npm - @nick3/copilot-api - Versions diffs - 1.10.8 → 1.10.29 - Mend

@nick3/copilot-api 1.10.8 → 1.10.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/README.md +141 -46
package/README.zh-CN.md +141 -46
package/dist/{account-COtMmvzU.js → account-DpW8RaT6.js} +3 -3
package/dist/{account-COtMmvzU.js.map → account-DpW8RaT6.js.map} +1 -1
package/dist/admin/AGENTS.md +19 -0
package/dist/auth-nO-eHeO_.js +327 -0
package/dist/auth-nO-eHeO_.js.map +1 -0
package/dist/{check-usage-DdevqHE5.js → check-usage-ZifYvA3w.js} +4 -42
package/dist/check-usage-ZifYvA3w.js.map +1 -0
package/dist/config-CmhIPHn_.js +578 -0
package/dist/config-CmhIPHn_.js.map +1 -0
package/dist/{debug-BMo6ltbp.js → debug-DvpksqEL.js} +18 -7
package/dist/debug-DvpksqEL.js.map +1 -0
package/dist/main.js +5 -10
package/dist/main.js.map +1 -1
package/dist/mcp-http-BhELuvog.js +2 -0
package/dist/mcp-http-DI4Vz01p.js +82 -0
package/dist/mcp-http-DI4Vz01p.js.map +1 -0
package/dist/mcp-http-config-DMdUDz1D.js +39 -0
package/dist/mcp-http-config-DMdUDz1D.js.map +1 -0
package/dist/mcp-pLTPS0tO.js +79 -0
package/dist/mcp-pLTPS0tO.js.map +1 -0
package/dist/{tool-search-BrN7M0Dd.js → mcp-server-DEqHrXFq.js} +25 -2
package/dist/mcp-server-DEqHrXFq.js.map +1 -0
package/dist/{paths-CclKwouX.js → paths-Bpsb62LK.js} +3 -1
package/dist/paths-Bpsb62LK.js.map +1 -0
package/dist/{poll-access-token-BAgM2-7k.js → poll-access-token-GzVkiTH8.js} +71 -4
package/dist/poll-access-token-GzVkiTH8.js.map +1 -0
package/dist/{request-outbound-BJjWS_jF.js → request-outbound-BkEA8Wgb.js} +1 -1
package/dist/{request-outbound-Pu1kp2x8.js → request-outbound-DZTxxtcx.js} +3 -3
package/dist/{request-outbound-Pu1kp2x8.js.map → request-outbound-DZTxxtcx.js.map} +1 -1
package/dist/{proxy-_U-hgwIn.js → responses-bridge-registry-BJ5Sbh6-.js} +116 -577
package/dist/responses-bridge-registry-BJ5Sbh6-.js.map +1 -0
package/dist/{server-DulP9mYd.js → server-DJ3_UGc4.js} +339 -168
package/dist/server-DJ3_UGc4.js.map +1 -0
package/dist/start-DaB0AcjZ.js +526 -0
package/dist/start-DaB0AcjZ.js.map +1 -0
package/dist/token-DrFDLVxa.js +365 -0
package/dist/token-DrFDLVxa.js.map +1 -0
package/package.json +1 -1
package/dist/auth-B0y-2njL.js +0 -226
package/dist/auth-B0y-2njL.js.map +0 -1
package/dist/check-usage-DdevqHE5.js.map +0 -1
package/dist/debug-BMo6ltbp.js.map +0 -1
package/dist/get-copilot-token-8Rm-rVsp.js +0 -17
package/dist/get-copilot-token-8Rm-rVsp.js.map +0 -1
package/dist/mcp-9Hgepkc5.js +0 -37
package/dist/mcp-9Hgepkc5.js.map +0 -1
package/dist/paths-CclKwouX.js.map +0 -1
package/dist/poll-access-token-BAgM2-7k.js.map +0 -1
package/dist/proxy-_U-hgwIn.js.map +0 -1
package/dist/server-DulP9mYd.js.map +0 -1
package/dist/start-CtEoE2gt.js +0 -274
package/dist/start-CtEoE2gt.js.map +0 -1
package/dist/tool-search-BrN7M0Dd.js.map +0 -1

package/dist/token-DrFDLVxa.js ADDED Viewed

@@ -0,0 +1,365 @@
+import { b as HTTPError, g as getCopilotUsage, h as getDeviceCode, j as state, m as getGitHubUser, t as pollAccessToken } from "./poll-access-token-GzVkiTH8.js";
+import { t as PATHS } from "./paths-Bpsb62LK.js";
+import { D as setProviderConfig, p as getRawProviderConfig } from "./config-CmhIPHn_.js";
+import consola from "consola";
+import fs from "node:fs/promises";
+import { randomBytes } from "node:crypto";
+import path from "node:path";
+import { createServer } from "node:http";
+import "fetch-event-stream";
+import "undici";
+//#region src/services/codex/create-responses.ts
+const CODEX_API_BASE_URL = "https://chatgpt.com/backend-api";
+//#endregion
+//#region src/lib/oauth/codex.ts
+const CALLBACK_HOST = "127.0.0.1";
+const CALLBACK_PORT = 1455;
+const CALLBACK_PATH = "/auth/callback";
+const CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
+const AUTHORIZE_URL = "https://auth.openai.com/oauth/authorize";
+const TOKEN_URL = "https://auth.openai.com/oauth/token";
+const REDIRECT_URI = `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`;
+const SCOPE = "openid profile email offline_access";
+const JWT_CLAIM_PATH = "https://api.openai.com/auth";
+function base64UrlEncode(bytes) {
+	return Buffer.from(bytes).toString("base64url");
+}
+async function generatePkce() {
+	const verifierBytes = new Uint8Array(32);
+	crypto.getRandomValues(verifierBytes);
+	const verifier = base64UrlEncode(verifierBytes);
+	const hashBuffer = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(verifier));
+	return {
+		verifier,
+		challenge: base64UrlEncode(new Uint8Array(hashBuffer))
+	};
+}
+function createState() {
+	return randomBytes(16).toString("hex");
+}
+function parseAuthorizationInput(input) {
+	const value = input.trim();
+	if (!value) return {};
+	try {
+		const url = new URL(value);
+		return {
+			code: url.searchParams.get("code") ?? void 0,
+			state: url.searchParams.get("state") ?? void 0
+		};
+	} catch {}
+	if (value.includes("#")) {
+		const [code, state] = value.split("#", 2);
+		return {
+			code,
+			state
+		};
+	}
+	if (value.includes("code=")) {
+		const params = new URLSearchParams(value);
+		return {
+			code: params.get("code") ?? void 0,
+			state: params.get("state") ?? void 0
+		};
+	}
+	return { code: value };
+}
+function decodeJwt(accessToken) {
+	try {
+		const payload = accessToken.split(".")[1];
+		if (!payload) return null;
+		return JSON.parse(Buffer.from(payload, "base64url").toString("utf8"));
+	} catch {
+		return null;
+	}
+}
+function getAccountId(accessToken) {
+	const payload = decodeJwt(accessToken);
+	if (!payload) return null;
+	const authPayload = payload[JWT_CLAIM_PATH];
+	if (!authPayload || typeof authPayload !== "object") return null;
+	const accountId = authPayload.chatgpt_account_id;
+	return typeof accountId === "string" && accountId ? accountId : null;
+}
+function renderOAuthPage(options) {
+	return `<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <title>${escapeHtml(options.title)}</title>
+  <style>
+    body {
+      margin: 0;
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      padding: 24px;
+      background: #09090b;
+      color: #fafafa;
+      font-family: system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
+      text-align: center;
+    }
+    main {
+      max-width: 560px;
+    }
+    h1 {
+      margin: 0 0 12px;
+      font-size: 28px;
+      line-height: 1.15;
+    }
+    p {
+      margin: 0;
+      color: #a1a1aa;
+      line-height: 1.6;
+    }
+  </style>
+</head>
+<body>
+  <main>
+    <h1>${escapeHtml(options.heading)}</h1>
+    <p>${escapeHtml(options.message)}</p>
+  </main>
+</body>
+</html>`;
+}
+function escapeHtml(value) {
+	return value.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(">", "&gt;").replaceAll("\"", "&quot;").replaceAll("'", "&#39;");
+}
+function renderOAuthSuccessPage(message) {
+	return renderOAuthPage({
+		title: "Authentication successful",
+		heading: "Authentication successful",
+		message
+	});
+}
+function renderOAuthErrorPage(message) {
+	return renderOAuthPage({
+		title: "Authentication failed",
+		heading: "Authentication failed",
+		message
+	});
+}
+async function exchangeAuthorizationCode(code, verifier) {
+	const response = await fetch(TOKEN_URL, {
+		method: "POST",
+		headers: { "Content-Type": "application/x-www-form-urlencoded" },
+		body: new URLSearchParams({
+			grant_type: "authorization_code",
