@pikoloo/codex-proxy 1.1.0 → 1.2.2

package/src/routes/api-routes.js

@@ -9,7 +9,7 @@ import { join, dirname } from 'path';
 import { fileURLToPath } from 'url';
 import { createRequire } from 'module';
 
-import { getStatus, ACCOUNTS_FILE } from '../account-manager.js';
+import { getStatus, ACCOUNT_FILE } from '../account-manager.js';
 
 // Route handlers
 import { handleMessages } from './messages-route.js';
@@ -28,20 +28,16 @@ import { handleGetLogs, handleStreamLogs } from './logs-route.js';
 import { handleGetMetricsRecent, handleGetMetricsStorage, handleGetMetricsSummary } from './metrics-route.js';
 import { handleGetClaudeConfig, handleSetProxyMode, handleSetDirectMode, handleSetClaudeApiEndpoint } from './claude-config-route.js';
 import {
-  handleListAccounts,
+  handleGetAccount,
   handleAccountStatus,
   handleOAuthCleanup,
   handleAddAccount,
   handleAddAccountManual,
-  handleSwitchAccount,
   handleRefreshAccount,
-  handleRefreshAllAccounts,
-  handleRefreshActiveAccount,
   handleRemoveAccount,
   handleImportAccount,
-  handleGetQuota,
-  handleGetAllQuotas
-} from './accounts-route.js';
+  handleGetQuota
+} from './account-route.js';
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const require = createRequire(import.meta.url);
@@ -54,7 +50,7 @@ export function registerApiRoutes(app, { port }) {
 
   // ─── Health ────────────────────────────────────────────────────────────────
   app.get('/health', (req, res) => {
-    res.json({ status: 'ok', ...getStatus(), configPath: ACCOUNTS_FILE });
+    res.json({ status: 'ok', ...getStatus(), configPath: ACCOUNT_FILE });
   });
 
   // ─── Anthropic Messages API ────────────────────────────────────────────────
@@ -66,8 +62,8 @@ export function registerApiRoutes(app, { port }) {
 
   // ─── Models ────────────────────────────────────────────────────────────────
   app.get('/v1/models', handleListModels);
-  app.get('/accounts/models', handleAccountModels);
-  app.get('/accounts/usage', handleAccountUsage);
+  app.get('/account/models', handleAccountModels);
+  app.get('/account/usage', handleAccountUsage);
 
   // ─── Settings ──────────────────────────────────────────────────────────────
   app.get('/settings/haiku-model', handleGetHaikuModel);
@@ -79,21 +75,17 @@ export function registerApiRoutes(app, { port }) {
   app.post('/settings/claude-proxy', handleSetClaudeProxySetting);
 
   // ─── Account Management ───────────────────────────────────────────────────
-  app.get('/accounts', handleListAccounts);
-  app.get('/accounts/status', handleAccountStatus);
-  app.get('/accounts/quota', handleGetQuota);
-  app.get('/accounts/quota/all', handleGetAllQuotas);
-
-  app.post('/accounts/add', handleAddAccount);
-  app.post('/accounts/add/manual', handleAddAccountManual);
-  app.post('/accounts/switch', handleSwitchAccount);
-  app.post('/accounts/import', handleImportAccount);
-  app.post('/accounts/refresh', handleRefreshActiveAccount);
-  app.post('/accounts/refresh/all', handleRefreshAllAccounts);
-  app.post('/accounts/oauth/cleanup', handleOAuthCleanup);
-  app.post('/accounts/:email/refresh', handleRefreshAccount);
-
-  app.delete('/accounts/:email', handleRemoveAccount);
+  app.get('/account', handleGetAccount);
+  app.get('/account/status', handleAccountStatus);
+  app.get('/account/quota', handleGetQuota);
+
+  app.post('/account/add', handleAddAccount);
+  app.post('/account/add/manual', handleAddAccountManual);
+  app.post('/account/import', handleImportAccount);
+  app.post('/account/refresh', handleRefreshAccount);
+  app.post('/account/oauth/cleanup', handleOAuthCleanup);
+
+  app.delete('/account', handleRemoveAccount);
 
