@seqyuan/annodex 0.1.10 → 0.1.12

package/lib/annodex-config.ts

@@ -0,0 +1,556 @@
+/**
+ * Annodex Config — Hybrid multi-provider configuration
+ *
+ * Two config sources, merged:
+ *   1. ~/.codex/config.toml  — codex CLI native (read-only, default model/provider)
+ *   2. ~/.config/annodex/providers.json — annodex-managed (API keys, extra providers)
+ *
+ * Session startup priority:
+ *   User-selected model in UI → providers.json lookup → config.toml fallback
+ */
+
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+import { parse as parseToml } from "smol-toml";
+import { getCodexHome } from "./codex-home";
+import { apiFromCodexWireApi, inferModelApi, isProviderApi, normalizeProviderApi, type ProviderApi, type ReasoningConfig } from "./provider-api";
+
+// ============================================================================
+// Types
+// ============================================================================
+
+export interface ModelConfig {
+  id: string;
+  name: string;
+  api?: ProviderApi;
+  reasoning?: boolean;
+  /** Per-model thinking/reasoning parameter mapping for Responses→Chat translation. */
+  reasoningConfig?: ReasoningConfig;
+  thinkingLevelMap?: Record<string, string | null>;
+  contextWindow?: number;  // max context window in tokens
+  maxTokens?: number;       // max output tokens
+  input?: string[];         // supported input types e.g. ["text", "image"]
+  compat?: Record<string, unknown>;
+}
+
+export interface ProviderConfig {
+  id: string;
+  name: string;
+  baseUrl: string;
+  apiKey: string;
+  api?: ProviderApi;
+  /** Per-provider thinking/reasoning parameter mapping for Responses→Chat translation. */
+  reasoningConfig?: ReasoningConfig;
+  requiresOpenAiAuth?: boolean;
+  source?: "annodex" | "codex";
+  sourceProviderId?: string;
+  models: ModelConfig[];
+}
+
+export interface AnnodexProvidersFile {
+  providers: ProviderConfig[];
+  defaultProvider?: string;
+  defaultModel?: string;
+  generativeUI?: boolean;
+  exists?: boolean;
+}
+
+interface CodexTomlProvider {
+  name?: string;
+  base_url?: string;
+  wire_api?: string;
+  env_key?: string;
+  requires_openai_auth?: boolean;
+}
+
+interface CodexTomlConfig {
+  model?: string;
+  model_provider?: string;
+  model_providers?: Record<string, CodexTomlProvider>;
+}
+
+interface CodexAuthJson {
+  auth_mode?: string;
+  OPENAI_API_KEY?: string;
+}
+
+export interface ResolvedModelOption {
+  provider: string;
+  modelId: string;
+  name: string;
+  api?: ProviderApi;
+  reasoning?: boolean;
+  thinkingLevelMap?: Record<string, string | null>;
+  contextWindow?: number;
+  maxTokens?: number;
+  input?: string[];
+  compat?: Record<string, unknown>;
+}
+
+// ============================================================================
+// Paths
+// ============================================================================
+
+function getAnnConfigDir(): string {
+  return process.env.ANNODEX_CONFIG_DIR
+    ?? process.env.ANNOVIBE_CONFIG_DIR
+    ?? join(homedir(), ".config", "annodex");
+}
+
+function getProvidersPath(): string {
+  return join(getAnnConfigDir(), "providers.json");
+}
+
+function getCodexConfigPath(): string {
+  return join(getCodexHome(), "config.toml");
+}
+
+function getCodexAuthPath(): string {
+  return join(getCodexHome(), "auth.json");
+}
+
+// ============================================================================
+// Defaults
+// ============================================================================
+
+/** Known token limits for popular models. Used as fallback when providers.json doesn't specify. */
+const KNOWN_MODEL_DEFAULTS: Record<string, { contextWindow: number; maxTokens: number }> = {
+  // OpenAI / Codex
+  "gpt-5-codex":         { contextWindow: 1_048_576, maxTokens: 128_000 },
+  "gpt-5.1-codex-max":   { contextWindow: 1_048_576, maxTokens: 128_000 },
+  "gpt-5.1-codex-mini":  { contextWindow: 1_048_576, maxTokens: 128_000 },
+  "gpt-4.1-codex-max":   { contextWindow: 1_048_576, maxTokens: 32_768 },