+			client_id: CLIENT_ID,
+			code,
+			code_verifier: verifier,
+			redirect_uri: REDIRECT_URI
+		})
+	});
+	if (!response.ok) {
+		const details = await response.text().catch(() => "");
+		throw new Error(`Codex token exchange failed (${response.status}): ${details || response.statusText}`);
+	}
+	const payload = await response.json();
+	if (typeof payload.access_token !== "string" || typeof payload.refresh_token !== "string" || typeof payload.expires_in !== "number") throw new TypeError(`Codex token exchange response missing fields: ${JSON.stringify(payload)}`);
+	return {
+		accessToken: payload.access_token,
+		refreshToken: payload.refresh_token,
+		expiresAt: Date.now() + payload.expires_in * 1e3
+	};
+}
+async function createAuthorizationFlow() {
+	const { verifier, challenge } = await generatePkce();
+	const state = createState();
+	const url = new URL(AUTHORIZE_URL);
+	url.searchParams.set("response_type", "code");
+	url.searchParams.set("client_id", CLIENT_ID);
+	url.searchParams.set("redirect_uri", REDIRECT_URI);
+	url.searchParams.set("scope", SCOPE);
+	url.searchParams.set("code_challenge", challenge);
+	url.searchParams.set("code_challenge_method", "S256");
+	url.searchParams.set("state", state);
+	url.searchParams.set("id_token_add_organizations", "true");
+	url.searchParams.set("codex_cli_simplified_flow", "true");
+	url.searchParams.set("originator", "copilot-api");
+	return {
+		verifier,
+		state,
+		url: url.toString()
+	};
+}
+async function waitForAuthorizationCode(state) {
+	let resolveCode;
+	const waitForCode = new Promise((resolve) => {
+		resolveCode = resolve;
+	});
+	const server = createServer((request, response) => {
+		try {
+			const url = new URL(request.url || "", "http://localhost");
+			if (url.pathname !== CALLBACK_PATH) {
+				response.statusCode = 404;
+				response.setHeader("Content-Type", "text/html; charset=utf-8");
+				response.end(renderOAuthErrorPage("Callback route not found."));
+				return;
+			}
+			if (url.searchParams.get("state") !== state) {
+				response.statusCode = 400;
+				response.setHeader("Content-Type", "text/html; charset=utf-8");
+				response.end(renderOAuthErrorPage("State mismatch."));
+				return;
+			}
+			const code = url.searchParams.get("code");
+			if (!code) {
+				response.statusCode = 400;
+				response.setHeader("Content-Type", "text/html; charset=utf-8");
+				response.end(renderOAuthErrorPage("Missing authorization code."));
+				return;
+			}
+			response.statusCode = 200;
+			response.setHeader("Content-Type", "text/html; charset=utf-8");
+			response.end(renderOAuthSuccessPage("OpenAI Codex authentication completed. You can close this window."));
+			resolveCode?.(code);
+		} catch {
+			response.statusCode = 500;
+			response.setHeader("Content-Type", "text/html; charset=utf-8");
+			response.end(renderOAuthErrorPage("Internal error while processing OAuth callback."));
+		}
+	});
+	try {
+		await new Promise((resolve, reject) => {
+			server.once("error", reject);
+			server.listen(CALLBACK_PORT, CALLBACK_HOST, () => {
+				server.off("error", reject);
+				resolve();
+			});
+		});
+	} catch {
+		return null;
+	}
+	try {
+		return await waitForCode;
+	} finally {
+		await new Promise((resolve, reject) => {
+			server.close((error) => {
+				if (error) {
+					reject(error);
+					return;
+				}
+				resolve();
+			});
+		}).catch(() => void 0);
+	}
+}
+async function loginCodex(options) {
+	const { verifier, state, url } = await createAuthorizationFlow();
+	options.onAuth({
+		url,
+		instructions: "Please complete the login in the browser. If the browser does not automatically redirect, please paste the callback URL or code back to the terminal."
+	});
+	options.onProgress?.("Waiting for Codex OAuth callback");
+	let code = await waitForAuthorizationCode(state);
+	if (!code) {
+		const parsed = parseAuthorizationInput(await options.onPrompt("Paste the authorization code or full redirect URL:"));
+		if (parsed.state && parsed.state !== state) throw new Error("Codex OAuth state mismatch");
+		code = parsed.code ?? null;
+	}
+	if (!code) throw new Error("Missing Codex authorization code");
+	const tokenResult = await exchangeAuthorizationCode(code, verifier);
+	const accountId = getAccountId(tokenResult.accessToken);
+	if (!accountId) throw new Error("Failed to extract Codex account id from access token");
+	return {
+		accessToken: tokenResult.accessToken,
+		refreshToken: tokenResult.refreshToken,
+		expiresAt: tokenResult.expiresAt,
+		accountId
+	};
+}
+//#endregion
+//#region src/lib/credential-store.ts
+function isNodeError(error) {
+	return error instanceof Error && "code" in error;
+}
+async function readOptionalFile(filePath) {
+	try {
+		return await fs.readFile(filePath, "utf8");
+	} catch (error) {
+		if (isNodeError(error) && error.code === "ENOENT") return null;
+		throw error;
+	}
+}
+async function writeProtectedFile(filePath, content) {
+	await fs.mkdir(path.dirname(filePath), { recursive: true });
+	await fs.writeFile(filePath, content, "utf8");
+	try {
+		await fs.chmod(filePath, 384);
+	} catch {
+		return;
+	}
+}
+async function readGitHubToken() {
+	return (await readOptionalFile(PATHS.GITHUB_TOKEN_PATH))?.trim() || null;
+}
+async function writeGitHubToken(token) {
+	await writeProtectedFile(PATHS.GITHUB_TOKEN_PATH, token.trim());
+}
+async function writeCodexCredentials(credentials) {
+	await writeProtectedFile(PATHS.CODEX_CREDENTIAL_PATH, `${JSON.stringify(credentials, null, 2)}\n`);
+}
+//#endregion
+//#region src/lib/token.ts
+function applyCodexCredentials(credentials) {
+	state.codexAccessToken = credentials.accessToken;
+	state.codexRefreshToken = credentials.refreshToken;
+	state.codexExpiresAt = credentials.expiresAt;
+	state.codexAccountId = credentials.accountId;
+	consola.debug("Codex credentials loaded successfully");
+	if (state.showToken) consola.info("Codex access token:", credentials.accessToken);
+}
+function syncCodexProviderConfig(options) {
+	const existingProviderConfig = getRawProviderConfig("codex") ?? {};
+	setProviderConfig("codex", {
+		...existingProviderConfig,
+		type: "openai-responses",
+		enabled: options?.enabled ?? existingProviderConfig.enabled,
+		baseUrl: CODEX_API_BASE_URL,
+		authType: "oauth2"
+	});
+}
+async function persistCodexCredentials(credentials, options) {
+	await writeCodexCredentials(credentials);
+	syncCodexProviderConfig({ enabled: options?.enableProvider ? true : void 0 });
+	applyCodexCredentials(credentials);
+}
+async function setupGitHubToken(options) {
+	try {
+		const githubToken = await readGitHubToken();
+		if (githubToken && !options?.force) {
+			state.githubToken = githubToken;
+			if (state.showToken) consola.info("GitHub token:", githubToken);
+			await logUser();
+			return;
+		}
+		consola.info("Not logged in, getting new access token");
+		const response = await getDeviceCode();
+		consola.debug("Device code response:", response);
+		consola.info(`Please enter the code "${response.user_code}" in ${response.verification_uri}`);
+		const token = await pollAccessToken(response);
+		await writeGitHubToken(token);
+		state.githubToken = token;
+		if (state.showToken) consola.info("GitHub token:", token);
+		await logUser();
+	} catch (error) {
+		if (error instanceof HTTPError) {