   // ─── Claude CLI Configuration ──────────────────────────────────────────────
   app.get('/claude/config', handleGetClaudeConfig);

package/src/routes/chat-route.js

@@ -48,7 +48,7 @@ export async function handleChatCompletion(req, res) {
   if (!isKilo) {
     creds = await getCredentialsOrError();
     if (!creds) {
-      logger.response(401, { error: 'No active account' });
+      logger.response(401, { error: 'No configured account' });
       recordChatMetric({
         body,
         requestedModel,
@@ -58,7 +58,7 @@ export async function handleChatCompletion(req, res) {
         status: 401,
         errorType: 'auth_error'
       });
-      return sendAuthError(res, 'No active account. Add an account via /accounts/add');
+      return sendAuthError(res, 'No configured account. Add an account via /account/add');
     }
   }
 

package/src/routes/messages-route.js

@@ -1,31 +1,11 @@
 import { sendMessageStream, sendMessage } from '../direct-api.js';
 import { sendKiloMessageStream, sendKiloMessage } from '../kilo-api.js';
 import { DEFAULT_OPENAI_MODEL, isKiloEnabled, resolveModelRouting } from '../model-mapper.js';
-import { sendAuthError, getCredentialsOrError, getCredentialsForAccount } from '../middleware/credentials.js';
+import { sendAuthError, getCredentialsOrError } from '../middleware/credentials.js';
 import { initSSEResponse, pipeSSEStream, handleStreamError } from '../middleware/sse.js';
 import { logger } from '../utils/logger.js';
-import { AccountRotator } from '../account-rotation/index.js';
-import { listAccounts, save } from '../account-manager.js';
-import { isMultiAccountRotationEnabled } from '../server-settings.js';
 import { recordUsageEventSafe, tapUsageEventStream } from '../usage-metrics.js';
 
-const MAX_RETRIES = 5;
-const MAX_WAIT_BEFORE_ERROR_MS = 120000;
-const SHORT_RATE_LIMIT_THRESHOLD_MS = 5000;
-
-let accountRotator = null;
-
-function getAccountRotator() {
-    if (!accountRotator) {
-        accountRotator = new AccountRotator({
-            listAccounts,
-            save
-        });
-        logger.info('[Messages] Account rotation enabled');
-    }
-    return accountRotator;
-}
-
 export async function handleMessages(req, res) {
     const startTime = Date.now();
     const body = req.body;
@@ -62,50 +42,8 @@ export async function handleMessages(req, res) {
             : _sendKilo(res, { ...body, model: upstreamModel }, kiloTarget, requestedModel, startTime);
     }
 
