@longrun-ai/codex-auth 0.1.0

package/LICENSE

@@ -0,0 +1,157 @@
+# GNU LESSER GENERAL PUBLIC LICENSE
+
+Version 3, 29 June 2007
+
+Copyright (C) 2007 Free Software Foundation, Inc.
+<https://fsf.org/>
+
+Everyone is permitted to copy and distribute verbatim copies of this
+license document, but changing it is not allowed.
+
+This version of the GNU Lesser General Public License incorporates the
+terms and conditions of version 3 of the GNU General Public License,
+supplemented by the additional permissions listed below.
+
+## 0. Additional Definitions.
+
+As used herein, "this License" refers to version 3 of the GNU Lesser
+General Public License, and the "GNU GPL" refers to version 3 of the
+GNU General Public License.
+
+"The Library" refers to a covered work governed by this License, other
+than an Application or a Combined Work as defined below.
+
+An "Application" is any work that makes use of an interface provided
+by the Library, but which is not otherwise based on the Library.
+Defining a subclass of a class defined by the Library is deemed a mode
+of using an interface provided by the Library.
+
+A "Combined Work" is a work produced by combining or linking an
+Application with the Library. The particular version of the Library
+with which the Combined Work was made is also called the "Linked
+Version".
+
+The "Minimal Corresponding Source" for a Combined Work means the
+Corresponding Source for the Combined Work, excluding any source code
+for portions of the Combined Work that, considered in isolation, are
+based on the Application, and not on the Linked Version.
+
+The "Corresponding Application Code" for a Combined Work means the
+object code and/or source code for the Application, including any data
+and utility programs needed for reproducing the Combined Work from the
+Application, but excluding the System Libraries of the Combined Work.
+
+## 1. Exception to Section 3 of the GNU GPL.
+
+You may convey a covered work under sections 3 and 4 of this License
+without being bound by section 3 of the GNU GPL.
+
+## 2. Conveying Modified Versions.
+
+If you modify a copy of the Library, and, in your modifications, a
+facility refers to a function or data to be supplied by an Application
+that uses the facility (other than as an argument passed when the
+facility is invoked), then you may convey a copy of the modified
+version:
+
+-   a) under this License, provided that you make a good faith effort
+    to ensure that, in the event an Application does not supply the
+    function or data, the facility still operates, and performs
+    whatever part of its purpose remains meaningful, or
+-   b) under the GNU GPL, with none of the additional permissions of
+    this License applicable to that copy.
+
+## 3. Object Code Incorporating Material from Library Header Files.
+
+The object code form of an Application may incorporate material from a
+header file that is part of the Library. You may convey such object
+code under terms of your choice, provided that, if the incorporated
+material is not limited to numerical parameters, data structure
+layouts and accessors, or small macros, inline functions and templates
+(ten or fewer lines in length), you do both of the following:
+
+-   a) Give prominent notice with each copy of the object code that
+    the Library is used in it and that the Library and its use are
+    covered by this License.
+-   b) Accompany the object code with a copy of the GNU GPL and this
+    license document.
+
+## 4. Combined Works.
+
+You may convey a Combined Work under terms of your choice that, taken
+together, effectively do not restrict modification of the portions of
+the Library contained in the Combined Work and reverse engineering for
+debugging such modifications, if you also do each of the following:
+
+-   a) Give prominent notice with each copy of the Combined Work that
+    the Library is used in it and that the Library and its use are
+    covered by this License.
+-   b) Accompany the Combined Work with a copy of the GNU GPL and this
+    license document.
+-   c) For a Combined Work that displays copyright notices during
+    execution, include the copyright notice for the Library among
+    these notices, as well as a reference directing the user to the
+    copies of the GNU GPL and this license document.
+-   d) Do one of the following:
+    -   0) Convey the Minimal Corresponding Source under the terms of
+        this License, and the Corresponding Application Code in a form
+        suitable for, and under terms that permit, the user to
+        recombine or relink the Application with a modified version of
+        the Linked Version to produce a modified Combined Work, in the
+        manner specified by section 6 of the GNU GPL for conveying
+        Corresponding Source.
+    -   1) Use a suitable shared library mechanism for linking with
+        the Library. A suitable mechanism is one that (a) uses at run
+        time a copy of the Library already present on the user's
+        computer system, and (b) will operate properly with a modified
+        version of the Library that is interface-compatible with the
+        Linked Version.
+-   e) Provide Installation Information, but only if you would
+    otherwise be required to provide such information under section 6
+    of the GNU GPL, and only to the extent that such information is
+    necessary to install and execute a modified version of the
+    Combined Work produced by recombining or relinking the Application
+    with a modified version of the Linked Version. (If you use option
+    4d0, the Installation Information must accompany the Minimal
+    Corresponding Source and Corresponding Application Code. If you
+    use option 4d1, you must provide the Installation Information in
+    the manner specified by section 6 of the GNU GPL for conveying
+    Corresponding Source.)
+
+## 5. Combined Libraries.
+
+You may place library facilities that are a work based on the Library
+side by side in a single library together with other library
+facilities that are not Applications and are not covered by this
+License, and convey such a combined library under terms of your
+choice, if you do both of the following:
+
+-   a) Accompany the combined library with a copy of the same work
+    based on the Library, uncombined with any other library
+    facilities, conveyed under the terms of this License.
+-   b) Give prominent notice with the combined library that part of it
+    is a work based on the Library, and explaining where to find the
+    accompanying uncombined form of the same work.
+
+## 6. Revised Versions of the GNU Lesser General Public License.
+
+The Free Software Foundation may publish revised and/or new versions
+of the GNU Lesser General Public License from time to time. Such new
+versions will be similar in spirit to the present version, but may
+differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Library
+as you received it specifies that a certain numbered version of the
+GNU Lesser General Public License "or any later version" applies to
+it, you have the option of following the terms and conditions either
+of that published version or of any later version published by the
+Free Software Foundation. If the Library as you received it does not
+specify a version number of the GNU Lesser General Public License, you
+may choose any version of the GNU Lesser General Public License ever
+published by the Free Software Foundation.
+
+If the Library as you received it specifies that a proxy can decide
+whether future versions of the GNU Lesser General Public License shall
+apply, that proxy's public statement of acceptance of any version is
+permanent authorization for you to choose that version for the
+Library.