+  "gpt-4.1-codex-mini":  { contextWindow: 1_048_576, maxTokens: 32_768 },
+  // DeepSeek
+  "deepseek-chat":       { contextWindow: 1_048_576, maxTokens: 8_192 },
+  "deepseek-reasoner":   { contextWindow: 1_048_576, maxTokens: 8_192 },
+  "deepseek-v3":         { contextWindow: 1_048_576, maxTokens: 8_192 },
+  // Kimi (Moonshot)
+  "kimi-k2":             { contextWindow: 1_048_576, maxTokens: 8_192 },
+  "moonshot-v1-auto":    { contextWindow: 1_048_576, maxTokens: 8_192 },
+  // GLM (Zhipu)
+  "glm-4-plus":          { contextWindow: 128_000, maxTokens: 4_096 },
+  "glm-4-flash":         { contextWindow: 128_000, maxTokens: 4_096 },
+  // Qwen
+  "qwen-max":            { contextWindow: 1_048_576, maxTokens: 8_192 },
+  "qwen-plus":           { contextWindow: 1_048_576, maxTokens: 8_192 },
+  "qwen-turbo":          { contextWindow: 1_048_576, maxTokens: 8_192 },
+  "qwen3-235b-a22b":     { contextWindow: 131_072, maxTokens: 8_192 },
+};
+
+export function getKnownModelDefaults(modelId: string | null | undefined): { contextWindow: number; maxTokens: number } | undefined {
+  return modelId ? KNOWN_MODEL_DEFAULTS[modelId] : undefined;
+}
+
+function defaultProviders(): AnnodexProvidersFile {
+  return {
+    providers: [],
+    exists: false,
+  };
+}
+
+const CODEX_PROVIDER_PREFIX = "codex:";
+
+function codexProviderDisplayId(rawId: string, usedIds: Set<string>): string {
+  if (!usedIds.has(rawId)) return rawId;
+  let candidate = `${CODEX_PROVIDER_PREFIX}${rawId}`;
+  let n = 2;
+  while (usedIds.has(candidate)) {
+    candidate = `${CODEX_PROVIDER_PREFIX}${rawId}:${n}`;
+    n += 1;
+  }
+  return candidate;
+}
+
+// ============================================================================
+// Read codex config.toml
+// ============================================================================
+
+function readCodexConfig(): CodexTomlConfig | null {
+  const path = getCodexConfigPath();
+  if (!existsSync(path)) return null;
+  try {
+    const raw = readFileSync(path, "utf-8");
+    return parseToml(raw) as CodexTomlConfig;
+  } catch {
+    return null;
+  }
+}
+
+function readCodexAuth(): CodexAuthJson | null {
+  const path = getCodexAuthPath();
+  if (!existsSync(path)) return null;
+  try {
+    return JSON.parse(readFileSync(path, "utf-8")) as CodexAuthJson;
+  } catch {
+    return null;
+  }
+}
+
+function codexProviderApiKey(provider: CodexTomlProvider): string {
+  if (typeof provider.env_key === "string" && provider.env_key.trim()) return provider.env_key.trim();
+  const auth = readCodexAuth();
+  if (typeof auth?.OPENAI_API_KEY === "string" && auth.OPENAI_API_KEY.trim()) {
+    return auth.OPENAI_API_KEY.trim();
+  }
+  return "";
+}
+
+/** Extract default model + provider from codex config.toml */
+function getCodexDefaults(): { model?: string; providerId?: string; providerName?: string } {
+  const cfg = readCodexConfig();
+  if (!cfg) return {};
+  const model = typeof cfg.model === "string" && cfg.model.trim() ? cfg.model.trim() : undefined;
+  const providerId = typeof cfg.model_provider === "string" && cfg.model_provider.trim()
+    ? cfg.model_provider.trim()
+    : undefined;
+  const providerName = providerId ? (cfg.model_providers?.[providerId]?.name ?? providerId) : undefined;
+  return {
+    model,
+    providerId,
+    providerName,
+  };
+}
+
+/** Build provider entries from codex config.toml (without API keys) */
+function getCodexProviders(): ProviderConfig[] {
+  const cfg = readCodexConfig();
+  if (!cfg?.model_providers) return [];
+  const defaultModel = typeof cfg.model === "string" ? cfg.model : "";
+  const defaultProvider = typeof cfg.model_provider === "string" ? cfg.model_provider : "";
+
+  return Object.entries(cfg.model_providers)
+    .filter(([, p]) => typeof p.base_url === "string")
+    .map(([id, p]) => ({
+      id,
+      name: p.name ?? id,
+      baseUrl: (p.base_url ?? "").replace(/\/+$/, ""),
+      apiKey: codexProviderApiKey(p),
