@yolk-sdk/openai 0.0.1-canary.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Yolk SDK contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,67 @@
+# @yolk-sdk/openai
+
+OpenAI-family provider mechanics for Codex/ChatGPT OAuth and broker integration.
+
+## Install
+
+```bash
+pnpm add @yolk-sdk/openai@canary @yolk-sdk/oauth@canary effect
+```
+
+Canary APIs are unstable. Keep all `@yolk-sdk/*` packages on the same version.
+
+## Subpaths
+
+| Subpath | Purpose |
+| --- | --- |
+| `@yolk-sdk/openai` | OpenAI Codex OAuth constants, token schemas, broker helpers, and auth headers |
+
+## Imports
+
+```ts
+import {
+  makeOpenAiCodexBrokerRequest,
+  makeOpenAiCodexTokenBrokerClient,
+  openAiCodexAuthorizationHeaders,
+  openAiCodexProviderId,
+  toOAuthAccessToken
+} from '@yolk-sdk/openai'
+```
+
+## Broker request
+
+```ts
+const request = makeOpenAiCodexBrokerRequest({
+  subject: 'opaque-host-subject',
+  minimumTtlMs: 60_000
+})
+```
+
+Hosts route this request to an authenticated token broker. The package never stores refresh tokens.
+
+## Authorization headers
+
+```ts
+const headers = openAiCodexAuthorizationHeaders(token)
+```
+
+Use these headers in host-owned Codex request adapters.
+
+## Exposed constants
+
+- Codex provider id and OAuth issuer.
+- Device auth/user code/token URLs.
+- Codex responses URL.
+- Refresh buffer and token schemas.
+
+## Host responsibilities
+
+- Own device flow UI, session mapping, refresh-token storage, and policy.
+- Provide token brokers through `@yolk-sdk/oauth` contracts.
+- Own network execution, telemetry, error reporting, and product routing.
+
+## Boundaries
+
+- No app users, sessions, DB, Better Auth, routes, or Durable Objects.
+- No OpenAI SDK dependency.
+- API-key mode can be added later without changing OAuth contracts.

package/dist/codex.d.mts

@@ -0,0 +1,51 @@
+import * as Schema from "effect/Schema";
+import { OAuthAccessToken, TokenBrokerClient, TokenBrokerRequest } from "@yolk-sdk/oauth";
+
+//#region src/codex.d.ts
+declare const openAiCodexProviderId = "openai-codex";
+declare const openAiCodexResponsesUrl = "https://chatgpt.com/backend-api/codex/responses";
+declare const openAiCodexAuthIssuer = "https://auth.openai.com";
+declare const openAiCodexClientId = "app_EMoamEEZ73f0CkXaXp7hrann";
+declare const openAiCodexDeviceAuthUserCodeUrl = "https://auth.openai.com/api/accounts/deviceauth/usercode";
+declare const openAiCodexDeviceAuthTokenUrl = "https://auth.openai.com/api/accounts/deviceauth/token";
+declare const openAiCodexDeviceAuthCallbackRedirect = "https://auth.openai.com/deviceauth/callback";
+declare const openAiCodexDeviceVerificationUrl = "https://auth.openai.com/codex/device";
+declare const openAiCodexTokenEndpoint = "https://auth.openai.com/oauth/token";
+declare const openAiCodexRefreshBufferMs: number;
+declare const OpenAiCodexOAuthToken_base: Schema.Class<OpenAiCodexOAuthToken, Schema.Struct<{
+  readonly accessToken: Schema.String;
+  readonly refreshToken: Schema.String;
+  readonly expiresAt: Schema.Number;
+  readonly accountId: Schema.optional<Schema.String>;
+}>, {}>;
+declare class OpenAiCodexOAuthToken extends OpenAiCodexOAuthToken_base {}
+declare const OpenAiCodexTokenBrokerResponse_base: Schema.Class<OpenAiCodexTokenBrokerResponse, Schema.Struct<{
+  readonly accessToken: Schema.String;
+  readonly expiresAt: Schema.Number;
+  readonly accountId: Schema.optional<Schema.String>;
+}>, {}>;
+declare class OpenAiCodexTokenBrokerResponse extends OpenAiCodexTokenBrokerResponse_base {}
+declare const toOAuthAccessToken: (token: OpenAiCodexTokenBrokerResponse) => OAuthAccessToken;
+declare const makeOpenAiCodexBrokerRequest: (input: {
+  readonly subjectId: string;
+  readonly minTtlSeconds?: number;
+  readonly forceRefresh?: boolean;
+}) => TokenBrokerRequest;
+declare const openAiCodexAuthorizationHeaders: (token: OAuthAccessToken) => {
+  authorization: string;
+  originator: string;
+} | {
+  'ChatGPT-Account-Id': string;
+  authorization: string;
+  originator: string;
+};
+declare const makeOpenAiCodexTokenBrokerClient: (broker: TokenBrokerClient) => {
+  getAccessToken: (input: {
+    readonly subjectId: string;
+    readonly minTtlSeconds?: number;
+    readonly forceRefresh?: boolean;
+  }) => import("effect/Effect").Effect<OAuthAccessToken, import("@yolk-sdk/oauth").OAuthError, never>;
+};
+//#endregion
+export { OpenAiCodexOAuthToken, OpenAiCodexTokenBrokerResponse, makeOpenAiCodexBrokerRequest, makeOpenAiCodexTokenBrokerClient, openAiCodexAuthIssuer, openAiCodexAuthorizationHeaders, openAiCodexClientId, openAiCodexDeviceAuthCallbackRedirect, openAiCodexDeviceAuthTokenUrl, openAiCodexDeviceAuthUserCodeUrl, openAiCodexDeviceVerificationUrl, openAiCodexProviderId, openAiCodexRefreshBufferMs, openAiCodexResponsesUrl, openAiCodexTokenEndpoint, toOAuthAccessToken };
+//# sourceMappingURL=codex.d.mts.map

