19
|
isDebugEnabled: () => boolean;
|
|
19
20
|
emitDebug: (event: string, meta?: Record<string, unknown>) => void;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"oauth-server.d.ts","sourceRoot":"","sources":["../../../lib/codex-native/oauth-server.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAIjD,KAAK,qBAAqB,GAAG,SAAS,GAAG,OAAO,GAAG,OAAO,CAAA;AAE1D,KAAK,0BAA0B,CAAC,KAAK,EAAE,OAAO,IAAI;IAChD,IAAI,EAAE,MAAM,CAAA;IACZ,YAAY,EAAE,MAAM,CAAA;IACpB,cAAc,EAAE,MAAM,CAAA;IACtB,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,iBAAiB,EAAE,MAAM,CAAA;IACzB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,mBAAmB,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,CAAA;IAC9C,qBAAqB,EAAE,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,KAAK,MAAM,CAAA;IAC3D,8BAA8B,EAAE,CAAC,MAAM,EAAE,OAAO,KAAK,MAAM,CAAA;IAC3D,qBAAqB,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;CAC5F,CAAA;AA4FD,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,OAAO,EACxD,KAAK,EAAE,0BAA0B,CAAC,KAAK,EAAE,OAAO,CAAC,GAChD;IACD,cAAc,EAAE,MAAM,OAAO,CAAA;IAC7B,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAA;IAClE,KAAK,EAAE,MAAM,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC7C,IAAI,EAAE,MAAM,IAAI,CAAA;IAChB,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,KAAK,IAAI,CAAA;IACtE,eAAe,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;CAC5F,
|
|
1
|
+
{"version":3,"file":"oauth-server.d.ts","sourceRoot":"","sources":["../../../lib/codex-native/oauth-server.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAA;AAIjD,KAAK,qBAAqB,GAAG,SAAS,GAAG,OAAO,GAAG,OAAO,CAAA;AAE1D,KAAK,0BAA0B,CAAC,KAAK,EAAE,OAAO,IAAI;IAChD,IAAI,EAAE,MAAM,CAAA;IACZ,YAAY,EAAE,MAAM,CAAA;IACpB,cAAc,EAAE,MAAM,CAAA;IACtB,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,MAAM,CAAA;IACpB,iBAAiB,EAAE,MAAM,CAAA;IACzB,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,YAAY,CAAC,EAAE,MAAM,CAAA;IACrB,mBAAmB,EAAE,CAAC,KAAK,EAAE,MAAM,KAAK,MAAM,CAAA;IAC9C,qBAAqB,EAAE,CAAC,IAAI,EAAE,QAAQ,GAAG,OAAO,KAAK,MAAM,CAAA;IAC3D,8BAA8B,EAAE,CAAC,MAAM,EAAE,OAAO,KAAK,MAAM,CAAA;IAC3D,qBAAqB,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;CAC5F,CAAA;AA4FD,wBAAgB,uBAAuB,CAAC,aAAa,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAQlF;AA+BD,wBAAgB,2BAA2B,CAAC,KAAK,EAAE,OAAO,EACxD,KAAK,EAAE,0BAA0B,CAAC,KAAK,EAAE,OAAO,CAAC,GAChD;IACD,cAAc,EAAE,MAAM,OAAO,CAAA;IAC7B,SAAS,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,IAAI,CAAA;IAClE,KAAK,EAAE,MAAM,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;IAC7C,IAAI,EAAE,MAAM,IAAI,CAAA;IAChB,YAAY,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,qBAAqB,KAAK,IAAI,CAAA;IACtE,eAAe,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,cAAc,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;CAC5F,CA2VA"}
|
|
@@ -78,12 +78,53 @@ function rotateDebugLogIfNeeded(debugLogFile, maxBytes) {
|
|
|
78
78
|
// ignore when file does not exist or cannot be inspected
|
|
79
79
|
}
|
|
80
80
|
}
|
|
81
|
+
export function isLoopbackRemoteAddress(remoteAddress) {
|
|
82
|
+
if (!remoteAddress)
|
|
83
|
+
return false;
|
|
84
|
+
const normalized = remoteAddress.split("%")[0]?.toLowerCase();
|
|
85
|
+
if (!normalized)
|
|
86
|
+
return false;
|
|
87
|
+
if (normalized === "::1")
|
|
88
|
+
return true;
|
|
89
|
+
if (normalized.startsWith("127."))
