@mewbleh/purrx 1.0.13 → 1.0.16

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mewbleh/purrx",
-  "version": "1.0.13",
+  "version": "1.0.16",
   "description": "purrx, a lightweight AI coding agent for your terminal",
   "type": "module",
   "main": "src/index.js",

package/src/api/client.js

@@ -1,4 +1,4 @@
-import { API_BASE, CHATGPT_BASE } from "../config.js";
+import { API_BASE, CHATGPT_BASE, CODEX_CLI_VERSION } from "../config.js";
 
 // Models that take the Responses API reasoning fields (gpt-5 family, o-series,
 // and codex variants). The official Codex client always sends a reasoning block
@@ -9,10 +9,13 @@ function isReasoningModel(model) {
 
 // Builds the request URL and headers for the resolved auth mode.
 //
-// The ChatGPT-codex header set mirrors the official Codex CLI
-// (codex-rs default_client + BearerAuthProvider + build_session_headers):
-//   Authorization, ChatGPT-Account-ID, originator, User-Agent,
-//   OpenAI-Beta, session-id.
+// IMPORTANT: For the ChatGPT-codex backend we deliberately send the MINIMAL
+// header set that the proven-working community proxy uses
+// (Authorization + ChatGPT-Account-ID + OpenAI-Beta). We do NOT send
+// `originator`/`version`/`session-id`: claiming to be the official Codex CLI
+// makes the backend apply stricter validation that rejects the request with a
+// misleading "model not supported" error. Set PURRX_CODEX_HEADERS=1 to opt into
+// the full Codex-style header set for experimentation.
 /**
  * @param {import("../types.js").AuthInfo} authInfo
  * @param {string} [sessionId]
@@ -25,14 +28,17 @@ function buildRequest(authInfo, sessionId) {
       "Content-Type": "application/json",
       Authorization: `Bearer ${authInfo.accessToken}`,
       "OpenAI-Beta": "responses=experimental",
-      originator: "codex_cli_rs",
-      "User-Agent": "codex_cli_rs/0.0.0 (purrx)",
     };
     if (authInfo.accountId) {
-      // Casing matches the official client (BearerAuthProvider).
-      headers["ChatGPT-Account-ID"] = authInfo.accountId;
+      headers["chatgpt-account-id"] = authInfo.accountId;
+    }
+    // Opt-in: full Codex-CLI-style headers (originator/version/session-id).
+    if (process.env.PURRX_CODEX_HEADERS) {
+      headers.originator = "codex_cli_rs";
+      headers.version = CODEX_CLI_VERSION;
+      headers["User-Agent"] = `codex_cli_rs/${CODEX_CLI_VERSION} (purrx)`;
+      if (sessionId) headers["session-id"] = sessionId;
     }
-    if (sessionId) headers["session-id"] = sessionId;
     return { url: `${CHATGPT_BASE}/responses`, headers };
   }
   // API-key mode.
@@ -65,31 +71,45 @@ export async function streamResponse(
   handlers = {}
 ) {
   const { url, headers } = buildRequest(authInfo, sessionId);
+  const isChatGpt = authInfo.mode === "chatgpt";
+
+  // Minimal body matching the proven-working community proxy: instructions,
+  // store, stream, plus input/tools. We avoid reasoning/include/prompt_cache_key
+  // and server-side tools (web_search) on the ChatGPT path, since those can
+  // trigger the backend's misleading "model not supported" rejection.
+  // Set PURRX_FULL_BODY=1 to send the richer Codex-style body.
+  const fullBody = !isChatGpt || process.env.PURRX_FULL_BODY;
 
-  // Request body matching the official Codex ResponsesApiRequest. These fields
-  // are always present in the real client; sending a stripped-down body is what
-  // triggers the backend's misleading "model is not supported" rejection.
   /** @type {Record<string, any>} */
   const payload = {
     model,
     instructions: instructions || "",
     input,
-    tool_choice: "auto",
-    parallel_tool_calls: false,
     store: false,
     stream: true,
-    include: [],
   };
 