+			consola.error("Failed to get GitHub token:", await error.response.json());
+			throw error;
+		}
+		consola.error("Failed to get GitHub token:", error);
+		throw error;
+	}
+}
+async function logUser() {
+	const user = await getGitHubUser();
+	state.userName = user.login;
+	consola.info(`Logged in as ${user.login}`);
+	state.copilotApiUrl = (await getCopilotUsage()).endpoints.api;
+}
+//#endregion
+export { setupGitHubToken as n, loginCodex as r, persistCodexCredentials as t };
+//# sourceMappingURL=token-DrFDLVxa.js.map

package/dist/token-DrFDLVxa.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"token-DrFDLVxa.js","names":[],"sources":["../src/services/codex/create-responses.ts","../src/lib/oauth/codex.ts","../src/lib/credential-store.ts","../src/lib/token.ts"],"sourcesContent":["import { createHash } from \"node:crypto\"\n\nimport { events, type ServerSentEventMessage } from \"fetch-event-stream\"\n\nimport type {\n CreateResponsesReturn,\n ResponseInputContent,\n ResponseInputItem,\n ResponseInputMessage,\n ResponsesPayload,\n ResponseErrorEvent,\n ResponsesResult,\n ResponsesStream,\n ResponsesTransport,\n} from \"~/services/copilot/create-responses\"\n\nimport { isResponsesApiWebSocketEnabled as isConfiguredResponsesApiWebSocketEnabled } from \"~/lib/config\"\nimport { HTTPError } from \"~/lib/error\"\nimport { state } from \"~/lib/state\"\nimport {\n createPooledWebSocketStream,\n createWebSocketUrl,\n type PooledWebSocketRequest,\n} from \"~/services/responses-websocket\"\nimport { requestContext } from \"~/lib/request-context\"\n\nexport const CODEX_API_BASE_URL = \"https://chatgpt.com/backend-api\"\n\ntype CodexResponsesWebSocketPayload = ResponsesPayload & {\n type: \"response.create\"\n}\n\ntype ServerSentEventChunk = ServerSentEventMessage\n\ntype CodexResponsesWebSocketRequest =\n PooledWebSocketRequest<CodexResponsesWebSocketPayload>\n\ninterface CodexResponsesHeaderOptions {\n stream?: boolean | null\n}\n\nconst STRIPPED_CODEX_REQUEST_HEADERS = new Set([\n \"authorization\",\n \"connection\",\n \"content-length\",\n \"host\",\n \"keep-alive\",\n \"proxy-authenticate\",\n \"proxy-authorization\",\n \"te\",\n \"trailer\",\n \"transfer-encoding\",\n \"upgrade\",\n \"x-api-key\",\n])\n\nconst STRIPPED_CODEX_WEBSOCKET_HEADERS = new Set([\"accept\", \"content-type\"])\n\nconst requireCodexAuthContext = (): {\n accessToken: string\n accountId: string\n} => {\n const accessToken = state.codexAccessToken\n const accountId = state.codexAccountId\n\n if (!accessToken) {\n throw new Error(\"Codex access token is not loaded\")\n }\n\n if (!accountId) {\n throw new Error(\"Codex account id is not loaded\")\n }\n\n return { accessToken, accountId }\n}\n\nexport function resolveCodexResponsesUrl(\n baseUrl: string = CODEX_API_BASE_URL,\n): string {\n const normalized = baseUrl.trim().replace(/\\/+$/, \"\")\n if (!normalized) {\n return `${CODEX_API_BASE_URL}/codex/responses`\n }\n\n if (normalized.endsWith(\"/codex/responses\")) {\n return normalized\n }\n\n if (normalized.endsWith(\"/codex\")) {\n return `${normalized}/responses`\n }\n\n return `${normalized}/codex/responses`\n}\n\nexport function buildCodexResponsesHeaders(\n requestHeaders: Headers,\n options: CodexResponsesHeaderOptions = {},\n): Headers {\n const { accessToken, accountId } = requireCodexAuthContext()\n const headers = new Headers()\n for (const [headerName, headerValue] of requestHeaders) {\n const headerNameLower = headerName.toLowerCase()\n if (STRIPPED_CODEX_REQUEST_HEADERS.has(headerNameLower)) {\n continue\n }\n if (headerNameLower.includes(\"trace\")) {\n continue\n }\n headers.set(headerName, headerValue)\n }\n\n if (!headers.has(\"accept\")) {\n headers.set(\n \"accept\",\n options.stream ? \"text/event-stream\" : \"application/json\",\n )\n }\n\n headers.set(\"authorization\", `Bearer ${accessToken}`)\n headers.set(\"chatgpt-account-id\", accountId)\n if (!headers.has(\"content-type\")) {\n headers.set(\"content-type\", \"application/json\")\n }\n if (!headers.has(\"OpenAI-Beta\")) {\n headers.set(\"OpenAI-Beta\", \"responses=experimental\")\n }\n if (!headers.has(\"originator\")) {\n headers.set(\"originator\", \"copilot-api\")\n }\n if (!headers.has(\"user-agent\")) {\n headers.set(\"user-agent\", \"copilot-api\")\n }\n if (headers.get(\"user-agent\")?.startsWith(\"opencode\")) {\n headers.set(\"originator\", \"opencode\")\n const sessionId = requestContext.getStore()?.sessionAffinity\n if (sessionId) {\n headers.set(\"session-id\", sessionId)\n }\n }\n return headers\n}\n\nexport function resolveCodexResponsesTransport(\n transport?: ResponsesTransport,\n): ResponsesTransport {\n return (\n transport\n ?? (isConfiguredResponsesApiWebSocketEnabled() ? \"websocket\" : \"http\")\n )\n}\n\nexport function buildCodexResponsesWebSocketHeaders(\n requestHeaders: Headers,\n): Record<string, string> {\n const headers = buildCodexResponsesHeaders(requestHeaders)\n for (const headerName of STRIPPED_CODEX_WEBSOCKET_HEADERS) {\n headers.delete(headerName)\n }\n return Object.fromEntries(headers)\n}\n\nexport function buildCodexResponsesWebSocketPayload(\n payload: ResponsesPayload,\n): CodexResponsesWebSocketPayload {\n const websocketPayload: CodexResponsesWebSocketPayload = {\n ...normalizeCodexResponsesPayload(payload),\n type: \"response.create\",\n }\n\n delete websocketPayload.stream\n\n return websocketPayload\n}\n\nexport function buildCodexResponsesWebSocketUrl(\n baseUrl: string = CODEX_API_BASE_URL,\n): string {\n return createWebSocketUrl(resolveCodexResponsesUrl(baseUrl))\n}\n\nexport function prepareCodexResponsesWebSocketRequest(\n payload: ResponsesPayload,\n requestHeaders: Headers,\n baseUrl: string = CODEX_API_BASE_URL,\n): CodexResponsesWebSocketRequest {\n const headers = buildCodexResponsesWebSocketHeaders(requestHeaders)\n\n return {\n headers,\n payload: buildCodexResponsesWebSocketPayload(payload),\n poolKey: buildCodexResponsesWebSocketPoolKey(payload, headers, baseUrl),\n url: buildCodexResponsesWebSocketUrl(baseUrl),\n }\n}\n\nexport async function forwardCodexResponses(\n payload: ResponsesPayload,\n requestHeaders: Headers,\n baseUrl: string = CODEX_API_BASE_URL,\n options: {\n transport?: ResponsesTransport\n } = {},\n): Promise<CreateResponsesReturn> {\n const transport = resolveCodexResponsesTransport(options.transport)\n if (payload.stream && transport === \"websocket\") {\n return forwardCodexResponsesOverWebSocket(payload, requestHeaders, baseUrl)\n }\n\n const normalizedPayload = normalizeCodexResponsesPayload(payload)\n\n const response = await fetch(resolveCodexResponsesUrl(baseUrl), {\n method: \"POST\",\n headers: buildCodexResponsesHeaders(requestHeaders, {\n stream: normalizedPayload.stream,\n }),\n body: JSON.stringify(normalizedPayload),\n })\n\n if (!response.ok) {\n throw new HTTPError(\"Failed to create codex responses\", response)\n }\n\n if (normalizedPayload.stream) {\n return events(response)\n }\n\n return (await response.json()) as ResponsesResult\n}\n\nconst normalizeCodexResponsesPayload = (\n payload: ResponsesPayload,\n): ResponsesPayload => {\n const normalizedPayload: ResponsesPayload = {\n ...payload,\n store: false,\n }\n\n delete normalizedPayload.temperature\n delete normalizedPayload.top_p\n delete normalizedPayload.max_output_tokens\n delete normalizedPayload.metadata\n\n if (\n (typeof normalizedPayload.instructions === \"string\"\n && normalizedPayload.instructions.trim().length > 0)\n || !Array.isArray(normalizedPayload.input)\n ) {\n return normalizedPayload\n }\n\n const instructions: Array<string> = []\n let messageCount = 0\n const remainingInput = normalizedPayload.input.filter((inputItem) => {\n const message = getResponseInputMessage(inputItem)\n if (!message) {\n return true\n }\n\n messageCount += 1\n if (message.role !