|
|
90
|
+
return true;
|
|
91
|
+
if (normalized.startsWith("::ffff:127."))
|
|
92
|
+
return true;
|
|
93
|
+
return false;
|
|
94
|
+
}
|
|
95
|
+
function resolveListenHosts(loopbackHost) {
|
|
96
|
+
const normalized = loopbackHost.trim().toLowerCase();
|
|
97
|
+
if (normalized === "localhost") {
|
|
98
|
+
return ["localhost", "127.0.0.1", "::1"];
|
|
99
|
+
}
|
|
100
|
+
return [loopbackHost];
|
|
101
|
+
}
|
|
102
|
+
function shouldRetryListenWithFallback(error) {
|
|
103
|
+
return (isFsErrorCode(error, "EADDRNOTAVAIL") ||
|
|
104
|
+
isFsErrorCode(error, "EAFNOSUPPORT") ||
|
|
105
|
+
isFsErrorCode(error, "ENOTFOUND"));
|
|
106
|
+
}
|
|
107
|
+
function rewriteCallbackUriHost(callbackUri, host) {
|
|
108
|
+
try {
|
|
109
|
+
const url = new URL(callbackUri);
|
|
110
|
+
url.hostname = host;
|
|
111
|
+
return url.toString();
|
|
112
|
+
}
|
|
113
|
+
catch (error) {
|
|
114
|
+
if (error instanceof Error) {
|
|
115
|
+
// fallback to configured callback URI when URL parsing fails
|
|
116
|
+
}
|
|
117
|
+
return callbackUri;
|
|
118
|
+
}
|
|
119
|
+
}
|
|
81
120
|
export function createOAuthServerController(input) {
|
|
82
121
|
const debugLogDir = input.debugLogDir ?? defaultCodexPluginLogsPath();
|
|
83
122
|
const debugLogFile = input.debugLogFile ?? path.join(debugLogDir, "oauth-lifecycle.log");
|
|
84
123
|
const debugLogMaxBytes = resolveDebugLogMaxBytes();
|
|
85
124
|
let oauthServer;
|
|
125
|
+
let activeRedirectUri = input.callbackUri;
|
|
86
126
|
let pendingOAuth;
|
|
127
|
+
let lastErrorState;
|
|
87
128
|
let oauthServerCloseTimer;
|
|
88
129
|
function isDebugEnabled() {
|
|
89
130
|
const raw = process.env.CODEX_AUTH_DEBUG?.trim().toLowerCase();
|
|
@@ -128,20 +169,6 @@ export function createOAuthServerController(input) {
|
|
|
128
169
|
clearTimeout(oauthServerCloseTimer);
|
|
129
170
|
oauthServerCloseTimer = undefined;
|
|
130
171
|
}
|
|
131
|
-
function isLoopbackRemoteAddress(remoteAddress) {
|
|
132
|
-
if (!remoteAddress)
|
|
133
|
-
return false;
|
|
134
|
-
const normalized = remoteAddress.split("%")[0]?.toLowerCase();
|
|
135
|
-
if (!normalized)
|
|
136
|
-
return false;
|
|
137
|
-
if (normalized === "::1")
|
|
138
|
-
return true;
|
|
139
|
-
if (normalized.startsWith("127."))
|
|
140
|
-
return true;
|
|
141
|
-
if (normalized.startsWith("::ffff:127."))