+      api: apiFromCodexWireApi(p.wire_api, p.base_url, id),
+      requiresOpenAiAuth: typeof p.requires_openai_auth === "boolean" ? p.requires_openai_auth : undefined,
+      source: "codex" as const,
+      sourceProviderId: id,
+      models: id === defaultProvider && defaultModel
+        ? [{ id: defaultModel, name: defaultModel }]
+        : [],
+    }));
+}
+
+// ============================================================================
+// Read/write annodex providers.json
+// ============================================================================
+
+function isRecord(value: unknown): value is Record<string, unknown> {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+
+function normalizeStringArray(value: unknown): string[] | undefined {
+  if (!Array.isArray(value)) return undefined;
+  const strings = value.filter((item): item is string => typeof item === "string" && item.trim().length > 0);
+  return strings.length ? strings : undefined;
+}
+
+function normalizeThinkingLevelMap(value: unknown): Record<string, string | null> | undefined {
+  if (!isRecord(value)) return undefined;
+  const normalized: Record<string, string | null> = {};
+  for (const [key, entry] of Object.entries(value)) {
+    if (!key) continue;
+    if (typeof entry === "string") normalized[key] = entry;
+    else if (entry === null) normalized[key] = null;
+  }
+  return Object.keys(normalized).length ? normalized : undefined;
+}
+
+function normalizeCompat(value: unknown): Record<string, unknown> | undefined {
+  if (!isRecord(value)) return undefined;
+  return Object.keys(value).length ? value : undefined;
+}
+
+function normalizeReasoningConfig(value: unknown): ReasoningConfig | undefined {
+  if (!isRecord(value)) return undefined;
+  const config: ReasoningConfig = {};
+  if (typeof value.supportsThinking === "boolean") config.supportsThinking = value.supportsThinking;
+  if (typeof value.supportsEffort === "boolean") config.supportsEffort = value.supportsEffort;
+  if (value.thinkingParam === "thinking" || value.thinkingParam === "enable_thinking") config.thinkingParam = value.thinkingParam;
+  if (value.effortParam === "reasoning_effort" || value.effortParam === "reasoning.effort" || value.effortParam === "none" || value.effortParam === null) config.effortParam = value.effortParam;
+  if (value.effortValueMode === "deepseek" || value.effortValueMode === "glm" || value.effortValueMode === "openrouter" || value.effortValueMode === "generic") config.effortValueMode = value.effortValueMode;
+  if (value.outputFormat === "reasoning_content" || value.outputFormat === "reasoning_details" || value.outputFormat === "reasoning" || value.outputFormat === "think_tags") config.outputFormat = value.outputFormat;
+  return Object.keys(config).length ? config : undefined;
+}
+
+function normalizeModelConfig(model: unknown): ModelConfig | null {
+  if (!isRecord(model) || typeof model.id !== "string") return null;
+  const id = model.id.trim();
+  if (!id) return null;
+  return {
+    id,
+    name: typeof model.name === "string" && model.name.trim() ? model.name : id,
+    api: isProviderApi(model.api) ? model.api : undefined,
+    reasoning: typeof model.reasoning === "boolean" ? model.reasoning : undefined,
+    reasoningConfig: normalizeReasoningConfig(model.reasoningConfig),
+    thinkingLevelMap: normalizeThinkingLevelMap(model.thinkingLevelMap),
+    input: normalizeStringArray(model.input),
+    contextWindow: typeof model.contextWindow === "number" ? model.contextWindow : undefined,
+    maxTokens: typeof model.maxTokens === "number" ? model.maxTokens : undefined,
+    compat: normalizeCompat(model.compat),
+  };
+}
+
+export function readProvidersFile(): AnnodexProvidersFile {
+  const path = getProvidersPath();
+  if (!existsSync(path)) return defaultProviders();
+  try {
+    const raw = JSON.parse(readFileSync(path, "utf-8")) as Partial<AnnodexProvidersFile>;
+    return {
+      providers: Array.isArray(raw.providers)
+        ? raw.providers
