@openhoo/hoopilot 2.0.0 → 2.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +26 -13
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -131,32 +131,45 @@ The standalone installer also installs a `codexx` wrapper next to `hoopilot`. Re
|
|
|
131
131
|
|
|
132
132
|
### Docker
|
|
133
133
|
|
|
134
|
-
Run Hoopilot as a long-lived service from the published multi-arch image on the GitHub Container Registry (`linux/amd64` and `linux/arm64`)
|
|
134
|
+
Run Hoopilot as a long-lived service from the published multi-arch image on the GitHub Container Registry (`linux/amd64` and `linux/arm64`). The commands below are the same on Windows (PowerShell or `cmd`), macOS, and Linux — only the shell prompt differs.
|
|
135
|
+
|
|
136
|
+
#### Keyless local quick start
|
|
137
|
+
|
|
138
|
+
Published on loopback (`127.0.0.1`) only, the proxy is unreachable from other hosts, so no client API key is needed. Three commands — nothing to export, no keys to generate or keep in sync:
|
|
135
139
|
|
|
136
140
|
```sh
|
|
137
|
-
# 1. Sign in once; the OAuth credential
|
|
141
|
+
# 1. Sign in once; the OAuth credential persists in the named volume.
|
|
138
142
|
docker run --rm -it -v hoopilot-data:/data ghcr.io/openhoo/hoopilot login
|
|
139
143
|
|
|
140
|
-
# 2.
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
|
|
144
|
+
# 2. Start the proxy: loopback-only, no key.
|
|
145
|
+
docker run -d --name hoopilot --restart unless-stopped -p 127.0.0.1:4141:4141 -e HOOPILOT_ALLOW_UNAUTHENTICATED=1 -v hoopilot-data:/data ghcr.io/openhoo/hoopilot
|
|
146
|
+
|
|
147
|
+
# 3. Run Codex through it from any directory — no key, no setup.
|
|
148
|
+
npx --package @openhoo/hoopilot codexx --yolo
|
|
149
|
+
```
|
|
150
|
+
|
|
151
|
+
Every line is a single command that pastes as-is into PowerShell, `cmd`, bash, or zsh. Step 3 needs the `codex` CLI on your `PATH`; `codexx` defaults to `gpt-5.5` and sends a throwaway key that the keyless proxy accepts (Bun users can swap `npx --package @openhoo/hoopilot` for `bunx`).
|
|
152
|
+
|
|
153
|
+
Or, from a clone of this repo, use the bundled `docker-compose.yml` — it is keyless on loopback by default:
|
|
154
|
+
|
|
155
|
+
```sh
|
|
156
|
+
docker compose run --rm hoopilot login # one-time
|
|
157
|
+
docker compose up -d # keyless on loopback
|
|
146
158
|
```
|
|
147
159
|
|
|
148
160
|
Tags follow the release version, for example `ghcr.io/openhoo/hoopilot:1.3`, `:1.3.0`, and `:latest`. The image listens on `0.0.0.0:4141` (required so Docker port publishing can reach it), runs as a non-root user, and stores its OAuth credential at `/data/auth.json` by default. Override that path with `HOOPILOT_AUTH_FILE`.
|
|
149
161
|
|
|
150
|
-
|
|
162
|
+
#### Exposing the proxy beyond loopback
|
|
151
163
|
|
|
152
|
-
|
|
164
|
+
The image binds `0.0.0.0` and cannot tell whether the published port is loopback-only, so it fails closed: drop the `-e HOOPILOT_ALLOW_UNAUTHENTICATED=1` opt-in (or map the port to a non-loopback interface) and it refuses to start without a strong, unique `HOOPILOT_API_KEY` (well-known demo keys are rejected). Clients then send that key as `Authorization: Bearer <key>` or `x-api-key: <key>`:
|
|
153
165
|
|
|
154
166
|
```sh
|
|
155
|
-
docker compose run --rm hoopilot login
|
|
156
167
|
export HOOPILOT_API_KEY=$(openssl rand -hex 24)
|
|
157
|
-
docker
|
|
168
|
+
docker run -d --name hoopilot --restart unless-stopped -p 4141:4141 -e HOOPILOT_API_KEY -v hoopilot-data:/data ghcr.io/openhoo/hoopilot
|
|
158
169
|
```
|
|
159
170
|
|
|
171
|
+
With compose, a set `HOOPILOT_API_KEY` takes precedence over the keyless default: `export HOOPILOT_API_KEY=$(openssl rand -hex 24)` then `docker compose up -d`. To run unauthenticated on a non-loopback bind anyway — for example behind your own authenticating proxy — keep `HOOPILOT_ALLOW_UNAUTHENTICATED=1`. Point `codexx` at a keyed server by exporting the same `HOOPILOT_API_KEY` (or `CODEXX_API_KEY`) in its environment.
|
|
172
|
+
|
|
160
173
|
## Update
|
|
161
174
|
|
|
162
175
|
Standalone binaries update themselves in place from the latest GitHub release:
|
|
@@ -233,7 +246,7 @@ Without a global install:
|
|
|
233
246
|
npx --package @openhoo/hoopilot codexx
|
|
234
247
|
```
|
|
235
248
|
|
|
236
|
-
If the server
|
|
249
|
+
With the [keyless Docker quick start](#keyless-local-quick-start), no key is involved: `codexx --yolo` works from any directory because `codexx` sends a throwaway key that the loopback-only proxy accepts. If the server *does* require an API key, set `HOOPILOT_API_KEY` (or `CODEXX_API_KEY`) in the `codexx` environment to match.
|
|
237
250
|
|
|
238
251
|
`codexx` does not start Hoopilot and does not alter your shell environment. It starts `codex` with a temporary `hoopilot` model provider pointed at `http://127.0.0.1:4141/v1`, uses the Responses API wire format, disables Responses WebSockets for that provider, maps `HOOPILOT_API_KEY` (or a random throwaway key when none is set) to `OPENAI_API_KEY` for the child process, passes `--disable network_proxy`, and removes standard proxy variables from the spawned Codex process.
|
|
239
252
|
|