package/README.md

@@ -0,0 +1,148 @@
+# codex-auth
+
+Node-friendly helpers for ChatGPT OAuth that are compatible with Codex
+`auth.json` storage.
+
+## Install
+
+```sh
+pnpm add @longrun-ai/codex-auth
+```
+
+## Library Usage
+
+```ts
+import {
+  AuthManager,
+  createChatGptClientFromManager,
+  createChatGptStartRequest,
+  runLoginServer,
+} from '@longrun-ai/codex-auth';
+
+const manager = new AuthManager();
+const auth = await manager.auth();
+
+if (!auth) {
+  const server = await runLoginServer({ openBrowser: true });
+  console.log(`Open this URL if your browser did not open: ${server.authUrl}`);
+  await server.waitForCompletion();
+}
+
+const client = await createChatGptClientFromManager(manager);
+const payload = createChatGptStartRequest({
+  model: 'gpt-5.2-codex',
+  instructions: 'You are Codex CLI.',
+  userText: 'hello',
+});
+const response = await client.responses(payload);
+const raw = await response.text();
+console.log(raw);
+```
+
+Continue a conversation from stored history:
+
+```ts
+import { createChatGptContinuationRequest } from '@longrun-ai/codex-auth';
+
+const history = JSON.parse(historyJson);
+const followup = createChatGptContinuationRequest({
+  model: 'gpt-5.2-codex',
+  instructions: 'You are Codex CLI.',
+  history,
+  userText: 'continue',
+});
+await client.trigger(followup, receiver);
+```
+
+`responses()` returns an SSE stream; parse each `data:` payload as
+`ChatGptResponsesStreamEvent`.
+
+```ts
+import type { ChatGptEventReceiver, ChatGptResponsesStreamEvent } from '@longrun-ai/codex-auth';
+
+const receiver: ChatGptEventReceiver = {
+  onEvent(event: ChatGptResponsesStreamEvent) {
+    switch (event.type) {
+      case 'response.created':
+        console.log('created', event.response.id);
+        break;
+      case 'response.completed':
+        console.log('completed', event.response.id);
+        break;
+      case 'response.output_text.delta':
+        process.stdout.write(event.delta);
+        break;
+      default: {
+        const _exhaustive: never = event;
+        return _exhaustive;
+      }
+    }
+  },
+};
+```
+
+Use the receiver with the streaming helper:
+
+```ts
+await client.trigger(payload, receiver);
+```
+
+Device code flow (headless):
+
+```ts
+import { runDeviceCodeLogin } from 'codex-auth';
+
+await runDeviceCodeLogin({
+  onDeviceCode: (code) => {
+    console.log('Visit:', code.verificationUrl);
+    console.log('User code:', code.userCode);
+  },
+});
+```
+
+## Auth Doctor (CLI)
+
+The package ships a CLI that inspects `auth.json` and reports status.
+It runs a ChatGPT chat probe unless `--no-verify` is used.
+
+```sh
+pnpm dlx @longrun-ai/codex-auth --json
+```
+
+Refresh tokens (if available):
+
+```sh
+pnpm dlx @longrun-ai/codex-auth --refresh
+```
+
+Skip the verification request (no LLM call):
+
+```sh
+pnpm dlx @longrun-ai/codex-auth --no-verify
+```
+
+Dump SSE events from the verification request:
+
+```sh
+pnpm dlx @longrun-ai/codex-auth --verbose
+```
+
+Override model or base URL:
+
+```sh
+pnpm dlx @longrun-ai/codex-auth --model gpt-5.2-codex \
+  --chatgpt-base-url https://chatgpt.com/backend-api/
+```
+
+Override `CODEX_HOME`:
+
+```sh
+pnpm dlx @longrun-ai/codex-auth --codex-home /path/to/.codex
+```
+
+## Notes
+
+- Default `CODEX_HOME` is `~/.codex` unless overridden.
+- The CLI uses the same file schema as Codex Rust.
+- Proxy env vars are detected via `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`
+  (case-insensitive). If set, the verification request uses them.