+            .filter((p): p is ProviderConfig =>
+              typeof p.id === "string" && typeof p.baseUrl === "string"
+            )
+            .map((p) => ({
+              id: p.id,
+              name: typeof p.name === "string" ? p.name : p.id,
+              baseUrl: p.baseUrl.replace(/\/+$/, ""),
+              apiKey: typeof p.apiKey === "string" ? p.apiKey : "",
+              api: normalizeProviderApi(p.api, p.baseUrl, p.id),
+              reasoningConfig: normalizeReasoningConfig(p.reasoningConfig),
+              requiresOpenAiAuth: typeof p.requiresOpenAiAuth === "boolean" ? p.requiresOpenAiAuth : undefined,
+              source: "annodex",
+              sourceProviderId: p.id,
+              models: Array.isArray(p.models)
+                ? p.models
+                    .map((model) => normalizeModelConfig(model))
+                    .filter((model): model is ModelConfig => model !== null)
+                : [],
+            }))
+        : defaultProviders().providers,
+      defaultProvider: typeof raw.defaultProvider === "string" ? raw.defaultProvider : undefined,
+      defaultModel: typeof raw.defaultModel === "string" ? raw.defaultModel : undefined,
+      generativeUI: typeof raw.generativeUI === "boolean" ? raw.generativeUI : undefined,
+      exists: true,
+    };
+  } catch {
+    return defaultProviders();
+  }
+}
+
+export function writeProvidersFile(data: AnnodexProvidersFile): AnnodexProvidersFile {
+  const dir = getAnnConfigDir();
+  if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
+  const { exists: _exists, ...persisted } = data;
+  void _exists;
+  const cleaned: AnnodexProvidersFile = {
+    ...persisted,
+    providers: persisted.providers.map((provider) => {
+      const { source: _source, sourceProviderId: _sourceProviderId, ...savedProvider } = provider;
+      void _source;
+      void _sourceProviderId;
+      return savedProvider;
+    }),
+  };
+  writeFileSync(getProvidersPath(), JSON.stringify(cleaned, null, 2), "utf-8");
+  return data;
+}
+
+// ============================================================================
+// Merged config (for session spawning)
+// ============================================================================
+
+export interface MergedConfig {
+  providers: ProviderConfig[];
+  defaultModel?: string;
+  defaultProvider?: string;
+  generativeUI: boolean;
+  codexDefaults: { model?: string; providerId?: string; providerName?: string };
+}
+
+function providerHasModel(provider: ProviderConfig, modelId: string): boolean {
+  return provider.models.length === 0 || provider.models.some((m) => m.id === modelId);
+}
+
+function providerSameEndpoint(a: ProviderConfig, b: ProviderConfig): boolean {
+  return Boolean(a.baseUrl && b.baseUrl && a.baseUrl.replace(/\/+$/, "") === b.baseUrl.replace(/\/+$/, ""));
+}
+
+function applyCodexAuthFallbacks(provider: ProviderConfig, codexProviders: ProviderConfig[]): ProviderConfig {
+  const fallback = codexProviders.find((candidate) =>
+    candidate.sourceProviderId === provider.id || providerSameEndpoint(candidate, provider)
+  );
+  if (!fallback) return provider;
+  return {
+    ...provider,
+    apiKey: provider.apiKey || fallback.apiKey,
+    requiresOpenAiAuth: provider.requiresOpenAiAuth ?? fallback.requiresOpenAiAuth,
+  };
+}
+
+function applyModelApiDefaults(provider: ProviderConfig): ProviderConfig {
+  const models = provider.models.map((model) => ({
+    ...model,
+    api: model.api ?? inferModelApi(model.id, provider.api, provider.baseUrl, provider.id),
+  }));
+  return { ...provider, models };
+}
+
+export function readMergedConfig(): MergedConfig {
+  const annProviders = readProvidersFile();
+  const rawCodexProviders = getCodexProviders();
+  const codexDefaults = getCodexDefaults();
+
+  // Preserve provider identity across sources. UI-managed providers and
+  // ~/.codex/config.toml providers may legitimately share an id/model name
+  // while pointing at different credentials or protocols.
