@pikoloo/codex-proxy 1.0.6

package/src/middleware/credentials.js

@@ -0,0 +1,116 @@
+/**
+ * Credentials Middleware
+ * Resolves and validates the active account credentials,
+ * auto-refreshing tokens when they are expired or expiring soon.
+ */
+
+import {
+  getActiveAccount,
+  refreshAccountToken,
+  isTokenExpiredOrExpiringSoon,
+  loadAccounts
+} from '../account-manager.js';
+import { logger } from '../utils/logger.js';
+
+/**
+ * Resolves the active account credentials, refreshing the token if needed.
+ * Returns null if no valid account is available.
+ *
+ * @returns {Promise<{accessToken: string, accountId: string, email: string}|null>}
+ */
+export async function getCredentialsOrError() {
+  const account = getActiveAccount();
+
+  if (!account) {
+    logger.info('No active account found');
+    return null;
+  }
+
+  if (!account.accessToken || !account.accountId) {
+    logger.info(`Account ${account.email} missing token or accountId`);
+    return null;
+  }
+
+  if (isTokenExpiredOrExpiringSoon(account)) {
+    logger.info(`Token expired/expiring soon for ${account.email}, refreshing...`);
+    const result = await refreshAccountToken(account.email);
+
+    if (!result.success) {
+      logger.error(`Failed to refresh token: ${result.message}`);
+      return null;
+    }
+
+    const refreshedAccount = getActiveAccount();
+    if (!refreshedAccount) {
+      logger.error('Failed to get refreshed account');
+      return null;
+    }
+
+    logger.info(`Using refreshed token for ${refreshedAccount.email}`);
+    return {
+      accessToken: refreshedAccount.accessToken,
+      accountId: refreshedAccount.accountId,
+      email: refreshedAccount.email
+    };
+  }
+
+  return {
+    accessToken: account.accessToken,
+    accountId: account.accountId,
+    email: account.email
+  };
+}
+
+/**
+ * Get credentials for a specific account by email.
+ * @param {string} email
+ * @returns {Promise<{accessToken: string, accountId: string, email: string}|null>}
+ */
+export async function getCredentialsForAccount(email) {
+  const data = loadAccounts();
+  const account = data.accounts.find(a => a.email === email);
+
+  if (!account) {
+    return null;
+  }
+
+  if (!account.accessToken || !account.accountId) {
+    return null;
+  }
+
+  if (isTokenExpiredOrExpiringSoon(account)) {
+    const result = await refreshAccountToken(account.email);
+    if (!result.success) {
+      return null;
+    }
+    const refreshedData = loadAccounts();
+    const refreshedAccount = refreshedData.accounts.find(a => a.email === email);
+    if (!refreshedAccount) return null;
+
+    return {
+      accessToken: refreshedAccount.accessToken,
+      accountId: refreshedAccount.accountId,
+      email: refreshedAccount.email
+    };
+  }
+
+  return {
+    accessToken: account.accessToken,
+    accountId: account.accountId,
+    email: account.email
+  };
+}
+
+/**
+ * Sends a 401 authentication error response.
+ * @param {import('express').Response} res
+ * @param {string} [message]
+ */
+export function sendAuthError(res, message = 'No active account with valid credentials. Add an account via /accounts/add') {
+  return res.status(401).json({
+    type: 'error',
+    error: { type: 'authentication_error', message }
+  });
+}
+
+export default { getCredentialsOrError, getCredentialsForAccount, sendAuthError };

package/src/middleware/sse.js

@@ -0,0 +1,96 @@
+/**
+ * SSE Helpers
+ * Shared utilities for Server-Sent Events streaming and error responses.
+ */
+
+import { formatSSEEvent } from '../response-streamer.js';
+import { logger } from '../utils/logger.js';
+
+/**
+ * Sets the standard SSE response headers and flushes them.
+ * @param {import('express').Response} res
+ */
+export function initSSEResponse(res) {
+  res.setHeader('Content-Type', 'text/event-stream');
+  res.setHeader('Cache-Control', 'no-cache');
+  res.setHeader('Connection', 'keep-alive');
+  res.setHeader('X-Accel-Buffering', 'no');
+  res.flushHeaders();
+}
+
+/**
+ * Streams an async generator of Anthropic-format SSE events to the response.