== \"system\" || messageCount > 3) {\n return true\n }\n\n const systemPrompt = getTextContent(message.content)\n if (systemPrompt === undefined) {\n return true\n }\n if (systemPrompt.trim().length > 0) {\n instructions.push(systemPrompt)\n }\n\n return false\n })\n\n if (remainingInput.length === normalizedPayload.input.length) {\n return normalizedPayload\n }\n\n if (instructions.length > 0) {\n // Codex expects system prompts in instructions instead of input messages.\n normalizedPayload.instructions = instructions.join(\"\\n\\n\")\n }\n\n if (remainingInput.length > 0) {\n normalizedPayload.input = remainingInput\n } else {\n delete normalizedPayload.input\n }\n\n return normalizedPayload\n}\n\nconst getResponseInputMessage = (\n inputItem: ResponseInputItem,\n): ResponseInputMessage | undefined => {\n if (typeof inputItem !== \"object\" || inputItem === null) {\n return undefined\n }\n\n const { role, type } = inputItem as {\n role?: unknown\n type?: unknown\n }\n if (typeof role !== \"string\" || (type !== undefined && type !== \"message\")) {\n return undefined\n }\n\n return inputItem as ResponseInputMessage\n}\n\nconst getTextContent = (\n content: ResponseInputMessage[\"content\"],\n): string | undefined => {\n if (typeof content === \"string\") {\n return content\n }\n\n if (content === undefined) {\n return \"\"\n }\n\n if (!Array.isArray(content)) {\n return undefined\n }\n\n const textBlocks: Array<string> = []\n for (const contentBlock of content) {\n const text = getTextBlock(contentBlock)\n if (text === undefined) {\n return undefined\n }\n\n if (text.length > 0) {\n textBlocks.push(text)\n }\n }\n\n return textBlocks.join(\"\\n\\n\")\n}\n\nconst getTextBlock = (\n contentBlock: ResponseInputContent,\n): string | undefined => {\n if (typeof contentBlock !== \"object\" || contentBlock === null) {\n return undefined\n }\n\n const { text, type } = contentBlock as {\n text?: unknown\n type?: unknown\n }\n\n if (type !== undefined && type !== \"input_text\" && type !== \"output_text\") {\n return undefined\n }\n\n return typeof text === \"string\" ? text : undefined\n}\n\nconst buildCodexResponsesWebSocketPoolKey = (\n payload: ResponsesPayload,\n headers: Record<string, string>,\n baseUrl: string,\n): string => {\n const authFingerprint = createHash(\"sha256\")\n .update(\n `${state.codexAccessToken ?? \"missing-token\"}:${state.codexAccountId ?? \"missing-account\"}`,\n )\n .digest(\"hex\")\n .slice(0, 16)\n const headerFingerprint = createHash(\"sha256\")\n .update(\n JSON.stringify(\n Object.entries(headers)\n .filter(([headerName]) => !headerName.toLowerCase().includes(\"trace\"))\n .sort(([left], [right]) => left.localeCompare(right)),\n ),\n )\n .digest(\"hex\")\n .slice(0, 16)\n\n return [\n \"codex\",\n resolveCodexResponsesUrl(baseUrl),\n payload.model,\n authFingerprint,\n headerFingerprint,\n ]\n .map(encodePoolKeyPart)\n .join(\"|\")\n}\n\nconst forwardCodexResponsesOverWebSocket = (\n payload: ResponsesPayload,\n requestHeaders: Headers,\n baseUrl: string,\n): ResponsesStream => {\n const websocketRequest = prepareCodexResponsesWebSocketRequest(\n payload,\n requestHeaders,\n baseUrl,\n )\n\n return createCodexResponsesWebSocketStream(websocketRequest)\n}\n\nconst createCodexResponsesWebSocketStream = (\n request: CodexResponsesWebSocketRequest,\n): ResponsesStream =>\n createCodexResponsesSafeStream(\n createPooledWebSocketStream(request, {\n createChunk: createCodexResponsesWebSocketStreamChunk,\n isTerminalChunk: isTerminalCodexResponsesWebSocketChunk,\n openErrorMessage: \"Failed to create codex responses websocket\",\n streamErrorMessage: \"Codex responses websocket stream error\",\n terminalChunkMissingMessage:\n \"Codex responses websocket ended without a terminal response\",\n }),\n )\n\nconst createCodexResponsesSafeStream = async function* (\n source: AsyncIterable<ServerSentEventChunk>,\n): AsyncGenerator<ServerSentEventChunk, void, unknown> {\n try {\n yield* source\n } catch (error) {\n yield createResponsesErrorServerSentEventChunk(getErrorMessage(error))\n }\n}\n\nconst createCodexResponsesWebSocketStreamChunk = (\n data: string,\n): ServerSentEventChunk => {\n if (data === \"[DONE]\") {\n return { data }\n }\n\n try {\n const parsed = JSON.parse(data) as {\n id?: unknown\n type?: unknown\n }\n\n return {\n data: JSON.stringify(parsed),\n event: typeof parsed.type === \"string\" ? parsed.type : undefined,\n id: typeof parsed.id === \"string\" ? parsed.id : undefined,\n }\n } catch {\n return { data }\n }\n}\n\nconst isTerminalCodexResponsesWebSocketChunk = (\n chunk: ServerSentEventChunk,\n): boolean => {\n if (!chunk.data || chunk.data === \"[DONE]\") {\n return false\n }\n\n try {\n const parsed = JSON.parse(chunk.data) as { type?: unknown }\n return (\n parsed.type === \"response.completed\"\n || parsed.type === \"response.failed\"\n || parsed.type === \"response.incomplete\"\n || parsed.type === \"error\"\n )\n } catch {\n return false\n }\n}\n\nconst createResponsesErrorServerSentEventChunk = (\n message: string,\n): ServerSentEventChunk => {\n const errorEvent: ResponseErrorEvent = {\n code: null,\n message,\n param: null,\n sequence_number: 0,\n type: \"error\",\n }\n\n return {\n data: JSON.stringify(errorEvent),\n event: errorEvent.type,\n }\n}\n\nconst getErrorMessage = (error: unknown): string => {\n if (error instanceof Error && error.message) {\n return error.message\n }\n\n return String(error)\n}\n\nconst encodePoolKeyPart = (value: string): string => encodeURIComponent(value)\n","import { randomBytes } from \"node:crypto\"\nimport { createServer } from \"node:http\"\n\nexport { CODEX_API_BASE_URL } from \"~/services/codex/create-responses\"\n\nconst CALLBACK_HOST = \"127.0.0.1\"\nconst CALLBACK_PORT = 1455\nconst CALLBACK_PATH = \"/auth/callback\"\nconst CLIENT_ID = \"app_EMoamEEZ73f0CkXaXp7hrann\"\nconst AUTHORIZE_URL = \"https://auth.openai.com/oauth/authorize\"\nconst TOKEN_URL = \"https://auth.openai.com/oauth/token\"\nconst REDIRECT_URI = `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`\nconst SCOPE = \"openid profile email offline_access\"\nconst JWT_CLAIM_PATH = \"https://api.openai.com/auth\"\nconst REFRESH_BUFFER_MS = 60_000\n\ninterface TokenSuccessResult {\n accessToken: string\n refreshToken: string\n expiresAt: number\n}\n\ninterface OAuthPageOptions {\n title: string\n heading: string\n message: string\n}\n\nexport interface CodexCredentials {\n accessToken: string\n refreshToken: string\n expiresAt: number\n accountId: string\n}\n\nexport interface CodexAuthInfo {\n url: string\n instructions?: string\n}\n\nexport interface LoginCodexOptions {\n onAuth: (info: CodexAuthInfo) => void\n onPrompt: (message: string) => Promise<string>\n onProgress?: (message: string) => void\n}\n\nfunction base64UrlEncode(bytes: Uint8Array): string {\n return Buffer.from(bytes).toString(\"base64url\")\n}\n\nasync function generatePkce(): Promise<{\n verifier: string\n challenge: string\n}> {\n const verifierBytes = new Uint8Array(32)\n crypto.getRandomValues(verifierBytes)\n const verifier = base64UrlEncode(verifierBytes)\n const hashBuffer = await crypto.subtle.digest(\n \"SHA-256\",\n new TextEncoder().encode(verifier),\n )\n\n return {\n verifier,\n challenge: base64UrlEncode(new Uint8Array(hashBuffer)),\n }\n}\n\nfunction createState(): string {\n return randomBytes(16).toString(\"hex\")\n}\n\nfunction parseAuthorizationInput(input: string): {\n code?: string\n state?: string\n} {\n const value = input.trim()\n if (!value) {\n return {}\n }\n\n try {\n const url = new URL(value)\n return {\n code: url.searchParams.get(\"code\") ?? undefined,\n state: url.searchParams.get(\"state\") ?? undefined,\n }\n } catch {\n // Continue and parse it as plain text.