package/dist/auth/manager.d.ts

@@ -0,0 +1,32 @@
+import { AuthCredentialsStoreMode, AuthState, TokenData } from './schema.js';
+export interface AuthManagerOptions {
+    codexHome?: string;
+    storeMode?: AuthCredentialsStoreMode;
+}
+export declare class AuthManager {
+    private readonly codexHome;
+    private readonly storeMode;
+    private cached;
+    constructor(options?: AuthManagerOptions);
+    authCached(): AuthState | null;
+    auth(): Promise<AuthState | null>;
+    reload(): boolean;
+    getToken(): string;
+    getTokenData(): TokenData;
+    getAccountId(): string | undefined;
+    createUnauthorizedRecovery(): UnauthorizedRecovery;
+    refreshToken(): Promise<void>;
+    refreshIfStale(): Promise<boolean>;
+    reloadIfAccountIdMatches(expectedAccountId?: string): boolean;
+    private loadAuthFromStorage;
+    private refreshTokens;
+}
+export declare class UnauthorizedRecovery {
+    private readonly manager;
+    private step;
+    private readonly expectedAccountId?;
+    constructor(manager: AuthManager);
+    hasNext(): boolean;
+    next(): Promise<void>;
+}
+//# sourceMappingURL=manager.d.ts.map

package/dist/auth/manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../../src/auth/manager.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,wBAAwB,EACxB,SAAS,EAET,SAAS,EACV,MAAM,aAAa,CAAC;AAGrB,MAAM,WAAW,kBAAkB;IACjC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,wBAAwB,CAAC;CACtC;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;IACnC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA2B;IACrD,OAAO,CAAC,MAAM,CAAmB;gBAErB,OAAO,GAAE,kBAAuB;IAM5C,UAAU,IAAI,SAAS,GAAG,IAAI;IAIxB,IAAI,IAAI,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IAcvC,MAAM,IAAI,OAAO;IAOjB,QAAQ,IAAI,MAAM;IAmBlB,YAAY,IAAI,SAAS;IAOzB,YAAY,IAAI,MAAM,GAAG,SAAS;IAIlC,0BAA0B,IAAI,oBAAoB;IAI5C,YAAY,IAAI,OAAO,CAAC,IAAI,CAAC;IAc7B,cAAc,IAAI,OAAO,CAAC,OAAO,CAAC;IAyBxC,wBAAwB,CAAC,iBAAiB,CAAC,EAAE,MAAM,GAAG,OAAO;IAe7D,OAAO,CAAC,mBAAmB;YAkCb,aAAa;CAY5B;AAED,qBAAa,oBAAoB;IAInB,OAAO,CAAC,QAAQ,CAAC,OAAO;IAHpC,OAAO,CAAC,IAAI,CAA2C;IACvD,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAS;gBAEf,OAAO,EAAE,WAAW;IAIjD,OAAO,IAAI,OAAO;IAQZ,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;CAqB5B"}