+ * Writes [DONE] and ends the response when the generator is exhausted.
+ *
+ * @param {import('express').Response} res
+ * @param {AsyncIterable<object>} eventStream
+ */
+export async function pipeSSEStream(res, eventStream) {
+  for await (const event of eventStream) {
+    res.write(formatSSEEvent(event));
+  }
+  res.write('data: [DONE]\n\n');
+  res.end();
+}
+
+/**
+ * Sends a structured Anthropic-style error JSON response.
+ * If headers have already been sent (mid-stream), writes an SSE error event instead.
+ *
+ * @param {import('express').Response} res
+ * @param {Error} error
+ * @param {string} model
+ * @param {number} startTime
+ */
+export function handleStreamError(res, error, model, startTime) {
+  const duration = Date.now() - startTime;
+  logger.response(500, { model, error: error.message, duration });
+
+  if (res.headersSent) {
+    res.write(
+      `event: error\ndata: ${JSON.stringify({
+        type: 'error',
+        error: { type: 'api_error', message: error.message }
+      })}\n\n`
+    );
+    res.end();
+    return;
+  }
+
+  if (error.message.includes('AUTH_EXPIRED')) {
+    return res.status(401).json({
+      type: 'error',
+      error: { type: 'authentication_error', message: 'Token expired. Please refresh or re-authenticate.' }
+    });
+  }
+
+  if (error.message.startsWith('RATE_LIMITED:')) {
+    const parts = error.message.split(':');
+    const resetMs = parseInt(parts[1], 10);
+    const errorText = parts.slice(2).join(':') || error.message;
+
+    return res.status(429).json({
+      type: 'error',
+      error: {
+        type: 'rate_limit_error',
+        message: errorText,
+        resetMs: resetMs,
+        resetSeconds: Math.round(resetMs / 1000)
+      }
+    });
+  }
+
+  if (error.message.includes('RESOURCE_EXHAUSTED')) {
+    return res.status(429).json({
+      type: 'error',
+      error: { type: 'rate_limit_error', message: error.message }
+    });
+  }
+
+  res.status(500).json({
+    type: 'error',
+    error: { type: 'api_error', message: error.message }
+  });
+}
+
+export default { initSSEResponse, pipeSSEStream, handleStreamError };

package/src/model-api.js

@@ -0,0 +1,189 @@
+/**
+ * Model API for ChatGPT Codex
+ * Handles model listing and quota retrieval from ChatGPT backend API.
+ */
+
+const CHATGPT_API_BASE = 'https://chatgpt.com/backend-api';
+const CLIENT_VERSION = '0.100.0';
+
+const MODEL_CACHE = {
+    models: null,
+    lastFetched: 0,
+    ttlMs: 5 * 60 * 1000
+};
+
+export async function fetchModels(accessToken, accountId) {
+    const now = Date.now();
+    
+    if (MODEL_CACHE.models && (now - MODEL_CACHE.lastFetched) < MODEL_CACHE.ttlMs) {
+        return MODEL_CACHE.models;
+    }
+    
+    const url = `${CHATGPT_API_BASE}/codex/models?client_version=${CLIENT_VERSION}`;
+    
+    const response = await fetch(url, {
+        method: 'GET',
+        headers: {
+            'Authorization': `Bearer ${accessToken}`,
+            'ChatGPT-Account-ID': accountId,
+            'Accept': 'application/json'
+        }
+    });
+    
+    if (!response.ok) {
+        const errorText = await response.text();
+        throw new Error(`Failed to fetch models: ${response.status} - ${errorText}`);
+    }
+    
+    const data = await response.json();
+    
+    const models = (data.models || []).map(m => ({
+        id: m.slug,
+        name: m.display_name || m.slug,
+        description: m.description || '',
+        defaultReasoningLevel: m.default_reasoning_level || 'medium',
+        supportedReasoningLevels: m.supported_reasoning_levels || [],
+        supportedInApi: m.supported_in_api || false,
+        visibility: m.visibility || 'list'
+    }));
+    
+    MODEL_CACHE.models = models;
+    MODEL_CACHE.lastFetched = now;
+    
+    return models;
+}
+
+export async function fetchUsage(accessToken, accountId) {
+    const url = `${CHATGPT_API_BASE}/wham/usage`;
+    
+    const response = await fetch(url, {
+        method: 'GET',
+        headers: {
+            'Authorization': `Bearer ${accessToken}`,
+            'ChatGPT-Account-ID': accountId,