|
|
142
|
-
return true;
|
|
143
|
-
return false;
|
|
144
|
-
}
|
|
145
172
|
function setResponseHeaders(res, options) {
|
|
146
173
|
res.setHeader("Cache-Control", "no-store");
|
|
147
174
|
res.setHeader("Pragma", "no-cache");
|
|
@@ -158,10 +185,10 @@ export function createOAuthServerController(input) {
|
|
|
158
185
|
clearCloseTimer();
|
|
159
186
|
if (oauthServer) {
|
|
160
187
|
emitDebug("server_reuse", { port: input.port });
|
|
161
|
-
return { redirectUri:
|
|
188
|
+
return { redirectUri: activeRedirectUri };
|
|
162
189
|
}
|
|
163
190
|
emitDebug("server_starting", { port: input.port });
|
|
164
|
-
oauthServer = http.createServer((req, res) => {
|
|
191
|
+
oauthServer = http.createServer(async (req, res) => {
|
|
165
192
|
try {
|
|
166
193
|
if (!isLoopbackRemoteAddress(req.socket.remoteAddress)) {
|
|
167
194
|
emitDebug("callback_rejected_non_loopback", {
|
|
@@ -194,38 +221,41 @@ export function createOAuthServerController(input) {
|
|
|
194
221
|
hasState: Boolean(state),
|
|
195
222
|
hasError: Boolean(error)
|
|
196
223
|
});
|
|
224
|
+
if (!pendingOAuth || state !== pendingOAuth.state) {
|
|
225
|
+
if (error && state && state === lastErrorState) {
|
|
226
|
+
const errorMsg = errorDescription || error;
|
|
227
|
+
emitDebug("callback_error", { reason: errorMsg });
|
|
228
|
+
sendHtml(200, input.buildOAuthErrorHtml(errorMsg));
|
|
229
|
+
return;
|
|
230
|
+
}
|
|
231
|
+
const errorMsg = "Invalid state - potential CSRF attack";
|
|
232
|
+
emitDebug("callback_error", { reason: errorMsg });
|
|
233
|
+
sendHtml(400, input.buildOAuthErrorHtml(errorMsg));
|
|
234
|
+
return;
|
|
235
|
+
}
|
|
236
|
+
const current = pendingOAuth;
|
|
197
237
|
if (error) {
|
|
198
238
|
const errorMsg = errorDescription || error;
|
|
199
239
|
emitDebug("callback_error", { reason: errorMsg });
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
}
|
|
240
|
+
current.reject(new Error(errorMsg));
|
|
241
|
+
lastErrorState = state ?? undefined;
|
|
242
|
+
pendingOAuth = undefined;
|
|
204
243
|
sendHtml(200, input.buildOAuthErrorHtml(errorMsg));
|
|
205
244
|
return;
|
|
206
245
|
}
|
|
207
246
|
if (!code) {
|
|
208
247
|
const errorMsg = "Missing authorization code";
|
|
209
248
|
emitDebug("callback_error", { reason: errorMsg });
|
|
210
|
-
|
|
211
|
-
|
|
212
|
-
pendingOAuth = undefined;
|
|
213
|
-
}
|
|
249
|
+
current.reject(new Error(errorMsg));
|
|
250
|
+
pendingOAuth = undefined;
|
|
214
251
|
sendHtml(400, input.buildOAuthErrorHtml(errorMsg));
|
|
215
252
|
return;
|
|
216
253
|
}
|
|
217
|
-
if (!pendingOAuth || state !== pendingOAuth.state) {
|
|
218
|
-
const errorMsg = "Invalid state - potential CSRF attack";
|
|
219
|
-
emitDebug("callback_error", { reason: errorMsg });
|
|
220
|
-
sendHtml(400, input.buildOAuthErrorHtml(errorMsg));
|
|
221
|
-
return;
|
|
222
|
-
}
|
|
223
|
-
const current = pendingOAuth;
|
|
224
254
|
pendingOAuth = undefined;
|
|
255
|
+
lastErrorState = undefined;
|
|
225
256
|
emitDebug("token_exchange_start", { authMode: current.authMode });
|
|
226
|
-
|
|
227
|
-
.exchangeCodeForTokens(code,
|
|
228
|
-
.then((tokens) => {
|
|
257
|
+
try {
|
|
258
|
+
const tokens = await input.exchangeCodeForTokens(code, activeRedirectUri, current.pkce);
|
|
229
259
|
current.resolve(tokens);
|
|
230
260
|
emitDebug("token_exchange_success", { authMode: current.authMode });
|
|
231
261
|
if (res.writableEnded)
|
|
@@ -235,15 +265,15 @@ export function createOAuthServerController(input) {
|
|
|
235
265
|
return;
|
|
236
266
|
}
|
|