-    if (!isMultiAccountRotationEnabled()) {
-        const creds = await getCredentialsOrError();
-        if (!creds) {
-            recordMessageMetric({
-                body,
-                endpoint: '/v1/messages',
-                requestedModel,
-                upstreamModel,
-                provider: 'openai',
-                startTime,
-                status: 401,
-                errorType: 'auth_error'
-            });
-            return sendAuthError(res);
-        }
-
-        const anthropicRequest = { ...body, model: upstreamModel, ...(reasoningLevel ? { reasoningLevel } : {}) };
-        try {
-            if (isStreaming) {
-                await _streamDirectWithRotation(res, anthropicRequest, creds, requestedModel, startTime, null);
-            } else {
-                await _sendDirectWithRotation(res, anthropicRequest, creds, requestedModel, startTime, null);
-            }
-            return;
-        } catch (error) {
-            recordMessageMetric({
-                body,
-                endpoint: '/v1/messages',
-                requestedModel,
-                upstreamModel,
-                provider: 'openai',
-                accountLabel: creds.email,
-                startTime,
-                status: error.status || 500,
-                errorType: classifyMetricError(error)
-            });
-            return handleStreamError(res, error, requestedModel, startTime);
-        }
-    }
-    
-    const rotator = getAccountRotator();
-    const accountSnapshot = listAccounts();
-
-    if (accountSnapshot.total === 0) {
+    const creds = await getCredentialsOrError();
+    if (!creds) {
         recordMessageMetric({
             body,
             endpoint: '/v1/messages',
@@ -116,130 +54,36 @@ export async function handleMessages(req, res) {
             status: 401,
             errorType: 'auth_error'
         });
-        return sendAuthError(res, 'No active account with valid credentials. Add an account via /accounts/add');
+        return sendAuthError(res);
     }
-    
-    rotator.clearExpiredLimits();
-    
-    const maxAttempts = Math.max(MAX_RETRIES, accountSnapshot.total);
-    
-    for (let attempt = 0; attempt < maxAttempts; attempt++) {
-        if (rotator.isAllRateLimited(upstreamModel)) {
-            const minWait = rotator.getMinWaitTimeMs(upstreamModel);
-            
-            if (minWait > MAX_WAIT_BEFORE_ERROR_MS) {
-                recordMessageMetric({
-                    body,
-                    endpoint: '/v1/messages',
-                    requestedModel,
-                    upstreamModel,
-                    provider: 'openai',
-                    startTime,
-                    status: 429,
-                    errorType: 'rate_limited'
-                });
-                return handleStreamError(res, new Error(`RESOURCE_EXHAUSTED: All accounts rate-limited. Wait ${Math.round(minWait/1000)}s`), requestedModel, startTime);
-            }
-            
-            logger.info(`[Messages] All accounts rate-limited, waiting ${Math.round(minWait/1000)}s...`);
-            await sleep(minWait + 500);
-            rotator.clearExpiredLimits();
-            attempt--;
-            continue;
-        }
-        
-        const { account, waitMs } = rotator.selectAccount(upstreamModel);
-        
-        if (!account) {
-            if (waitMs > 0) {
-                await sleep(waitMs);
-                attempt--;
-                continue;
-            }
-            recordMessageMetric({
-                body,
-                endpoint: '/v1/messages',
-                requestedModel,
-                upstreamModel,
-                provider: 'openai',
-                startTime,
-                status: 401,
-                errorType: 'auth_error'
-            });
-            return sendAuthError(res, 'No available accounts');
-        }
-        
-        const creds = await getCredentialsForAccount(account.email);
-        if (!creds) {
-            rotator.markInvalid(account.email, 'Failed to get credentials');
-            continue;
-        }
-        
-        const anthropicRequest = { ...body, model: upstreamModel, ...(reasoningLevel ? { reasoningLevel } : {}) };
-        
-        try {
-            if (isStreaming) {
-                await _streamDirectWithRotation(res, anthropicRequest, creds, requestedModel, startTime, rotator);
-            } else {
-                await _sendDirectWithRotation(res, anthropicRequest, creds, requestedModel, startTime, rotator);
-            }
-            rotator.notifySuccess(account, upstreamModel);
-            return;
-        } catch (error) {
-            if (error.message.startsWith('RATE_LIMITED:')) {
-                const parts = error.message.split(':');
-                const resetMs = parseInt(parts[1], 10);
-                const errorText = parts.slice(2).join(':');
-                
-                rotator.notifyRateLimit(account, upstreamModel);
-                
-                if (resetMs <= SHORT_RATE_LIMIT_THRESHOLD_MS) {
-                    logger.info(`[Messages] Short rate limit on ${account.email}, waiting ${resetMs}ms...`);
-                    await sleep(resetMs);
-                    attempt--;
-                    continue;
-                }
-                
-                logger.info(`[Messages] Rate limit on ${account.email}, switching account...`);
-                continue;
-            }
-            
-            if (error.message.includes('AUTH_EXPIRED')) {
-                rotator.markInvalid(account.email, 'Auth expired');
-                continue;
-            }
-            
-            recordMessageMetric({
-                body,
-                endpoint: '/v1/messages',
-                requestedModel,
-                upstreamModel,
-                provider: 'openai',
-                accountLabel: account.email,
-                startTime,
-                status: error.status || 500,
-                errorType: classifyMetricError(error)
-            });
-            return handleStreamError(res, error, requestedModel, startTime);
+
+    const anthropicRequest = { ...body, model: upstreamModel, ...(reasoningLevel ? { reasoningLevel } : {}) };
+    try {
+        if (isStreaming) {
+            await _streamDirect(res, anthropicRequest, creds, requestedModel, startTime);
+        } else {
+            await _sendDirect(res, anthropicRequest, creds, requestedModel, startTime);
         }
+        return;
+    } catch (error) {
+        recordMessageMetric({
+            body,
+            endpoint: '/v1/messages',
+            requestedModel,
+            upstreamModel,
+            provider: 'openai',
+            accountLabel: creds.email,
+            startTime,
+            status: error.message?.startsWith('RATE_LIMITED:') ? 429 : error.status || 500,
+            errorType: classifyMetricError(error)
+        });
+        return handleStreamError(res, error, requestedModel, startTime);
     }
-    
-    recordMessageMetric({
-        body,
-        endpoint: '/v1/messages',
-        requestedModel,
-        upstreamModel,
-        provider: 'openai',
-        startTime,
-        status: 500,
-        errorType: 'max_retries'
-    });
-    return handleStreamError(res, new Error('Max retries exceeded'), requestedModel, startTime);
 }
 