\n }\n\n if (value.includes(\"#\")) {\n const [code, state] = value.split(\"#\", 2)\n return { code, state }\n }\n\n if (value.includes(\"code=\")) {\n const params = new URLSearchParams(value)\n return {\n code: params.get(\"code\") ?? undefined,\n state: params.get(\"state\") ?? undefined,\n }\n }\n\n return { code: value }\n}\n\nfunction decodeJwt(accessToken: string): Record<string, unknown> | null {\n try {\n const payload = accessToken.split(\".\")[1]\n if (!payload) {\n return null\n }\n return JSON.parse(\n Buffer.from(payload, \"base64url\").toString(\"utf8\"),\n ) as Record<string, unknown>\n } catch {\n return null\n }\n}\n\nfunction getAccountId(accessToken: string): string | null {\n const payload = decodeJwt(accessToken)\n if (!payload) {\n return null\n }\n\n const authPayload = payload[JWT_CLAIM_PATH]\n if (!authPayload || typeof authPayload !== \"object\") {\n return null\n }\n\n const accountId = (authPayload as { chatgpt_account_id?: unknown })\n .chatgpt_account_id\n return typeof accountId === \"string\" && accountId ? accountId : null\n}\n\nfunction renderOAuthPage(options: OAuthPageOptions): string {\n return `<!doctype html>\n<html lang=\"en\">\n<head>\n <meta charset=\"utf-8\" />\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n <title>${escapeHtml(options.title)}</title>\n <style>\n body {\n margin: 0;\n min-height: 100vh;\n display: flex;\n align-items: center;\n justify-content: center;\n padding: 24px;\n background: #09090b;\n color: #fafafa;\n font-family: system-ui, -apple-system, BlinkMacSystemFont, \"Segoe UI\", sans-serif;\n text-align: center;\n }\n main {\n max-width: 560px;\n }\n h1 {\n margin: 0 0 12px;\n font-size: 28px;\n line-height: 1.15;\n }\n p {\n margin: 0;\n color: #a1a1aa;\n line-height: 1.6;\n }\n </style>\n</head>\n<body>\n <main>\n <h1>${escapeHtml(options.heading)}</h1>\n <p>${escapeHtml(options.message)}</p>\n </main>\n</body>\n</html>`\n}\n\nfunction escapeHtml(value: string): string {\n return value\n .replaceAll(\"&\", \"&\")\n .replaceAll(\"<\", \"<\")\n .replaceAll(\">\", \">\")\n .replaceAll('\"', \""\")\n .replaceAll(\"'\", \"'\")\n}\n\nfunction renderOAuthSuccessPage(message: string): string {\n return renderOAuthPage({\n title: \"Authentication successful\",\n heading: \"Authentication successful\",\n message,\n })\n}\n\nfunction renderOAuthErrorPage(message: string): string {\n return renderOAuthPage({\n title: \"Authentication failed\",\n heading: \"Authentication failed\",\n message,\n })\n}\n\nasync function exchangeAuthorizationCode(\n code: string,\n verifier: string,\n): Promise<TokenSuccessResult> {\n const response = await fetch(TOKEN_URL, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n },\n body: new URLSearchParams({\n grant_type: \"authorization_code\",\n client_id: CLIENT_ID,\n code,\n code_verifier: verifier,\n redirect_uri: REDIRECT_URI,\n }),\n })\n\n if (!response.ok) {\n const details = await response.text().catch(() => \"\")\n throw new Error(\n `Codex token exchange failed (${response.status}): ${details || response.statusText}`,\n )\n }\n\n const payload = (await response.json()) as {\n access_token?: unknown\n refresh_token?: unknown\n expires_in?: unknown\n }\n\n if (\n typeof payload.access_token !== \"string\"\n || typeof payload.refresh_token !== \"string\"\n || typeof payload.expires_in !== \"number\"\n ) {\n throw new TypeError(\n `Codex token exchange response missing fields: ${JSON.stringify(payload)}`,\n )\n }\n\n return {\n accessToken: payload.access_token,\n refreshToken: payload.refresh_token,\n expiresAt: Date.now() + payload.expires_in * 1000,\n }\n}\n\nasync function refreshAccessToken(\n refreshToken: string,\n): Promise<TokenSuccessResult> {\n const response = await fetch(TOKEN_URL, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n },\n body: new URLSearchParams({\n grant_type: \"refresh_token\",\n refresh_token: refreshToken,\n client_id: CLIENT_ID,\n }),\n })\n\n if (!response.ok) {\n const details = await response.text().catch(() => \"\")\n throw new Error(\n `Codex token refresh failed (${response.status}): ${details || response.statusText}`,\n )\n }\n\n const payload = (await response.json()) as {\n access_token?: unknown\n refresh_token?: unknown\n expires_in?: unknown\n }\n\n if (\n typeof payload.access_token !== \"string\"\n || typeof payload.refresh_token !== \"string\"\n || typeof payload.expires_in !== \"number\"\n ) {\n throw new TypeError(\n `Codex token refresh response missing fields: ${JSON.stringify(payload)}`,\n )\n }\n\n return {\n accessToken: payload.access_token,\n refreshToken: payload.refresh_token,\n expiresAt: Date.now() + payload.expires_in * 1000,\n }\n}\n\nasync function createAuthorizationFlow(): Promise<{\n verifier: string\n state: string\n url: string\n}> {\n const { verifier, challenge } = await generatePkce()\n const state = createState()\n const url = new URL(AUTHORIZE_URL)\n url.searchParams.set(\"response_type\", \"code\")\n url.searchParams.set(\"client_id\", CLIENT_ID)\n url.searchParams.set(\"redirect_uri\", REDIRECT_URI)\n url.searchParams.set(\"scope\", SCOPE)\n url.searchParams.set(\"code_challenge\", challenge)\n url.searchParams.set(\"code_challenge_method\", \"S256\")\n url.searchParams.set(\"state\", state)\n url.searchParams.set(\"id_token_add_organizations\", \"true\")\n url.searchParams.set(\"codex_cli_simplified_flow\", \"true\")\n url.searchParams.set(\"originator\", \"copilot-api\")\n\n return { verifier, state, url: url.toString() }\n}\n\nasync function waitForAuthorizationCode(state: string): Promise<string | null> {\n let resolveCode: ((code: string | null) => void) | undefined\n const waitForCode = new Promise<string | null>((resolve) => {\n resolveCode = resolve\n })\n\n const server = createServer((request, response) => {\n try {\n const url = new URL(request.url || \"\", \"http://localhost\")\n if (url.pathname !== CALLBACK_PATH) {\n response.statusCode = 404\n response.setHeader(\"Content-Type\", \"text/html; charset=utf-8\")\n response.end(renderOAuthErrorPage(\"Callback route not found.\"))\n return\n }\n\n if (url.searchParams.get(\"state\") !== state) {\n response.statusCode = 400\n response.setHeader(\"Content-Type\", \"text/html; charset=utf-8\")\n response.end(renderOAuthErrorPage(\"State mismatch.