237
267
|
sendHtml(200, input.buildOAuthSuccessHtml("native"));
|
|
238
|
-
}
|
|
239
|
-
|
|
268
|
+
}
|
|
269
|
+
catch (err) {
|
|
240
270
|
const oauthError = err instanceof Error ? err : new Error(String(err));
|
|
241
271
|
current.reject(oauthError);
|
|
242
272
|
emitDebug("token_exchange_error", { error: oauthError.message });
|
|
243
273
|
if (res.writableEnded)
|
|
244
274
|
return;
|
|
245
275
|
sendHtml(500, input.buildOAuthErrorHtml("OAuth token exchange failed"));
|
|
246
|
-
}
|
|
276
|
+
}
|
|
247
277
|
return;
|
|
248
278
|
}
|
|
249
279
|
if (url.pathname === "/success") {
|
|
@@ -283,11 +313,49 @@ export function createOAuthServerController(input) {
|
|
|
283
313
|
}
|
|
284
314
|
});
|
|
285
315
|
try {
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
|
|
290
|
-
|
|
316
|
+
const listenHosts = resolveListenHosts(input.loopbackHost);
|
|
317
|
+
let boundHost;
|
|
318
|
+
let lastListenError;
|
|
319
|
+
for (const host of listenHosts) {
|
|
320
|
+
try {
|
|
321
|
+
await new Promise((resolve, reject) => {
|
|
322
|
+
const server = oauthServer;
|
|
323
|
+
if (!server) {
|
|
324
|
+
reject(new Error("OAuth server was not initialized"));
|
|
325
|
+
return;
|
|
326
|
+
}
|
|
327
|
+
const onError = (error) => {
|
|
328
|
+
server.off("listening", onListening);
|
|
329
|
+
reject(error);
|
|
330
|
+
};
|
|
331
|
+
const onListening = () => {
|
|
332
|
+
server.off("error", onError);
|
|
333
|
+
resolve();
|
|
334
|
+
};
|
|
335
|
+
server.once("error", onError);
|
|
336
|
+
server.once("listening", onListening);
|
|
337
|
+
server.listen(input.port, host);
|
|
338
|
+
});
|
|
339
|
+
boundHost = host;
|
|
340
|
+
activeRedirectUri = rewriteCallbackUriHost(input.callbackUri, host);
|
|
341
|
+
break;
|
|
342
|
+
}
|
|
343
|
+
catch (error) {
|
|
344
|
+
lastListenError = error;
|
|
345
|
+
emitDebug("server_listen_attempt_failed", {
|
|
346
|
+
port: input.port,
|
|
347
|
+
host,
|
|
348
|
+
error: error instanceof Error ? error.message : String(error)
|
|
349
|
+
});
|
|
350
|
+
if (!shouldRetryListenWithFallback(error)) {
|
|
351
|
+
throw error;
|
|
352
|
+
}
|
|
353
|
+
}
|
|
354
|
+
}
|
|
355
|
+
if (!boundHost) {
|
|
356
|
+
throw (lastListenError ?? new Error("Failed to bind OAuth callback server"));
|
|
357
|
+
}
|
|
358
|
+
emitDebug("server_started", { port: input.port, host: boundHost, redirectUri: activeRedirectUri });
|
|
291
359
|
}
|
|
292
360
|
catch (error) {
|
|
293
361
|
emitDebug("server_start_error", {
|
|
@@ -306,13 +374,15 @@ export function createOAuthServerController(input) {
|
|
|
306
374
|
}
|
|
307
375
|
throw error;
|
|
308
376
|
}
|
|
309
|
-
return { redirectUri:
|
|
377
|
+
return { redirectUri: activeRedirectUri };
|
|
310
378
|
}
|
|
311
379
|
function stop() {
|
|
312
380
|
clearCloseTimer();
|
|
313
381
|
emitDebug("server_stopping", { hadPendingOAuth: Boolean(pendingOAuth) });
|
|
314
382
|
oauthServer?.close();
|
|
315
383
|
oauthServer = undefined;
|
|
384
|
+
activeRedirectUri = input.callbackUri;
|
|
385
|
+
lastErrorState = undefined;
|
|
316
386
|
emitDebug("server_stopped");
|
|
317
387
|
}
|
|
318
388
|
function scheduleStop(delayMs, reason) {
|
|
@@ -332,6 +402,7 @@ export function createOAuthServerController(input) {
|
|
|
332
402
|
if (pendingOAuth) {
|
|
333
403
|
return Promise.reject(new Error("Authorization already in progress"));
|
|
334
404
|
}
|
|
405
|
+
lastErrorState = undefined;
|
|
335
406
|
emitDebug("callback_wait_start", {
|
|
336
407
|
authMode,
|
|
337
408
|
stateTail: state.slice(-6)
|