+  const annodexProviders = annProviders.providers.map((provider) => applyCodexAuthFallbacks(provider, rawCodexProviders));
+  const usedProviderIds = new Set(annodexProviders.map((p) => p.id));
+  const codexProviderIdByRaw = new Map<string, string>();
+  const codexProviders = rawCodexProviders.map((provider) => {
+    const id = codexProviderDisplayId(provider.id, usedProviderIds);
+    usedProviderIds.add(id);
+    codexProviderIdByRaw.set(provider.sourceProviderId ?? provider.id, id);
+    return {
+      ...provider,
+      id,
+      name: id === provider.id ? provider.name : `${provider.name || provider.id} (Codex)`,
+    };
+  });
+
+  const mergedProviders = [...annodexProviders];
+  for (const cp of codexProviders) {
+    mergedProviders.push(cp);
+  }
+
+  const defaultProvider = codexDefaults.providerId
+    ? (codexProviderIdByRaw.get(codexDefaults.providerId) ?? codexDefaults.providerId)
+    : undefined;
+  const mappedCodexDefaults = {
+    ...codexDefaults,
+    providerId: defaultProvider,
+  };
+
+  return {
+    providers: mergedProviders.map((provider) => applyModelApiDefaults(provider)),
+    defaultModel: codexDefaults.model,
+    defaultProvider,
+    generativeUI: annProviders.generativeUI !== false,
+    codexDefaults: mappedCodexDefaults,
+  };
+}
+
+// ============================================================================
+// Queries
+// ============================================================================
+
+export function findProvider(
+  config: MergedConfig,
+  providerId: string,
+): ProviderConfig | undefined {
+  return config.providers.find((p) => p.id === providerId);
+}
+
+export function findCodexProvider(
+  config: MergedConfig,
+  rawProviderId: string,
+): ProviderConfig | undefined {
+  return config.providers.find((p) => p.source === "codex" && p.sourceProviderId === rawProviderId);
+}
+
+export function normalizeRuntimeProviderId(
+  config: MergedConfig,
+  providerId: string | undefined,
+  opts: { preferCodex?: boolean } = {},
+): string | undefined {
+  if (!providerId) return undefined;
+  if (opts.preferCodex) return findCodexProvider(config, providerId)?.id ?? providerId;
+  return findProvider(config, providerId)?.id ?? findCodexProvider(config, providerId)?.id ?? providerId;
+}
+
+export function findModelProvider(
+  config: MergedConfig,
+  modelId: string,
+): ProviderConfig | undefined {
+  for (const provider of config.providers) {
+    if (provider.models.some((m) => m.id === modelId)) return provider;
+  }
+  return undefined;
+}
+
+export function resolveModel(
+  config: MergedConfig,
+  modelId?: string,
+  providerId?: string,
+): { provider: ProviderConfig; modelId: string } | null {
+  const id = modelId || config.defaultModel;
+  if (!id) return null;
+
+  const explicitProvider = providerId ? findProvider(config, providerId) : undefined;
+  if (explicitProvider) {
+    if (providerHasModel(explicitProvider, id)) {
+      return { provider: explicitProvider, modelId: id };
+    }
+  }
+
+  if (config.defaultProvider && config.defaultModel === id) {
+    const defaultProvider = findProvider(config, config.defaultProvider);
+    if (defaultProvider && providerHasModel(defaultProvider, id)) {
+      return { provider: defaultProvider, modelId: id };
+    }
+  }
+
+  const provider = findModelProvider(config, id);
+  if (!provider) return null;
+  return { provider, modelId: id };
+}
+
+// ============================================================================
+// Model list for UI
+// ============================================================================
+
+export function listAllModels(config: MergedConfig): ResolvedModelOption[] {
+  const models: ResolvedModelOption[] = [];
+  for (const provider of config.providers) {
+    for (const model of provider.models) {
+      const known = KNOWN_MODEL_DEFAULTS[model.id];
+      models.push({
+        provider: provider.id,
+        modelId: model.id,
+        name: model.name || model.id,
+        api: model.api,