\"))\n return\n }\n\n const code = url.searchParams.get(\"code\")\n if (!code) {\n response.statusCode = 400\n response.setHeader(\"Content-Type\", \"text/html; charset=utf-8\")\n response.end(renderOAuthErrorPage(\"Missing authorization code.\"))\n return\n }\n\n response.statusCode = 200\n response.setHeader(\"Content-Type\", \"text/html; charset=utf-8\")\n response.end(\n renderOAuthSuccessPage(\n \"OpenAI Codex authentication completed. You can close this window.\",\n ),\n )\n resolveCode?.(code)\n } catch {\n response.statusCode = 500\n response.setHeader(\"Content-Type\", \"text/html; charset=utf-8\")\n response.end(\n renderOAuthErrorPage(\"Internal error while processing OAuth callback.\"),\n )\n }\n })\n\n try {\n await new Promise<void>((resolve, reject) => {\n server.once(\"error\", reject)\n server.listen(CALLBACK_PORT, CALLBACK_HOST, () => {\n server.off(\"error\", reject)\n resolve()\n })\n })\n } catch {\n return null\n }\n\n try {\n return await waitForCode\n } finally {\n await new Promise<void>((resolve, reject) => {\n server.close((error) => {\n if (error) {\n reject(error)\n return\n }\n resolve()\n })\n }).catch(() => undefined)\n }\n}\n\nexport async function loginCodex(\n options: LoginCodexOptions,\n): Promise<CodexCredentials> {\n const { verifier, state, url } = await createAuthorizationFlow()\n options.onAuth({\n url,\n instructions:\n \"Please complete the login in the browser. If the browser does not automatically redirect, please paste the callback URL or code back to the terminal.\",\n })\n options.onProgress?.(\"Waiting for Codex OAuth callback\")\n\n let code = await waitForAuthorizationCode(state)\n if (!code) {\n const input = await options.onPrompt(\n \"Paste the authorization code or full redirect URL:\",\n )\n const parsed = parseAuthorizationInput(input)\n if (parsed.state && parsed.state !== state) {\n throw new Error(\"Codex OAuth state mismatch\")\n }\n code = parsed.code ?? null\n }\n\n if (!code) {\n throw new Error(\"Missing Codex authorization code\")\n }\n\n const tokenResult = await exchangeAuthorizationCode(code, verifier)\n const accountId = getAccountId(tokenResult.accessToken)\n if (!accountId) {\n throw new Error(\"Failed to extract Codex account id from access token\")\n }\n\n return {\n accessToken: tokenResult.accessToken,\n refreshToken: tokenResult.refreshToken,\n expiresAt: tokenResult.expiresAt,\n accountId,\n }\n}\n\nexport async function refreshCodexCredentials(\n credentials: CodexCredentials,\n): Promise<CodexCredentials> {\n const tokenResult = await refreshAccessToken(credentials.refreshToken)\n const accountId = getAccountId(tokenResult.accessToken)\n if (!accountId) {\n throw new Error(\"Failed to extract Codex account id from access token\")\n }\n\n return {\n accessToken: tokenResult.accessToken,\n refreshToken: tokenResult.refreshToken,\n expiresAt: tokenResult.expiresAt,\n accountId,\n }\n}\n\nexport function isCodexCredentialsExpired(\n credentials: Pick<CodexCredentials, \"expiresAt\">,\n now: number = Date.now(),\n): boolean {\n return credentials.expiresAt <= now + REFRESH_BUFFER_MS\n}\n","import fs from \"node:fs/promises\"\nimport path from \"node:path\"\n\nimport type { CodexCredentials } from \"~/lib/oauth/codex\"\n\nimport { PATHS } from \"./paths\"\n\nfunction isNodeError(error: unknown): error is NodeJS.ErrnoException {\n return error instanceof Error && \"code\" in error\n}\n\nasync function readOptionalFile(filePath: string): Promise<string | null> {\n try {\n return await fs.readFile(filePath, \"utf8\")\n } catch (error) {\n if (isNodeError(error) && error.code === \"ENOENT\") {\n return null\n }\n throw error\n }\n}\n\nasync function writeProtectedFile(\n filePath: string,\n content: string,\n): Promise<void> {\n await fs.mkdir(path.dirname(filePath), { recursive: true })\n await fs.writeFile(filePath, content, \"utf8\")\n try {\n await fs.chmod(filePath, 0o600)\n } catch {\n return\n }\n}\n\nfunction normalizeCodexCredentials(\n credentials: unknown,\n): CodexCredentials | null {\n if (!credentials || typeof credentials !== \"object\") {\n return null\n }\n\n const candidate = credentials as Partial<CodexCredentials>\n if (\n typeof candidate.accessToken !== \"string\"\n || typeof candidate.refreshToken !== \"string\"\n || typeof candidate.expiresAt !== \"number\"\n || typeof candidate.accountId !== \"string\"\n ) {\n return null\n }\n\n return {\n accessToken: candidate.accessToken,\n refreshToken: candidate.refreshToken,\n expiresAt: candidate.expiresAt,\n accountId: candidate.accountId,\n }\n}\n\nexport async function readGitHubToken(): Promise<string | null> {\n const token = await readOptionalFile(PATHS.GITHUB_TOKEN_PATH)\n const normalizedToken = token?.trim()\n return normalizedToken || null\n}\n\nexport async function writeGitHubToken(token: string): Promise<void> {\n await writeProtectedFile(PATHS.GITHUB_TOKEN_PATH, token.trim())\n}\n\nexport async function readCodexCredentials(): Promise<CodexCredentials | null> {\n const raw = await readOptionalFile(PATHS.CODEX_CREDENTIAL_PATH)\n if (!raw?.trim()) {\n return null\n }\n\n let parsed: unknown\n try {\n parsed = JSON.parse(raw) as unknown\n } catch (error) {\n throw new Error(\n `Codex credentials file is not valid JSON: ${PATHS.CODEX_CREDENTIAL_PATH}`,\n {\n cause: error,\n },\n )\n }\n\n const credentials = normalizeCodexCredentials(parsed)\n if (!credentials) {\n throw new Error(\n `Codex credentials file is missing required fields: ${PATHS.CODEX_CREDENTIAL_PATH}`,\n )\n }\n\n return credentials\n}\n\nexport async function writeCodexCredentials(\n credentials: CodexCredentials,\n): Promise<void> {\n await writeProtectedFile(\n PATHS.CODEX_CREDENTIAL_PATH,\n `${JSON.stringify(credentials, null, 2)}\\n`,\n )\n}\n\nexport async function clearCodexCredentials(): Promise<void> {\n await writeProtectedFile(PATHS.CODEX_CREDENTIAL_PATH, \"\")\n}\n\nexport async function hasCodexCredentials(): Promise<boolean> {\n return (await readCodexCredentials()) !== null\n}\n","import consola from \"consola\"\nimport { setTimeout as delay } from \"node:timers/promises\"\n\nimport { isOpencodeOauthApp } from \"~/lib/api-config\"\nimport { getRawProviderConfig, setProviderConfig } from \"~/lib/config\"\nimport {\n readCodexCredentials,\n readGitHubToken,\n writeCodexCredentials,\n writeGitHubToken,\n} from \"~/lib/credential-store\"\nimport {\n isCodexCredentialsExpired,\n refreshCodexCredentials,\n type CodexCredentials,\n} from \"~/lib/oauth/codex\"\nimport { CODEX_API_BASE_URL } from \"~/services/codex/create-responses\"\nimport { getCopilotToken } from \"~/services/github/get-copilot-token\"\nimport { getCopilotUsage } from \"~/services/github/get-copilot-usage\"\nimport { getDeviceCode } from \"~/services/github/get-device-code\"\nimport { getGitHubUser } from \"~/services/github/get-user\"\nimport { pollAccessToken } from \"~/services/github/poll-access-token\"\n\nimport { HTTPError } from \"./error\"\nimport { state } from \"./state\"\n\nlet copilotRefreshLoopController: AbortController | null = null\nlet codexRefreshLoopController: AbortController | null = null\n\nexport const stopCopilotRefreshLoop = () => {\n if (!copilotRefreshLoopController) {\n return\n }\n\n copilotRefreshLoopController.abort()\n copilotRefreshLoopController = null\n}\n\nexport const stopCodexRefreshLoop = () => {\n if (!codexRefreshLoopController) {\n return\n }\n\n codexRefreshLoopController.abort()\n codexRefreshLoopController = null\n}\n\nfunction applyCodexCredentials(credentials: CodexCredentials): void {\n state.codexAccessToken = credentials.accessToken\n state.codexRefreshToken = credentials.refreshToken\n state.codexExpiresAt = credentials.expiresAt\n state.codexAccountId = credentials.accountId\n\n consola.debug(\"Codex credentials loaded successfully\")\n if (state.showToken) {\n consola.info(\"Codex access token:\", credentials.accessToken)\n }\n}\n\nfunction getLoadedCodexCredentials(): CodexCredentials | null {\n if (\n !state.codexAccessToken\n || !state.codexRefreshToken\n || !state.codexExpiresAt\n || !state.codexAccountId\n ) {\n return null\n }\n\n return {\n accessToken: state.codexAccessToken,\n refreshToken: state.codexRefreshToken,\n expiresAt: state.codexExpiresAt,\n accountId: state.codexAccountId,\n }\n}\n\nfunction syncCodexProviderConfig(options?: { enabled?: boolean }): void {\n const existingProviderConfig = getRawProviderConfig(\"codex\") ?? {}\n setProviderConfig(\"codex\", {\n ...existingProviderConfig,\n type: \"openai-responses\",\n enabled: options?.enabled ?? existingProviderConfig.enabled,\n baseUrl: CODEX_API_BASE_URL,\n authType: \"oauth2\",\n })\n}\n\nexport async function persistCodexCredentials(\n credentials: CodexCredentials,\n options?: { enableProvider?: boolean },\n): Promise<void> {\n await writeCodexCredentials(credentials)\n syncCodexProviderConfig({\n enabled: options?.enableProvider ? true : undefined,\n })\n applyCodexCredentials(credentials)\n}\n\nexport const setupCopilotToken = async () => {\n if (isOpencodeOauthApp()) {\n if (!state.githubToken) throw new Error(`opencode token not found`)\n\n state.copilotToken = state.githubToken\n\n consola.debug(\"GitHub Copilot token set from opencode auth token\")\n if (state.showToken) {\n consola.info(\"Copilot token:\", state.copilotToken)\n }\n\n stopCopilotRefreshLoop()\n return\n }\n\n const { token, refresh_in } = await getCopilotToken()\n state.copilotToken = token\n\n // Display the Copilot token to the screen\n consola.debug(\"GitHub Copilot Token fetched successfully!\")\n if (state.showToken) {\n consola.info(\"Copilot token:\", token)\n }\n\n stopCopilotRefreshLoop()\n\n const controller = new AbortController()\n copilotRefreshLoopController = controller\n\n runCopilotRefreshLoop(refresh_in, controller.signal)\n .catch(() => {\n consola.warn(\"Copilot token refresh loop stopped\")\n })\n .finally(() => {\n if (copilotRefreshLoopController === controller) {\n copilotRefreshLoopController = null\n }\n })\n}\n\nexport const setupCodexToken = async (): Promise<void> => {\n const loadedCredentials = getLoadedCodexCredentials()\n if (loadedCredentials && !isCodexCredentialsExpired(loadedCredentials)) {\n if (codexRefreshLoopController) {\n return\n }\n\n applyCodexCredentials(loadedCredentials)\n }\n\n const credentials = loadedCredentials ?? (await readCodexCredentials())\n if (!credentials) {\n throw new Error(\n `Codex credentials not found. Run \\`copilot-api auth login --provider codex\\` first.`,\n )\n }\n\n syncCodexProviderConfig()\n\n let nextCredentials = credentials\n if (isCodexCredentialsExpired(credentials)) {\n consola.debug(\"Refreshing expired Codex credentials\")\n nextCredentials = await refreshCodexCredentials(credentials)\n await persistCodexCredentials(nextCredentials)\n }\n\n applyCodexCredentials(nextCredentials)\n stopCodexRefreshLoop()\n\n const controller = new AbortController()\n codexRefreshLoopController = controller\n\n runCodexRefreshLoop(controller.signal)\n .catch(() => {\n consola.warn(\"Codex token refresh loop stopped\")\n })\n .finally(() => {\n if (codexRefreshLoopController === controller) {\n codexRefreshLoopController = null\n }\n })\n}\n\nconst REFRESH_POLL_INTERVAL_MS = 15_000\nconst EARLY_REFRESH_BUFFER_MS = 60_000\nconst RETRY_REFRESH_DELAY_MS = 15_000\nconst MIN_REFRESH_DELAY_MS = 1_000\n\nexport const getRefreshDeadlineMs = (\n refreshIn: number,\n nowMs: number = Date.now(),\n) =>\n nowMs\n + Math.max(refreshIn * 1000 - EARLY_REFRESH_BUFFER_MS, MIN_REFRESH_DELAY_MS)\n\n// Use short wall-clock chunks so the next wake after sleep notices elapsed time\n// quickly, without relying on the server's absolute expires_at matching local time.\nexport const getRefreshPollDelayMs = (\n refreshAtMs: number,\n nowMs: number = Date.now(),\n) => Math.min(Math.max(refreshAtMs - nowMs, 0), REFRESH_POLL_INTERVAL_MS)\n\nconst runCopilotRefreshLoop = async (\n refreshIn: number,\n signal: AbortSignal,\n) => {\n let refreshAtMs = getRefreshDeadlineMs(refreshIn)\n\n while (!signal.aborted) {\n const nextDelayMs = getRefreshPollDelayMs(refreshAtMs)\n if (nextDelayMs > 0) {\n await delay(nextDelayMs, undefined, { signal })\n continue\n }\n\n consola.debug(\"Refreshing Copilot token\")\n\n try {\n const { token, refresh_in } = await getCopilotToken()\n state.copilotToken = token\n refreshAtMs = getRefreshDeadlineMs(refresh_in)\n consola.debug(\"Copilot token refreshed\")\n if (state.showToken) {\n consola.info(\"Refreshed Copilot token:\", token)\n }\n } catch (error) {\n consola.error(\"Failed to refresh Copilot token:\", error)\n refreshAtMs = Date.now() + RETRY_REFRESH_DELAY_MS\n consola.warn(\n `Retrying Copilot token refresh in ${RETRY_REFRESH_DELAY_MS / 1000}s`,\n )\n }\n }\n}\n\nconst runCodexRefreshLoop = async (signal: AbortSignal) => {\n let refreshAtMs = Math.max(\n (state.codexExpiresAt ?? Date.now()) - EARLY_REFRESH_BUFFER_MS,\n Date.now(),\n )\n\n while (!signal.aborted) {\n const expiresAt = state.codexExpiresAt\n const refreshToken = state.codexRefreshToken\n if (!expiresAt || !refreshToken) {\n return\n }\n\n const nextDelayMs = getRefreshPollDelayMs(refreshAtMs)\n if (nextDelayMs > 0) {\n await delay(nextDelayMs, undefined, { signal })\n continue\n }\n\n consola.debug(\"Refreshing Codex credentials\")\n\n try {\n const credentials = await refreshCodexCredentials({\n accessToken: state.codexAccessToken ?? \"\",\n refreshToken,\n expiresAt,\n accountId: state.codexAccountId ?? \"\",\n })\n await persistCodexCredentials(credentials)\n refreshAtMs = Math.max(\n credentials.expiresAt - EARLY_REFRESH_BUFFER_MS,\n Date.now(),\n )\n consola.debug(\"Codex credentials refreshed\")\n } catch (error) {\n consola.error(\"Failed to refresh Codex credentials:\", error)\n refreshAtMs = Date.now() + RETRY_REFRESH_DELAY_MS\n consola.warn(\n `Retrying Codex token refresh in ${RETRY_REFRESH_DELAY_MS / 1000}s`,\n )\n }\n }\n}\n\ninterface SetupGitHubTokenOptions {\n force?: boolean\n}\n\nexport async function setupGitHubToken(\n options?: SetupGitHubTokenOptions,\n): Promise<void> {\n try {\n const githubToken = await readGitHubToken()\n\n if (githubToken && !options?.force) {\n state.githubToken = githubToken\n if (state.showToken) {\n consola.info(\"GitHub token:\", githubToken)\n }\n await logUser()\n\n return\n }\n\n consola.info(\"Not logged in, getting new access token\")\n const response = await getDeviceCode()\n consola.debug(\"Device code response:\", response)\n\n consola.info(\n `Please enter the code \"${response.user_code}\" in ${response.verification_uri}`,\n )\n\n const token = await