package/dist/auth/manager.js

@@ -0,0 +1,206 @@
+import { RefreshTokenError, tryRefreshToken } from '../oauth/refresh.js';
+import { parseIdToken } from '../oauth/tokenParsing.js';
+import { TOKEN_REFRESH_INTERVAL_DAYS, } from './schema.js';
+import { readAuthFile, resolveCodexHome, updateStoredTokens } from './storage.js';
+export class AuthManager {
+    codexHome;
+    storeMode;
+    cached;
+    constructor(options = {}) {
+        this.codexHome = resolveCodexHome(options.codexHome);
+        this.storeMode = options.storeMode ?? 'file';
+        this.cached = this.loadAuthFromStorage();
+    }
+    authCached() {
+        return this.cached;
+    }
+    async auth() {
+        if (!this.cached) {
+            return null;
+        }
+        try {
+            await this.refreshIfStale();
+        }
+        catch {
+            return this.cached;
+        }
+        return this.cached;
+    }
+    reload() {
+        const next = this.loadAuthFromStorage();
+        const changed = !authStatesEqual(this.cached, next);
+        this.cached = next;
+        return changed;
+    }
+    getToken() {
+        if (!this.cached) {
+            throw new Error('Token data is not available.');
+        }
+        if (this.cached.mode === 'api_key') {
+            if (!this.cached.apiKey) {
+                throw new Error('API key is not available.');
+            }
+            return this.cached.apiKey;
+        }
+        const token = this.cached.tokens?.accessToken;
+        if (!token) {
+            throw new Error('Token data is not available.');
+        }
+        return token;
+    }
+    getTokenData() {
+        if (!this.cached || this.cached.mode !== 'chatgpt' || !this.cached.tokens) {
+            throw new Error('Token data is not available.');
+        }
+        return this.cached.tokens;
+    }
+    getAccountId() {
+        return this.cached?.tokens?.accountId;
+    }
+    createUnauthorizedRecovery() {
+        return new UnauthorizedRecovery(this);
+    }
+    async refreshToken() {
+        if (!this.cached || this.cached.mode !== 'chatgpt') {
+            return;
+        }
+        const refreshToken = this.cached.tokens?.refreshToken;
+        if (!refreshToken) {
+            throw new RefreshTokenError('transient', 'Token data is not available.');
+        }
+        await this.refreshTokens(refreshToken);
+        this.reload();
+    }
+    async refreshIfStale() {
+        if (!this.cached || this.cached.mode !== 'chatgpt') {
+            return false;
+        }
+        const lastRefresh = this.cached.lastRefresh;
+        if (!lastRefresh) {
+            return false;
+        }
+        const cutoff = Date.now() - TOKEN_REFRESH_INTERVAL_DAYS * 24 * 60 * 60 * 1000;
+        if (lastRefresh.getTime() >= cutoff) {
+            return false;
+        }
+        const refreshToken = this.cached.tokens?.refreshToken;
+        if (!refreshToken) {
+            return false;
+        }
+        await this.refreshTokens(refreshToken);
+        this.reload();
+        return true;
+    }
+    reloadIfAccountIdMatches(expectedAccountId) {
+        if (!expectedAccountId) {
+            return false;
+        }
+        const next = this.loadAuthFromStorage();
+        const newAccountId = next?.tokens?.accountId;
+        if (newAccountId !== expectedAccountId) {
+            return false;
+        }
+        this.cached = next;
+        return true;
+    }
+    loadAuthFromStorage() {
+        const auth = readAuthFile(this.codexHome, this.storeMode);
+        if (!auth) {
+            return null;
+        }
+        if (auth.OPENAI_API_KEY) {
+            return {
+                mode: 'api_key',
+                apiKey: auth.OPENAI_API_KEY,
+                lastRefresh: parseLastRefresh(auth.last_refresh),
+                raw: auth,
+            };
+        }
+        if (auth.tokens) {
+            const idTokenInfo = parseIdToken(auth.tokens.id_token);
+            const tokens = {
+                idToken: idTokenInfo,
+                accessToken: auth.tokens.access_token,
+                refreshToken: auth.tokens.refresh_token,
+                accountId: auth.tokens.account_id ?? idTokenInfo.chatgpt_account_id,
+            };
+            return {
+                mode: 'chatgpt',
+                tokens,
+                lastRefresh: parseLastRefresh(auth.last_refresh),
+                raw: auth,
+            };
+        }
+        return null;
+    }
+    async refreshTokens(refreshToken) {
+        const refreshed = await tryRefreshToken(refreshToken);
+        updateStoredTokens(this.codexHome, {
+            idToken: refreshed.id_token ?? null,
+            accessToken: refreshed.access_token ?? null,
+            refreshToken: refreshed.refresh_token ?? null,
+        }, this.storeMode);
+    }
+}
+export class UnauthorizedRecovery {
+    manager;
+    step = 'reload';
+    expectedAccountId;
+    constructor(manager) {
+        this.manager = manager;
+        this.expectedAccountId = manager.getAccountId();
+    }
+    hasNext() {
+        const auth = this.manager.authCached();
+        if (!auth || auth.mode !== 'chatgpt') {
+            return false;
+        }
+        return this.step !== 'done';
+    }
+    async next() {
+        if (!this.hasNext()) {
+            throw new RefreshTokenError('permanent', 'No more recovery steps available.');
+        }
+        if (this.step === 'reload') {
+            const reloaded = this.manager.reloadIfAccountIdMatches(this.expectedAccountId);
+            if (reloaded) {
+                this.step = 'refresh';
+            }
+            else {
+                await this.manager.refreshToken();
+                this.step = 'done';
+            }
+            return;
+        }
+        if (this.step === 'refresh') {
+            await this.manager.refreshToken();
+            this.step = 'done';
+        }
+    }
+}
+function authStatesEqual(a, b) {
+    if (!a && !b) {
+        return true;
+    }
+    if (!a || !b) {
+        return false;
+    }
+    if (a.mode !== b.mode) {
+        return false;
+    }
+    if (a.mode === 'api_key') {
+        return a.apiKey === b.apiKey;
+    }
+    return a.tokens?.accessToken === b.tokens?.accessToken;
+}
+function parseLastRefresh(value) {
+    if (!value) {
+        return undefined;
+    }
+    const parsed = new Date(value);
+    if (Number.isNaN(parsed.getTime())) {
+        return undefined;
+    }
+    return parsed;
+}
+//# sourceMappingURL=manager.js.map