-async function _streamDirectWithRotation(res, anthropicRequest, creds, responseModel, startTime, rotator) {
+async function _streamDirect(res, anthropicRequest, creds, responseModel, startTime) {
     initSSEResponse(res);
-    const sourceStream = sendMessageStream(anthropicRequest, creds.accessToken, creds.accountId, rotator, creds.email);
+    const sourceStream = sendMessageStream(anthropicRequest, creds.accessToken, creds.accountId);
     let finalUsage = null;
     const stream = tapUsageEventStream(sourceStream, (usage) => {
         finalUsage = usage;
@@ -260,7 +104,7 @@ async function _streamDirectWithRotation(res, anthropicRequest, creds, responseM
     logger.response(200, { model: anthropicRequest.model, usage: finalUsage, duration: Date.now() - startTime });
 }
 
-async function _sendDirectWithRotation(res, anthropicRequest, creds, responseModel, startTime, rotator) {
+async function _sendDirect(res, anthropicRequest, creds, responseModel, startTime) {
     const response = await sendMessage(anthropicRequest, creds.accessToken, creds.accountId);
     const duration = Date.now() - startTime;
     logger.response(200, { model: anthropicRequest.model, usage: response.usage, duration });
@@ -332,10 +176,6 @@ async function _sendKilo(res, anthropicRequest, kiloTarget, responseModel, start
     });
 }
 
-function sleep(ms) {
-    return new Promise(resolve => setTimeout(resolve, ms));
-}
-
 function recordMessageMetric(options) {
     const body = options.body || {};
     recordUsageEventSafe({
@@ -358,7 +198,7 @@ function recordMessageMetric(options) {
 
 function classifyMetricError(error) {
     const message = error?.message || '';
-    if (message.startsWith('RATE_LIMITED:') || message.startsWith('RESOURCE_EXHAUSTED:')) return 'rate_limited';
+    if (message.startsWith('RATE_LIMITED:')) return 'rate_limited';
     if (message.includes('AUTH_EXPIRED')) return 'auth_expired';
     if (message.startsWith('CLOUDFLARE_BLOCKED:')) return 'cloudflare_blocked';
     if (message.startsWith('FORBIDDEN:')) return 'forbidden';

package/src/routes/models-route.js

@@ -2,12 +2,12 @@
  * Models Route
  * Handles:
  *   GET /v1/models            — OpenAI-compatible model list
- *   GET /accounts/models      — Raw model list for the active/specified account
- *   GET /accounts/usage       — Usage stats for the active/specified account
+ *   GET /account/models       — Raw model list for the configured account
+ *   GET /account/usage        — Usage stats for the configured account
  */
 
 import { fetchModels, fetchUsage } from '../model-api.js';
-import { getActiveAccount, loadAccounts } from '../account-manager.js';
+import { getActiveAccount } from '../account-manager.js';
 import { logger } from '../utils/logger.js';
 import { getCredentialsOrError } from '../middleware/credentials.js';
 import { DEFAULT_OPENAI_MODEL, DEFAULT_SMALL_OPENAI_MODEL, LATEST_CODEX_MODEL } from '../model-mapper.js';
@@ -61,16 +61,16 @@ export async function handleListModels(req, res) {
 }
 