+            'Accept': 'application/json'
+        }
+    });
+    
+    if (!response.ok) {
+        const errorText = await response.text();
+        throw new Error(`Failed to fetch usage: ${response.status} - ${errorText}`);
+    }
+    
+    const data = await response.json();
+    
+    const primaryWindow = data.rate_limit?.primary_window || {};
+    const usedPercentRaw = Number(primaryWindow?.used_percent);
+    const usedPercent = Number.isFinite(usedPercentRaw) ? usedPercentRaw : 0;
+
+    const limitWindowSecondsRaw = Number(primaryWindow?.limit_window_seconds);
+    const limitWindowSeconds = Number.isFinite(limitWindowSecondsRaw) ? limitWindowSecondsRaw : null;
+
+    const resetAfterSecondsRaw = Number(primaryWindow?.reset_after_seconds);
+    const resetAfterSeconds = Number.isFinite(resetAfterSecondsRaw) ? resetAfterSecondsRaw : null;
+
+    const resetAtEpoch = Number(primaryWindow?.reset_at);
+    const resetAt = Number.isFinite(resetAtEpoch) ? new Date(resetAtEpoch * 1000).toISOString() : null;
+    
+    return {
+        totalTokenUsage: usedPercent,
+        limit: 100,
+        remaining: 100 - usedPercent,
+        percentage: usedPercent,
+        resetAt: resetAt,
+        resetAfterSeconds: resetAfterSeconds,
+        limitWindowSeconds: limitWindowSeconds,
+        planType: data.plan_type || null,
+        limitReached: data.rate_limit?.limit_reached || false,
+        allowed: data.rate_limit?.allowed ?? true,
+        raw: data
+    };
+}
+
+export async function fetchAccountCheck(accessToken, accountId) {
+    const url = `${CHATGPT_API_BASE}/wham/accounts/check`;
+    
+    const response = await fetch(url, {
+        method: 'GET',
+        headers: {
+            'Authorization': `Bearer ${accessToken}`,
+            'ChatGPT-Account-ID': accountId,
+            'Accept': 'application/json'
+        }
+    });
+    
+    if (!response.ok) {
+        const errorText = await response.text();
+        throw new Error(`Failed to fetch account check: ${response.status} - ${errorText}`);
+    }
+    
+    return await response.json();
+}
+
+export async function getAccountQuota(accessToken, accountId) {
+    try {
+        const [usage, accountCheck] = await Promise.allSettled([
+            fetchUsage(accessToken, accountId),
+            fetchAccountCheck(accessToken, accountId)
+        ]);
+        
+        const quotaInfo = {
+            usage: usage.status === 'fulfilled' ? usage.value : null,
+            account: accountCheck.status === 'fulfilled' ? accountCheck.value : null,
+            fetchedAt: new Date().toISOString()
+        };
+        
+        if (usage.status === 'rejected') {
+            quotaInfo.usageError = usage.reason?.message || 'Unknown error';
+        }
+        
+        if (accountCheck.status === 'rejected') {
+            quotaInfo.accountError = accountCheck.reason?.message || 'Unknown error';
+        }
+        
+        return quotaInfo;
+    } catch (error) {
+        return {
+            usage: null,
+            account: null,
+            error: error.message,
+            fetchedAt: new Date().toISOString()
+        };
+    }
+}
+
+export async function getModelsAndQuota(accessToken, accountId) {
+    try {
+        const [models, quota] = await Promise.all([
+            fetchModels(accessToken, accountId),
+            getAccountQuota(accessToken, accountId)
+        ]);
+        
+        return {
+            models,
+            quota,
+            success: true
+        };
+    } catch (error) {
+        return {
+            models: null,
+            quota: null,
+            error: error.message,
+            success: false
+        };
+    }
+}
+
+export function clearModelCache() {
+    MODEL_CACHE.models = null;
+    MODEL_CACHE.lastFetched = 0;
+}
+
+export default {
+    fetchModels,
+    fetchUsage,
+    fetchAccountCheck,
+    getAccountQuota,
+    getModelsAndQuota,
+    clearModelCache
+};

package/src/model-mapper.js

@@ -0,0 +1,157 @@
+/**
+ * Model Mapper
+ * Maps Anthropic/Claude model names to upstream OpenAI/Kilo model identifiers.