-  if (isReasoningModel(model)) {
-    payload.reasoning = { effort: "medium", summary: "auto" };
-    payload.include = ["reasoning.encrypted_content"];
+  if (fullBody) {
+    payload.tool_choice = "auto";
+    payload.parallel_tool_calls = false;
+    payload.include = [];
+    if (isReasoningModel(model)) {
+      payload.reasoning = { effort: "medium", summary: "auto" };
+      payload.include = ["reasoning.encrypted_content"];
+    }
+    if (sessionId) payload.prompt_cache_key = sessionId;
   }
 
-  if (sessionId) payload.prompt_cache_key = sessionId;
-
   if (tools && tools.length) {
-    payload.tools = tools;
+    // On the ChatGPT path, only send function tools (drop server-side tools
+    // like web_search which the codex backend may reject).
+    const filtered = isChatGpt
+      ? tools.filter((t) => t.type === "function")
+      : tools;
+    if (filtered.length) {
+      payload.tools = filtered;
+      if (!payload.tool_choice) payload.tool_choice = "auto";
+    }
   }
 
   // Debug: dump the exact outgoing request when PURRX_DEBUG is set. Auth tokens

package/src/auth/login.js

@@ -25,6 +25,9 @@ function buildAuthorizeUrl(redirectUri, pkce, state) {
     id_token_add_organizations: "true",
     codex_cli_simplified_flow: "true",
     state,
+    // The official Codex authorize request includes the originator; the issued
+    // token's Codex entitlement can depend on it.
+    originator: "codex_cli_rs",
   });
   return `${OAUTH_ISSUER}/oauth/authorize?${params.toString()}`;
 }

package/src/auth/tokens.js

@@ -1,6 +1,7 @@
 import fs from "node:fs";
 import {
   authFilePath,
+  resolveAuthFileForRead,
   purrxHome,
   OAUTH_CLIENT_ID,
   OAUTH_ISSUER,
@@ -15,7 +16,7 @@ import {
 
 /** @returns {AuthDotJson|null} */
 export function readAuth() {
-  const file = authFilePath();
+  const file = resolveAuthFileForRead();
   try {
     const raw = fs.readFileSync(file, "utf8");
     return JSON.parse(raw);

package/src/config.js

@@ -1,4 +1,6 @@
 import path from "node:path";
+import os from "node:os";
+import fs from "node:fs";
 import { dataHome } from "./platform.js";
 
 // OAuth constants taken from the official OpenAI Codex CLI so we can reuse the
@@ -13,6 +15,12 @@ export const OAUTH_SCOPE =
 export const API_BASE = "https://api.openai.com/v1";
 export const CHATGPT_BASE = "https://chatgpt.com/backend-api/codex";
 
+// The official Codex client sends a `version` header (its CLI version) on every
+// request. The ChatGPT-codex backend uses it to recognize a legitimate Codex
+// client; omitting it causes a generic "model not supported" rejection.
+// Override with PURRX_CODEX_VERSION to match your installed Codex CLI.
+export const CODEX_CLI_VERSION = process.env.PURRX_CODEX_VERSION || "0.5.0";
+
 // Default model. gpt-5-codex is the default Codex coding model and works on
 // both API-key and ChatGPT-account auth. Override with PURRX_MODEL.
 export const DEFAULT_MODEL = process.env.PURRX_MODEL || "gpt-5-codex";
@@ -37,6 +45,26 @@ export function authFilePath() {
   return path.join(purrxHome(), "auth.json");
 }
 
+// Resolves the auth.json to READ from. Prefers purrx's own file, then falls
+// back to the official Codex CLI locations (CODEX_HOME, ~/.codex). This lets
+// purrx reuse a known-good token minted by `codex login`.
+export function resolveAuthFileForRead() {
+  const candidates = [
+    process.env.PURRX_HOME && path.join(process.env.PURRX_HOME, "auth.json"),
+    path.join(purrxHome(), "auth.json"),
+    process.env.CODEX_HOME && path.join(process.env.CODEX_HOME, "auth.json"),
+    path.join(os.homedir(), ".codex", "auth.json"),
+  ].filter(Boolean);
+  for (const candidate of candidates) {
+    try {
+      if (fs.existsSync(/** @type {string} */ (candidate))) return candidate;
+    } catch {
+      // ignore
+    }
+  }
+  return authFilePath();
+}
+
 export function sessionsDir() {
   return path.join(purrxHome(), "sessions");
 }