 /**
- * GET /accounts/models
- * Returns the raw model list for the active or specified account.
+ * GET /account/models
+ * Returns the raw model list for the configured account.
  */
 export async function handleAccountModels(req, res) {
-  const account = _resolveAccount(req.query.email);
+  const account = getActiveAccount();
 
   if (!account) {
     return res.status(404).json({
       success: false,
-      error: req.query.email ? `Account not found: ${req.query.email}` : 'No active account'
+      error: 'No account configured'
     });
   }
 
@@ -84,16 +84,16 @@ export async function handleAccountModels(req, res) {
 }
 
 /**
- * GET /accounts/usage
- * Returns usage stats for the active or specified account.
+ * GET /account/usage
+ * Returns usage stats for the configured account.
  */
 export async function handleAccountUsage(req, res) {
-  const account = _resolveAccount(req.query.email);
+  const account = getActiveAccount();
 
   if (!account) {
     return res.status(404).json({
       success: false,
-      error: req.query.email ? `Account not found: ${req.query.email}` : 'No active account'
+      error: 'No account configured'
     });
   }
 
@@ -106,14 +106,4 @@ export async function handleAccountUsage(req, res) {
   }
 }
 
-// ─── Helpers ─────────────────────────────────────────────────────────────────
-
-function _resolveAccount(email) {
-  if (email) {
-    const data = loadAccounts();
-    return data.accounts.find(a => a.email === email) || null;
-  }
-  return getActiveAccount();
-}
-
 export default { handleListModels, handleAccountModels, handleAccountUsage };

package/src/security.js

@@ -1,6 +1,6 @@
 const LOOPBACK_HOSTS = new Set(['localhost', '127.0.0.1', '::1', '[::1]']);
 const CONTROL_PATH_PREFIXES = [
-  '/accounts',
+  '/account',
   '/settings',
   '/claude/config',
   '/api/logs',

package/src/server-settings.js

@@ -3,7 +3,6 @@ import { join } from 'path';
 import { CONFIG_DIR } from './account-manager.js';
 
 const SETTINGS_FILE = join(CONFIG_DIR, 'settings.json');
-const MULTI_ACCOUNT_ROTATION_ENV = 'CODEX_CLAUDE_PROXY_ENABLE_MULTI_ACCOUNT_ROTATION';
 
 const DEFAULT_SETTINGS = {
     haikuKiloModel: 'minimax/minimax-m2.5:free',
@@ -75,17 +74,11 @@ export function setServerSettings(patch = {}) {
     return next;
 }
 
-export function isMultiAccountRotationEnabled(env = process.env) {
-    return env[MULTI_ACCOUNT_ROTATION_ENV] === 'true';
-}
-
-export { SETTINGS_FILE, MULTI_ACCOUNT_ROTATION_ENV };
+export { SETTINGS_FILE };
 
 export default {
     getServerSettings,
     setServerSettings,
     normalizeSettings,
-    isMultiAccountRotationEnabled,
-    MULTI_ACCOUNT_ROTATION_ENV,
     SETTINGS_FILE
 };