+ */
+
+import { getServerSettings } from './server-settings.js';
+
+const DEFAULT_OPENAI_MODEL = 'gpt-5.5';
+const DEFAULT_SMALL_OPENAI_MODEL = 'gpt-5.4-mini';
+const LATEST_CODEX_MODEL = 'gpt-5.3-codex';
+const KILO_ENABLED_ENV = 'CODEX_CLAUDE_PROXY_ENABLE_KILO';
+
+const CLAUDE_MODEL_MAP = {
+  // Current Claude 4.6 models (Feb 2026)
+  'claude-opus-4-6': DEFAULT_OPENAI_MODEL,
+  'claude-opus-4-6-20250219': DEFAULT_OPENAI_MODEL,
+  'claude-sonnet-4-6': DEFAULT_OPENAI_MODEL,
+  'claude-sonnet-4-6-20250219': DEFAULT_OPENAI_MODEL,
+  'claude-haiku-4-5': DEFAULT_SMALL_OPENAI_MODEL,
+  'claude-haiku-4-5-20250219': DEFAULT_SMALL_OPENAI_MODEL,
+  
+  // 1M context variants
+  'claude-opus-4-6-1m': DEFAULT_OPENAI_MODEL,
+  'claude-sonnet-4-6-1m': DEFAULT_OPENAI_MODEL,
+  
+  // Legacy Claude 4.5 models (deprecated but still supported)
+  'claude-opus-4-5': DEFAULT_OPENAI_MODEL,
+  'claude-opus-4-5-20250514': DEFAULT_OPENAI_MODEL,
+  'claude-sonnet-4-5': DEFAULT_OPENAI_MODEL,
+  'claude-sonnet-4-5-20250514': DEFAULT_OPENAI_MODEL,
+  'claude-sonnet-4-20250514': DEFAULT_OPENAI_MODEL,
+  'claude-haiku-4-20250514': DEFAULT_SMALL_OPENAI_MODEL,
+  'claude-haiku-3-5-20250514': DEFAULT_SMALL_OPENAI_MODEL,
+  
+  // Legacy Claude 3.x models
+  'claude-3-5-sonnet-20240620': DEFAULT_OPENAI_MODEL,
+  'claude-3-opus-20240229': DEFAULT_OPENAI_MODEL,
+  'claude-3-sonnet-20240229': DEFAULT_OPENAI_MODEL,
+  'claude-3-haiku-20240307': DEFAULT_SMALL_OPENAI_MODEL,
+  
+  // Short aliases
+  'sonnet': DEFAULT_OPENAI_MODEL,
+  'opus': DEFAULT_OPENAI_MODEL,
+  'haiku': DEFAULT_SMALL_OPENAI_MODEL,
+  'codex': LATEST_CODEX_MODEL,
+  'kilo': 'kilo',
+  
+  // Direct OpenAI models
+  'gpt-5.5': 'gpt-5.5',
+  'gpt-5.5-2026-04-23': 'gpt-5.5-2026-04-23',
+  'gpt-5.4': 'gpt-5.4',
+  'gpt-5.4-2026-03-05': 'gpt-5.4-2026-03-05',
+  'gpt-5.4-mini': 'gpt-5.4-mini',
+  'gpt-5.4-nano': 'gpt-5.4-nano',
+  'gpt-5.3-codex': 'gpt-5.3-codex',
+  'gpt-5.2-codex': 'gpt-5.2-codex',
+  'gpt-5.1-codex-max': 'gpt-5.1-codex-max',
+  'gpt-5.1-codex': 'gpt-5.1-codex',
+  'gpt-5-codex': 'gpt-5-codex',
+  'gpt-5.2': 'gpt-5.2',
+  'gpt-5.1': 'gpt-5.1',
+  'gpt-5': 'gpt-5',
+  'gpt-5.1-codex-mini': 'gpt-5.1-codex-mini',
+  'gpt-5-codex-mini': 'gpt-5-codex-mini'
+};
+
+/**
+ * Maps a Claude/Anthropic model name to the upstream model identifier.