package/dist/auth/manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.js","sourceRoot":"","sources":["../../src/auth/manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,iBAAiB,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AACzE,OAAO,EAAE,YAAY,EAAE,MAAM,0BAA0B,CAAC;AACxD,OAAO,EAGL,2BAA2B,GAE5B,MAAM,aAAa,CAAC;AACrB,OAAO,EAAE,YAAY,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAOlF,MAAM,OAAO,WAAW;IACL,SAAS,CAAS;IAClB,SAAS,CAA2B;IAC7C,MAAM,CAAmB;IAEjC,YAAY,UAA8B,EAAE;QAC1C,IAAI,CAAC,SAAS,GAAG,gBAAgB,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACrD,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,SAAS,IAAI,MAAM,CAAC;QAC7C,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;IAC3C,CAAC;IAED,UAAU;QACR,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC9B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC,MAAM,CAAC;QACrB,CAAC;QAED,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,MAAM;QACJ,MAAM,IAAI,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACxC,MAAM,OAAO,GAAG,CAAC,eAAe,CAAC,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QACpD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,OAAO,OAAO,CAAC;IACjB,CAAC;IAED,QAAQ;QACN,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACnC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;YAC/C,CAAC;YACD,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;QAC5B,CAAC;QAED,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,WAAW,CAAC;QAC9C,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,YAAY;QACV,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;YAC1E,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC;IAC5B,CAAC;IAED,YAAY;QACV,OAAO,IAAI,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC;IACxC,CAAC;IAED,0BAA0B;QACxB,OAAO,IAAI,oBAAoB,CAAC,IAAI,CAAC,CAAC;IACxC,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACnD,OAAO;QACT,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC;QACtD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,iBAAiB,CAAC,WAAW,EAAE,8BAA8B,CAAC,CAAC;QAC3E,CAAC;QAED,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,EAAE,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,cAAc;QAClB,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACnD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;QAC5C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,2BAA2B,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC9E,IAAI,WAAW,CAAC,OAAO,EAAE,IAAI,MAAM,EAAE,CAAC;YACpC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC;QACtD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,EAAE,CAAC;QACd,OAAO,IAAI,CAAC;IACd,CAAC;IAED,wBAAwB,CAAC,iBAA0B;QACjD,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,IAAI,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;QACxC,MAAM,YAAY,GAAG,IAAI,EAAE,MAAM,EAAE,SAAS,CAAC;QAC7C,IAAI,YAAY,KAAK,iBAAiB,EAAE,CAAC;YACvC,OAAO,KAAK,CAAC;QACf,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,mBAAmB;QACzB,MAAM,IAAI,GAAG,YAAY,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;QAC1D,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,IAAI,CAAC;QACd,CAAC;QAED,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,MAAM,EAAE,IAAI,CAAC,cAAc;gBAC3B,WAAW,EAAE,gBAAgB,CAAC,IAAI,CAAC,YAAY,CAAC;gBAChD,GAAG,EAAE,IAAI;aACV,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;YACvD,MAAM,MAAM,GAAc;gBACxB,OAAO,EAAE,WAAW;gBACpB,WAAW,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;gBACrC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,aAAa;gBACvC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,UAAU,IAAI,WAAW,CAAC,kBAAkB;aACpE,CAAC;YACF,OAAO;gBACL,IAAI,EAAE,SAAS;gBACf,MAAM;gBACN,WAAW,EAAE,gBAAgB,CAAC,IAAI,CAAC,YAAY,CAAC;gBAChD,GAAG,EAAE,IAAI;aACV,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,KAAK,CAAC,aAAa,CAAC,YAAoB;QAC9C,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,YAAY,CAAC,CAAC;QACtD,kBAAkB,CAChB,IAAI,CAAC,SAAS,EACd;YACE,OAAO,EAAE,SAAS,CAAC,QAAQ,IAAI,IAAI;YACnC,WAAW,EAAE,SAAS,CAAC,YAAY,IAAI,IAAI;YAC3C,YAAY,EAAE,SAAS,CAAC,aAAa,IAAI,IAAI;SAC9C,EACD,IAAI,CAAC,SAAS,CACf,CAAC;IACJ,CAAC;CACF;AAED,MAAM,OAAO,oBAAoB;IAIF;IAHrB,IAAI,GAAkC,QAAQ,CAAC;IACtC,iBAAiB,CAAU;IAE5C,YAA6B,OAAoB;QAApB,YAAO,GAAP,OAAO,CAAa;QAC/C,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC;IAClD,CAAC;IAED,OAAO;QACL,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC;QACvC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACrC,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,CAAC;YACpB,MAAM,IAAI,iBAAiB,CAAC,WAAW,EAAE,mCAAmC,CAAC,CAAC;QAChF,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YAC3B,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,wBAAwB,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;YAC/E,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,CAAC,IAAI,GAAG,SAAS,CAAC;YACxB,CAAC;iBAAM,CAAC;gBACN,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;gBAClC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC;YACrB,CAAC;YACD,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;YAClC,IAAI,CAAC,IAAI,GAAG,MAAM,CAAC;QACrB,CAAC;IACH,CAAC;CACF;AAED,SAAS,eAAe,CAAC,CAAmB,EAAE,CAAmB;IAC/D,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACb,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;QACb,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,IAAI,EAAE,CAAC;QACtB,OAAO,KAAK,CAAC;IACf,CAAC;IACD,IAAI,CAAC,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QACzB,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM,CAAC;IAC/B,CAAC;IACD,OAAO,CAAC,CAAC,MAAM,EAAE,WAAW,KAAK,CAAC,CAAC,MAAM,EAAE,WAAW,CAAC;AACzD,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAyB;IACjD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC;IAC/B,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAAE,CAAC;QACnC,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/auth/schema.d.ts