package/docs/ACCOUNTS.md

@@ -1,202 +0,0 @@
-# Account Management
-
-## Storage Structure
-
-### Main Registry
-
-**Location:** `~/.codex-claude-proxy/accounts.json`
-
-```json
-{
-  "accounts": [
-    {
-      "email": "user@gmail.com",
-      "accountId": "d41e9636-16d8-42be-91da-7ea8773bfb7e",
-      "planType": "plus",
-      "accessToken": "eyJhbGciOiJSUzI1NiIs...",
-      "refreshToken": "rt_WpTMn1...",
-      "idToken": "eyJhbGciOiJSUzI1NiIs...",
-      "expiresAt": 1770886178000,
-      "addedAt": "2026-02-13T04:00:00.000Z",
-      "lastUsed": "2026-02-13T04:30:00.000Z",
-      "quota": {
-        "usage": {...},
-        "account": {...},
-        "lastChecked": "2026-02-14T10:00:00.000Z"
-      }
-    }
-  ],
-  "activeAccount": "user@gmail.com",
-  "version": 1
-}
-```
-
-### Per-Account Tokens
-
-**Location:** `~/.codex-claude-proxy/accounts/<email>/auth.json`
-
-```json
-{
-  "auth_mode": "chatgpt",
-  "OPENAI_API_KEY": null,
-  "tokens": {
-    "id_token": "...",
-    "access_token": "...",
-    "refresh_token": "...",
-    "account_id": "..."
-  },
-  "last_refresh": "2026-02-14T10:00:00.000Z"
-}
-```
-
-## Operations
-
-### Add Account (OAuth)
-
-```bash
-curl -X POST http://localhost:8081/accounts/add
-
-# Returns OAuth URL to open in browser
-```
-
-### Import from Codex App
-
-```bash
-curl -X POST http://localhost:8081/accounts/import
-
-# Imports from ~/.codex/auth.json
-```
-
-### List Accounts
-
-```bash
-curl http://localhost:8081/accounts
-
-# Response
-{
-  "accounts": [
-    {
-      "email": "user@gmail.com",
-      "accountId": "...",
-      "planType": "plus",
-      "addedAt": "...",
-      "lastUsed": "...",
-      "isActive": true,
-      "tokenExpired": false,
-      "quota": {...}
-    }
-  ],
-  "activeAccount": "user@gmail.com",
-  "total": 1
-}
-```
-
-### Switch Active Account
-
-```bash
-curl -X POST http://localhost:8081/accounts/switch \
-  -H "Content-Type: application/json" \
-  -d '{"email":"other@gmail.com"}'
-```
-
-Switching:
-1. Updates `activeAccount` in `accounts.json`
-2. Updates auth file for the account
-3. Next API calls use new account's credentials
-
-### Remove Account
-
-```bash
-curl -X DELETE http://localhost:8081/accounts/user@gmail.com
-```
-
-Removes:
-- Account from registry
-- Per-account token directory
-
-### Refresh Tokens
-
-```bash
-# Active account
-curl -X POST http://localhost:8081/accounts/refresh
-
-# Specific account
-curl -X POST http://localhost:8081/accounts/user@gmail.com/refresh
-
-# All accounts
-curl -X POST http://localhost:8081/accounts/refresh/all
-```
-
-## Token Lifecycle
-
-### Expiration
-
-- Access tokens expire in ~1 hour (3600 seconds)
-- Refresh tokens are long-lived (weeks/months)
-
-### Auto-Refresh
-
-- Background refresh every **55 minutes**
-- Startup refresh 2 seconds after server start
-- Proactive refresh 5 minutes before expiry
-
-### Token Validation
-
-Before each API call:
-1. Check if token is expired or expiring within 5 minutes
-2. If yes, refresh using refresh token
-3. Use new access token for the call
-
-## Quota Tracking
-
-### Fetch Quota
-
-```bash
-curl http://localhost:8081/accounts/quota
-
-# Response
-{
-  "success": true,
-  "email": "user@gmail.com",
-  "quota": {
-    "usage": {
-      "totalTokenUsage": 15,
-      "limit": 100,
-      "remaining": 85,
-      "percentage": 15,
-      "resetAt": "..."
-    },
-    "account": {...}
-  },
-  "cached": false
-}
-```
-
-### Web UI Quota Display Rules
-
-- The Accounts table displays **remaining quota** as a percentage.
-- Remaining percentage is normalized to `0-100` to avoid broken UI values.
-- If `limitReached=true` or `allowed=false`, UI shows quota as exhausted even when percentage data is missing.
-- If usage data is unavailable, UI shows `-` instead of rendering a broken bar.
-- Reset window is shown using `usage.resetAt` (with fallback to `usage.raw.rate_limit.primary_window.reset_at`).
-- UI also shows a relative countdown (e.g. `Resets in 6d 13h`) when reset data is available.
-
-### Refresh All Quotas
-
-```bash
-curl http://localhost:8081/accounts/quota/all
-```
-
-## Account Persistence
-
-On server startup:
-1. `ensureAccountsPersist()` loads accounts
-2. Restores active account's auth
-3. Starts auto-refresh timer
-
-## Security
-
-- Tokens stored locally in `~/.codex-claude-proxy/`
-- Directory permissions: user read/write only
-- Never logged or exposed in API responses
-- Per-account isolation via separate directories