+ * Falls back to the current OpenAI flagship model for unknown models.
+ * @param {string} model
+ * @returns {string}
+ */
+export function mapClaudeModel(model) {
+  if (!model) return DEFAULT_OPENAI_MODEL;
+
+  if (CLAUDE_MODEL_MAP[model]) {
+    return CLAUDE_MODEL_MAP[model];
+  }
+
+  const modelLower = model.toLowerCase();
+
+  if (modelLower.startsWith('gpt-')) {
+    return modelLower;
+  }
+
+  if (modelLower.startsWith('claude-')) {
+    const cleanModel = modelLower.replace(/^claude-/, '');
+    if (cleanModel.includes('opus')) return DEFAULT_OPENAI_MODEL;
+    if (cleanModel.includes('sonnet')) return DEFAULT_OPENAI_MODEL;
+    if (cleanModel.includes('haiku')) return DEFAULT_SMALL_OPENAI_MODEL;
+  }
+
+  for (const [key, value] of Object.entries(CLAUDE_MODEL_MAP)) {
+    if (modelLower.includes(key.toLowerCase())) {
+      return value;
+    }
+  }
+
+  return DEFAULT_OPENAI_MODEL;
+}
+
+/**
+ * Returns true if the mapped model should be routed through Kilo.
+ * @param {string} mappedModel
+ * @returns {boolean}
+ */
+export function isKiloModel(mappedModel) {
+  return mappedModel === 'kilo';
+}
+
+export function isKiloEnabled() {
+  return process.env[KILO_ENABLED_ENV] === 'true';
+}
+
+/**
+ * Resolves the actual Kilo model identifier based on server settings.
+ * The setting stores the full Kilo model ID (e.g. 'minimax/minimax-m2.5:free').
+ * @returns {string}
+ */
+export function resolveKiloModel() {
+  const settings = getServerSettings();
+  return settings.haikuKiloModel || 'minimax/minimax-m2.5:free';
+}
+
+/**
+ * Resolves all model routing info from a requested model name.
+ * @param {string} requestedModel
+ * @returns {{ mappedModel: string, isKilo: boolean, kiloTarget: string|null, upstreamModel: string }}
+ */
+export function resolveModelRouting(requestedModel) {
+  const mappedModel = mapClaudeModel(requestedModel || DEFAULT_OPENAI_MODEL);
+  const isKilo = isKiloModel(mappedModel);
+  const kiloTarget = isKilo ? resolveKiloModel() : null;
+  const upstreamModel = isKilo ? kiloTarget : mappedModel;
+  return { mappedModel, isKilo, kiloTarget, upstreamModel };
+}
+
+export {
+  CLAUDE_MODEL_MAP,
+  DEFAULT_OPENAI_MODEL,
+  DEFAULT_SMALL_OPENAI_MODEL,
+  LATEST_CODEX_MODEL,
+  KILO_ENABLED_ENV
+};
+
+export default {
+  mapClaudeModel,
+  isKiloModel,
+  resolveKiloModel,
+  resolveModelRouting,
+  CLAUDE_MODEL_MAP,
+  DEFAULT_OPENAI_MODEL,
+  DEFAULT_SMALL_OPENAI_MODEL,
+  LATEST_CODEX_MODEL,
+  KILO_ENABLED_ENV,
+  isKiloEnabled
+};