@@ -0,0 +1,41 @@
+export declare const DEFAULT_ISSUER = "https://auth.openai.com";
+export declare const DEFAULT_CHATGPT_BASE_URL = "https://chatgpt.com/backend-api/";
+export declare const DEFAULT_LOGIN_PORT = 1455;
+export declare const CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
+export declare const DEFAULT_ORIGINATOR = "codex_cli_rs";
+export declare const CODEX_REFRESH_TOKEN_URL_OVERRIDE_ENV_VAR = "CODEX_REFRESH_TOKEN_URL_OVERRIDE";
+export declare const CODEX_INTERNAL_ORIGINATOR_OVERRIDE_ENV_VAR = "CODEX_INTERNAL_ORIGINATOR_OVERRIDE";
+export declare const TOKEN_REFRESH_INTERVAL_DAYS = 8;
+export type AuthCredentialsStoreMode = 'file';
+export interface TokenDataFile {
+    id_token: string;
+    access_token: string;
+    refresh_token: string;
+    account_id?: string;
+}
+export interface AuthDotJson {
+    OPENAI_API_KEY?: string;
+    tokens?: TokenDataFile;
+    last_refresh?: string;
+}
+export interface IdTokenInfo {
+    email?: string;
+    chatgpt_plan_type?: string;
+    chatgpt_account_id?: string;
+    raw_jwt: string;
+}
+export interface TokenData {
+    idToken: IdTokenInfo;
+    accessToken: string;
+    refreshToken: string;
+    accountId?: string;
+}
+export type AuthMode = 'api_key' | 'chatgpt';
+export interface AuthState {
+    mode: AuthMode;
+    apiKey?: string;
+    tokens?: TokenData;
+    lastRefresh?: Date;
+    raw: AuthDotJson;
+}
+//# sourceMappingURL=schema.d.ts.map