+        reasoning: model.reasoning,
+        thinkingLevelMap: model.thinkingLevelMap,
+        contextWindow: model.contextWindow ?? known?.contextWindow,
+        maxTokens: model.maxTokens ?? known?.maxTokens,
+        input: model.input,
+        compat: model.compat,
+      });
+    }
+  }
+  return models;
+}
+
+export function getDefaultModel(
+  config: MergedConfig,
+): { provider: string; modelId: string } | null {
+  // 1. Codex config.toml default model
+  if (config.codexDefaults.model) {
+    const resolved = resolveModel(config, config.codexDefaults.model, config.codexDefaults.providerId);
+    if (resolved) return { provider: resolved.provider.id, modelId: resolved.modelId };
+    if (config.codexDefaults.providerId) {
+      return { provider: config.codexDefaults.providerId, modelId: config.codexDefaults.model };
+    }
+  }
+  // 2. Annodex providers.json defaultProvider / defaultModel
+  const annProviders = config.providers.filter((p) => p.source === "annodex");
+  for (const provider of annProviders) {
+    if (provider.models.length > 0) {
+      return { provider: provider.id, modelId: provider.models[0].id };
+    }
+  }
+  // 3. First available model from any provider
+  for (const provider of config.providers) {
+    if (provider.models.length > 0) {
+      return { provider: provider.id, modelId: provider.models[0].id };
+    }
+  }
+  return null;
+}

package/lib/auth-token.ts

@@ -0,0 +1,74 @@
+export const COOKIE_NAME = "annodex-auth";
+export const LEGACY_COOKIE_NAME = "annovibe-auth";
+export const PIDEX_COOKIE_NAME = "pidex-auth";
+const COOKIE_MAX_AGE = 30 * 24 * 60 * 60; // 30 days
+
+function getSecret(): string {
+  return process.env.ANNODEX_AUTH_SECRET
+    ?? process.env.ANNOVIBE_AUTH_SECRET
+    ?? process.env.PIDEX_AUTH_SECRET
+    ?? "annodex-default-secret";
+}
+
+function randomHex(bytes: number): string {
+  const data = new Uint8Array(bytes);
+  globalThis.crypto.getRandomValues(data);
+  return Array.from(data, (b) => b.toString(16).padStart(2, "0")).join("");
+}
+
+async function hmacHex(secret: string, payload: string): Promise<string> {
+  const encoder = new TextEncoder();
+  const key = await globalThis.crypto.subtle.importKey(
+    "raw",
+    encoder.encode(secret),
+    { name: "HMAC", hash: "SHA-256" },
+    false,
+    ["sign"],
+  );
+  const signature = await globalThis.crypto.subtle.sign("HMAC", key, encoder.encode(payload));
+  return Array.from(new Uint8Array(signature), (b) => b.toString(16).padStart(2, "0")).join("");
+}
+
+function constantTimeEqual(a: string, b: string): boolean {
+  if (a.length !== b.length) return false;
+  let ok = 0;
+  for (let i = 0; i < a.length; i++) ok |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  return ok === 0;
+}
+
+export async function createAuthToken(secret?: string): Promise<string> {
+  const key = secret ?? getSecret();
+  const payload = `${Date.now()}:${randomHex(16)}`;
+  const sig = await hmacHex(key, payload);
+  return `${payload}:${sig}`;
+}
+
+export async function verifyAuthToken(token: string, secret?: string): Promise<boolean> {
+  try {
+    const key = secret ?? getSecret();
+    const parts = token.split(":");
+    const sig = parts.pop();
+    const payload = parts.join(":");
+    if (!sig || !payload) return false;
+    const expected = await hmacHex(key, payload);
+    return constantTimeEqual(sig, expected);
+  } catch {
+    return false;
+  }
+}
+
+export function getAuthCookieHeader(token: string): string {
+  return `${COOKIE_NAME}=${token}; HttpOnly; SameSite=Lax; Path=/; Max-Age=${COOKIE_MAX_AGE}`;
+}
+
+export function getClearCookieHeader(): string {
+  return `${COOKIE_NAME}=; HttpOnly; SameSite=Lax; Path=/; Max-Age=0`;
+}
+
+export function getClearLegacyCookieHeader(): string {
+  return `${LEGACY_COOKIE_NAME}=; HttpOnly; SameSite=Lax; Path=/; Max-Age=0`;
+}
+
+export function getClearPidexCookieHeader(): string {
+  return `${PIDEX_COOKIE_NAME}=; HttpOnly; SameSite=Lax; Path=/; Max-Age=0`;
+}