pollAccessToken(response)\n await writeGitHubToken(token)\n state.githubToken = token\n\n if (state.showToken) {\n consola.info(\"GitHub token:\", token)\n }\n await logUser()\n } catch (error) {\n if (error instanceof HTTPError) {\n consola.error(\"Failed to get GitHub token:\", await error.response.json())\n throw error\n }\n\n consola.error(\"Failed to get GitHub token:\", error)\n throw error\n }\n}\n\nexport async function logUser() {\n const user = await getGitHubUser()\n state.userName = user.login\n consola.info(`Logged in as ${user.login}`)\n\n const copilotUser = await getCopilotUsage()\n state.copilotApiUrl = copilotUser.endpoints.api\n}\n"],"mappings":";;;;;;;;;;;AA0BA,MAAa,qBAAqB;;;ACrBlC,MAAM,gBAAgB;AACtB,MAAM,gBAAgB;AACtB,MAAM,gBAAgB;AACtB,MAAM,YAAY;AAClB,MAAM,gBAAgB;AACtB,MAAM,YAAY;AAClB,MAAM,eAAe,oBAAoB,gBAAgB;AACzD,MAAM,QAAQ;AACd,MAAM,iBAAiB;AAiCvB,SAAS,gBAAgB,OAA2B;CAClD,OAAO,OAAO,KAAK,MAAM,CAAC,SAAS,YAAY;;AAGjD,eAAe,eAGZ;CACD,MAAM,gBAAgB,IAAI,WAAW,GAAG;CACxC,OAAO,gBAAgB,cAAc;CACrC,MAAM,WAAW,gBAAgB,cAAc;CAC/C,MAAM,aAAa,MAAM,OAAO,OAAO,OACrC,WACA,IAAI,aAAa,CAAC,OAAO,SAAS,CACnC;CAED,OAAO;EACL;EACA,WAAW,gBAAgB,IAAI,WAAW,WAAW,CAAC;EACvD;;AAGH,SAAS,cAAsB;CAC7B,OAAO,YAAY,GAAG,CAAC,SAAS,MAAM;;AAGxC,SAAS,wBAAwB,OAG/B;CACA,MAAM,QAAQ,MAAM,MAAM;CAC1B,IAAI,CAAC,OACH,OAAO,EAAE;CAGX,IAAI;EACF,MAAM,MAAM,IAAI,IAAI,MAAM;EAC1B,OAAO;GACL,MAAM,IAAI,aAAa,IAAI,OAAO,IAAI,KAAA;GACtC,OAAO,IAAI,aAAa,IAAI,QAAQ,IAAI,KAAA;GACzC;SACK;CAIR,IAAI,MAAM,SAAS,IAAI,EAAE;EACvB,MAAM,CAAC,MAAM,SAAS,MAAM,MAAM,KAAK,EAAE;EACzC,OAAO;GAAE;GAAM;GAAO;;CAGxB,IAAI,MAAM,SAAS,QAAQ,EAAE;EAC3B,MAAM,SAAS,IAAI,gBAAgB,MAAM;EACzC,OAAO;GACL,MAAM,OAAO,IAAI,OAAO,IAAI,KAAA;GAC5B,OAAO,OAAO,IAAI,QAAQ,IAAI,KAAA;GAC/B;;CAGH,OAAO,EAAE,MAAM,OAAO;;AAGxB,SAAS,UAAU,aAAqD;CACtE,IAAI;EACF,MAAM,UAAU,YAAY,MAAM,IAAI,CAAC;EACvC,IAAI,CAAC,SACH,OAAO;EAET,OAAO,KAAK,MACV,OAAO,KAAK,SAAS,YAAY,CAAC,SAAS,OAAO,CACnD;SACK;EACN,OAAO;;;AAIX,SAAS,aAAa,aAAoC;CACxD,MAAM,UAAU,UAAU,YAAY;CACtC,IAAI,CAAC,SACH,OAAO;CAGT,MAAM,cAAc,QAAQ;CAC5B,IAAI,CAAC,eAAe,OAAO,gBAAgB,UACzC,OAAO;CAGT,MAAM,YAAa,YAChB;CACH,OAAO,OAAO,cAAc,YAAY,YAAY,YAAY;;AAGlE,SAAS,gBAAgB,SAAmC;CAC1D,OAAO;;;;;WAKE,WAAW,QAAQ,MAAM,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;UA+B3B,WAAW,QAAQ,QAAQ,CAAC;SAC7B,WAAW,QAAQ,QAAQ,CAAC;;;;;AAMrC,SAAS,WAAW,OAAuB;CACzC,OAAO,MACJ,WAAW,KAAK,QAAQ,CACxB,WAAW,KAAK,OAAO,CACvB,WAAW,KAAK,OAAO,CACvB,WAAW,MAAK,SAAS,CACzB,WAAW,KAAK,QAAQ;;AAG7B,SAAS,uBAAuB,SAAyB;CACvD,OAAO,gBAAgB;EACrB,OAAO;EACP,SAAS;EACT;EACD,CAAC;;AAGJ,SAAS,qBAAqB,SAAyB;CACrD,OAAO,gBAAgB;EACrB,OAAO;EACP,SAAS;EACT;EACD,CAAC;;AAGJ,eAAe,0BACb,MACA,UAC6B;CAC7B,MAAM,WAAW,MAAM,MAAM,WAAW;EACtC,QAAQ;EACR,SAAS,EACP,gBAAgB,qCACjB;EACD,MAAM,IAAI,gBAAgB;GACxB,YAAY;GACZ,WAAW;GACX;GACA,eAAe;GACf,cAAc;GACf,CAAC;EACH,CAAC;CAEF,IAAI,CAAC,SAAS,IAAI;EAChB,MAAM,UAAU,MAAM,SAAS,MAAM,CAAC,YAAY,GAAG;EACrD,MAAM,IAAI,MACR,gCAAgC,SAAS,OAAO,KAAK,WAAW,SAAS,aAC1E;;CAGH,MAAM,UAAW,MAAM,SAAS,MAAM;CAMtC,IACE,OAAO,QAAQ,iBAAiB,YAC7B,OAAO,QAAQ,kBAAkB,YACjC,OAAO,QAAQ,eAAe,UAEjC,MAAM,IAAI,UACR,iDAAiD,KAAK,UAAU,QAAQ,GACzE;CAGH,OAAO;EACL,aAAa,QAAQ;EACrB,cAAc,QAAQ;EACtB,WAAW,KAAK,KAAK,GAAG,QAAQ,aAAa;EAC9C;;AAgDH,eAAe,0BAIZ;CACD,MAAM,EAAE,UAAU,cAAc,MAAM,cAAc;CACpD,MAAM,QAAQ,aAAa;CAC3B,MAAM,MAAM,IAAI,IAAI,cAAc;CAClC,IAAI,aAAa,IAAI,iBAAiB,OAAO;CAC7C,IAAI,aAAa,IAAI,aAAa,UAAU;CAC5C,IAAI,aAAa,IAAI,gBAAgB,aAAa;CAClD,IAAI,aAAa,IAAI,SAAS,MAAM;CACpC,IAAI,aAAa,IAAI,kBAAkB,UAAU;CACjD,IAAI,aAAa,IAAI,yBAAyB,OAAO;CACrD,IAAI,aAAa,IAAI,SAAS,MAAM;CACpC,IAAI,aAAa,IAAI,8BAA8B,OAAO;CAC1D,IAAI,aAAa,IAAI,6BAA6B,OAAO;CACzD,IAAI,aAAa,IAAI,cAAc,cAAc;CAEjD,OAAO;EAAE;EAAU;EAAO,KAAK,IAAI,UAAU;EAAE;;AAGjD,eAAe,yBAAyB,OAAuC;CAC7E,IAAI;CACJ,MAAM,cAAc,IAAI,SAAwB,YAAY;EAC1D,cAAc;GACd;CAEF,MAAM,SAAS,cAAc,SAAS,aAAa;EACjD,IAAI;GACF,MAAM,MAAM,IAAI,IAAI,QAAQ,OAAO,IAAI,mBAAmB;GAC1D,IAAI,IAAI,aAAa,eAAe;IAClC,SAAS,aAAa;IACtB,SAAS,UAAU,gBAAgB,2BAA2B;IAC9D,SAAS,IAAI,qBAAqB,4BAA4B,CAAC;IAC/D;;GAGF,IAAI,IAAI,aAAa,IAAI,QAAQ,KAAK,OAAO;IAC3C,SAAS,aAAa;IACtB,SAAS,UAAU,gBAAgB,2BAA2B;IAC9D,SAAS,IAAI,qBAAqB,kBAAkB,CAAC;IACrD;;GAGF,MAAM,OAAO,IAAI,aAAa,IAAI,OAAO;GACzC,IAAI,CAAC,MAAM;IACT,SAAS,aAAa;IACtB,SAAS,UAAU,gBAAgB,2BAA2B;IAC9D,SAAS,IAAI,qBAAqB,8BAA8B,CAAC;IACjE;;GAGF,SAAS,aAAa;GACtB,SAAS,UAAU,gBAAgB,2BAA2B;GAC9D,SAAS,IACP,uBACE,oEACD,CACF;GACD,cAAc,KAAK;UACb;GACN,SAAS,aAAa;GACtB,SAAS,UAAU,gBAAgB,2BAA2B;GAC9D,SAAS,IACP,qBAAqB,kDAAkD,CACxE;;GAEH;CAEF,IAAI;EACF,MAAM,IAAI,SAAe,SAAS,WAAW;GAC3C,OAAO,KAAK,SAAS,OAAO;GAC5B,OAAO,OAAO,eAAe,qBAAqB;IAChD,OAAO,IAAI,SAAS,OAAO;IAC3B,SAAS;KACT;IACF;SACI;EACN,OAAO;;CAGT,IAAI;EACF,OAAO,MAAM;WACL;EACR,MAAM,IAAI,SAAe,SAAS,WAAW;GAC3C,OAAO,OAAO,UAAU;IACtB,IAAI,OAAO;KACT,OAAO,MAAM;KACb;;IAEF,SAAS;KACT;IACF,CAAC,YAAY,KAAA,EAAU;;;AAI7B,eAAsB,WACpB,SAC2B;CAC3B,MAAM,EAAE,UAAU,OAAO,QAAQ,MAAM,yBAAyB;CAChE,QAAQ,OAAO;EACb;EACA,cACE;EACH,CAAC;CACF,QAAQ,aAAa,mCAAmC;CAExD,IAAI,OAAO,MAAM,yBAAyB,MAAM;CAChD,IAAI,CAAC,MAAM;EAIT,MAAM,SAAS,wBAAwB,MAHnB,QAAQ,SAC1B,qDACD,CAC4C;EAC7C,IAAI,OAAO,SAAS,OAAO,UAAU,OACnC,MAAM,IAAI,MAAM,6BAA6B;EAE/C,OAAO,OAAO,QAAQ;;CAGxB,IAAI,CAAC,MACH,MAAM,IAAI,MAAM,mCAAmC;CAGrD,MAAM,cAAc,MAAM,0BAA0B,MAAM,SAAS;CACnE,MAAM,YAAY,aAAa,YAAY,YAAY;CACvD,IAAI,CAAC,WACH,MAAM,IAAI,MAAM,uDAAuD;CAGzE,OAAO;EACL,aAAa,YAAY;EACzB,cAAc,YAAY;EAC1B,WAAW,YAAY;EACvB;EACD;;;;AC3aH,SAAS,YAAY,OAAgD;CACnE,OAAO,iBAAiB,SAAS,UAAU;;AAG7C,eAAe,iBAAiB,UAA0C;CACxE,IAAI;EACF,OAAO,MAAM,GAAG,SAAS,UAAU,OAAO;UACnC,OAAO;EACd,IAAI,YAAY,MAAM,IAAI,MAAM,SAAS,UACvC,OAAO;EAET,MAAM;;;AAIV,eAAe,mBACb,UACA,SACe;CACf,MAAM,GAAG,MAAM,KAAK,QAAQ,SAAS,EAAE,EAAE,WAAW,MAAM,CAAC;CAC3D,MAAM,GAAG,UAAU,UAAU,SAAS,OAAO;CAC7C,IAAI;EACF,MAAM,GAAG,MAAM,UAAU,IAAM;SACzB;EACN;;;AA6BJ,eAAsB,kBAA0C;CAG9D,QADwB,MADJ,iBAAiB,MAAM,kBAAkB,GAC9B,MAAM,IACX;;AAG5B,eAAsB,iBAAiB,OAA8B;CACnE,MAAM,mBAAmB,MAAM,mBAAmB,MAAM,MAAM,CAAC;;AA+BjE,eAAsB,sBACpB,aACe;CACf,MAAM,mBACJ,MAAM,uBACN,GAAG,KAAK,UAAU,aAAa,MAAM,EAAE,CAAC,IACzC;;;;ACzDH,SAAS,sBAAsB,aAAqC;CAClE,MAAM,mBAAmB,YAAY;CACrC,MAAM,oBAAoB,YAAY;CACtC,MAAM,iBAAiB,YAAY;CACnC,MAAM,iBAAiB,YAAY;CAEnC,QAAQ,MAAM,wCAAwC;CACtD,IAAI,MAAM,WACR,QAAQ,KAAK,uBAAuB,YAAY,YAAY;;AAsBhE,SAAS,wBAAwB,SAAuC;CACtE,MAAM,yBAAyB,qBAAqB,QAAQ,IAAI,EAAE;CAClE,kBAAkB,SAAS;EACzB,GAAG;EACH,MAAM;EACN,SAAS,SAAS,WAAW,uBAAuB;EACpD,SAAS;EACT,UAAU;EACX,CAAC;;AAGJ,eAAsB,wBACpB,aACA,SACe;CACf,MAAM,sBAAsB,YAAY;CACxC,wBAAwB,EACtB,SAAS,SAAS,iBAAiB,OAAO,KAAA,GAC3C,CAAC;CACF,sBAAsB,YAAY;;AA0LpC,eAAsB,iBACpB,SACe;CACf,IAAI;EACF,MAAM,cAAc,MAAM,iBAAiB;EAE3C,IAAI,eAAe,CAAC,SAAS,OAAO;GAClC,MAAM,cAAc;GACpB,IAAI,MAAM,WACR,QAAQ,KAAK,iBAAiB,YAAY;GAE5C,MAAM,SAAS;GAEf;;EAGF,QAAQ,KAAK,0CAA0C;EACvD,MAAM,WAAW,MAAM,eAAe;EACtC,QAAQ,MAAM,yBAAyB,SAAS;EAEhD,QAAQ,KACN,0BAA0B,SAAS,UAAU,OAAO,SAAS,mBAC9D;EAED,MAAM,QAAQ,MAAM,gBAAgB,SAAS;EAC7C,MAAM,iBAAiB,MAAM;EAC7B,MAAM,cAAc;EAEpB,IAAI,MAAM,WACR,QAAQ,KAAK,iBAAiB,MAAM;EAEtC,MAAM,SAAS;UACR,OAAO;EACd,IAAI,iBAAiB,WAAW;GAC9B,QAAQ,MAAM,+BAA+B,MAAM,MAAM,SAAS,MAAM,CAAC;GACzE,MAAM;;EAGR,QAAQ,MAAM,+BAA+B,MAAM;EACnD,MAAM;;;AAIV,eAAsB,UAAU;CAC9B,MAAM,OAAO,MAAM,eAAe;CAClC,MAAM,WAAW,KAAK;CACtB,QAAQ,KAAK,gBAAgB,KAAK,QAAQ;CAG1C,MAAM,iBAAgB,MADI,iBAAiB,EACT,UAAU"}

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "$schema": "https://json.schemastore.org/package.json",
   "name": "@nick3/copilot-api",
-  "version": "1.10.8",
+  "version": "1.10.29",
   "description": "OpenAI and Anthropic-compatible gateway for GitHub Copilot or third-party providers.",
   "keywords": [
     "ai-gateway",