package/dist/auth/schema.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.d.ts","sourceRoot":"","sources":["../../src/auth/schema.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,cAAc,4BAA4B,CAAC;AACxD,eAAO,MAAM,wBAAwB,qCAAqC,CAAC;AAC3E,eAAO,MAAM,kBAAkB,OAAO,CAAC;AACvC,eAAO,MAAM,SAAS,iCAAiC,CAAC;AACxD,eAAO,MAAM,kBAAkB,iBAAiB,CAAC;AACjD,eAAO,MAAM,wCAAwC,qCAAqC,CAAC;AAC3F,eAAO,MAAM,0CAA0C,uCAAuC,CAAC;AAC/F,eAAO,MAAM,2BAA2B,IAAI,CAAC;AAE7C,MAAM,MAAM,wBAAwB,GAAG,MAAM,CAAC;AAE9C,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,aAAa,EAAE,MAAM,CAAC;IACtB,UAAU,CAAC,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,WAAW;IAC1B,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,MAAM,CAAC,EAAE,aAAa,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,kBAAkB,CAAC,EAAE,MAAM,CAAC;IAC5B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,SAAS;IACxB,OAAO,EAAE,WAAW,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,MAAM,QAAQ,GAAG,SAAS,GAAG,SAAS,CAAC;AAE7C,MAAM,WAAW,SAAS;IACxB,IAAI,EAAE,QAAQ,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,SAAS,CAAC;IACnB,WAAW,CAAC,EAAE,IAAI,CAAC;IACnB,GAAG,EAAE,WAAW,CAAC;CAClB"}

package/dist/auth/schema.js

@@ -0,0 +1,9 @@
+export const DEFAULT_ISSUER = 'https://auth.openai.com';
+export const DEFAULT_CHATGPT_BASE_URL = 'https://chatgpt.com/backend-api/';
+export const DEFAULT_LOGIN_PORT = 1455;
+export const CLIENT_ID = 'app_EMoamEEZ73f0CkXaXp7hrann';
+export const DEFAULT_ORIGINATOR = 'codex_cli_rs';
+export const CODEX_REFRESH_TOKEN_URL_OVERRIDE_ENV_VAR = 'CODEX_REFRESH_TOKEN_URL_OVERRIDE';
+export const CODEX_INTERNAL_ORIGINATOR_OVERRIDE_ENV_VAR = 'CODEX_INTERNAL_ORIGINATOR_OVERRIDE';
+export const TOKEN_REFRESH_INTERVAL_DAYS = 8;
+//# sourceMappingURL=schema.js.map

package/dist/auth/schema.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"schema.js","sourceRoot":"","sources":["../../src/auth/schema.ts"],"names":[],"mappings":"AAAA,MAAM,CAAC,MAAM,cAAc,GAAG,yBAAyB,CAAC;AACxD,MAAM,CAAC,MAAM,wBAAwB,GAAG,kCAAkC,CAAC;AAC3E,MAAM,CAAC,MAAM,kBAAkB,GAAG,IAAI,CAAC;AACvC,MAAM,CAAC,MAAM,SAAS,GAAG,8BAA8B,CAAC;AACxD,MAAM,CAAC,MAAM,kBAAkB,GAAG,cAAc,CAAC;AACjD,MAAM,CAAC,MAAM,wCAAwC,GAAG,kCAAkC,CAAC;AAC3F,MAAM,CAAC,MAAM,0CAA0C,GAAG,oCAAoC,CAAC;AAC/F,MAAM,CAAC,MAAM,2BAA2B,GAAG,CAAC,CAAC"}

package/dist/auth/storage.d.ts

@@ -0,0 +1,13 @@
+import { AuthCredentialsStoreMode, AuthDotJson } from './schema.js';
+export declare function resolveCodexHome(explicit?: string): string;
+export declare function authFilePath(codexHome: string): string;
+export declare function readAuthFile(codexHome: string, _storeMode?: AuthCredentialsStoreMode): AuthDotJson | null;
+export declare function writeAuthFile(codexHome: string, auth: AuthDotJson, _storeMode?: AuthCredentialsStoreMode): void;
+export declare function deleteAuthFile(codexHome: string, _storeMode?: AuthCredentialsStoreMode): boolean;
+export declare function persistTokens(codexHome: string, apiKey: string | undefined, idToken: string, accessToken: string, refreshToken: string, storeMode?: AuthCredentialsStoreMode): AuthDotJson;
+export declare function updateStoredTokens(codexHome: string, update: {
+    idToken?: string | null;
+    accessToken?: string | null;
+    refreshToken?: string | null;
+}, storeMode?: AuthCredentialsStoreMode): AuthDotJson;
+//# sourceMappingURL=storage.d.ts.map

package/dist/auth/storage.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../src/auth/storage.ts"],"names":[],"mappings":"AAKA,OAAO,EAAE,wBAAwB,EAAE,WAAW,EAAiB,MAAM,aAAa,CAAC;AAInF,wBAAgB,gBAAgB,CAAC,QAAQ,CAAC,EAAE,MAAM,GAAG,MAAM,CAc1D;AAED,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED,wBAAgB,YAAY,CAC1B,SAAS,EAAE,MAAM,EACjB,UAAU,GAAE,wBAAiC,GAC5C,WAAW,GAAG,IAAI,CAQpB;AAED,wBAAgB,aAAa,CAC3B,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,WAAW,EACjB,UAAU,GAAE,wBAAiC,GAC5C,IAAI,CAQN;AAED,wBAAgB,cAAc,CAC5B,SAAS,EAAE,MAAM,EACjB,UAAU,GAAE,wBAAiC,GAC5C,OAAO,CAOT;AAED,wBAAgB,aAAa,CAC3B,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,GAAG,SAAS,EAC1B,OAAO,EAAE,MAAM,EACf,WAAW,EAAE,MAAM,EACnB,YAAY,EAAE,MAAM,EACpB,SAAS,GAAE,wBAAiC,GAC3C,WAAW,CAeb;AAED,wBAAgB,kBAAkB,CAChC,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE;IACN,OAAO,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,WAAW,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IAC5B,YAAY,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;CAC9B,EACD,SAAS,GAAE,wBAAiC,GAC3C,WAAW,CA+Bb"}