package/dist/codex.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"codex.d.mts","names":[],"sources":["../src/codex.ts"],"mappings":";;;;cAGa,qBAAA;AAAA,cACA,uBAAA;AAAA,cACA,qBAAA;AAAA,cACA,mBAAA;AAAA,cACA,gCAAA;AAAA,cACA,6BAAA;AAAA,cACA,qCAAA;AAAA,cACA,gCAAA;AAAA,cACA,wBAAA;AAAA,cACA,0BAAA;AAAA,cAA0C,0BAAA;;;;;;cAE1C,qBAAA,SAA8B,0BAOzC;AAAA,cAAG,mCAAA;;;;;cAEQ,8BAAA,SAAuC,mCAMlD;AAAA,cAEW,kBAAA,GAAsB,KAAA,EAAO,8BAAA,KAA8B,gBAMpE;AAAA,cAES,4BAAA,GAAgC,KAAA;EAAA,SAClC,SAAA;EAAA,SACA,aAAA;EAAA,SACA,YAAA;AAAA,MACV,kBAMG;AAAA,cAES,+BAAA,GAAmC,KAAA,EAAO,gBAAgB;;;;;;;;cAgB1D,gCAAA,GAAoC,MAAA,EAAQ,iBAAA;;aAE5C,SAAA;IAAA,SACA,aAAA;IAAA,SACA,YAAA;EAAA,8BACV,MAAA,CAAA,gBAAA,4BAAA,UAAA;AAAA"}

package/dist/codex.mjs

@@ -0,0 +1,52 @@
+import * as Schema from "effect/Schema";
+import { OAuthAccessToken, TokenBrokerRequest } from "@yolk-sdk/oauth";
+//#region src/codex.ts
+const openAiCodexProviderId = "openai-codex";
+const openAiCodexResponsesUrl = "https://chatgpt.com/backend-api/codex/responses";
+const openAiCodexAuthIssuer = "https://auth.openai.com";
+const openAiCodexClientId = "app_EMoamEEZ73f0CkXaXp7hrann";
+const openAiCodexDeviceAuthUserCodeUrl = `${openAiCodexAuthIssuer}/api/accounts/deviceauth/usercode`;
+const openAiCodexDeviceAuthTokenUrl = `${openAiCodexAuthIssuer}/api/accounts/deviceauth/token`;
+const openAiCodexDeviceAuthCallbackRedirect = `${openAiCodexAuthIssuer}/deviceauth/callback`;
+const openAiCodexDeviceVerificationUrl = `${openAiCodexAuthIssuer}/codex/device`;
+const openAiCodexTokenEndpoint = `${openAiCodexAuthIssuer}/oauth/token`;
+const openAiCodexRefreshBufferMs = 300 * 1e3;
+var OpenAiCodexOAuthToken = class extends Schema.Class("OpenAiCodexOAuthToken")({
+	accessToken: Schema.String,
+	refreshToken: Schema.String,
+	expiresAt: Schema.Number,
+	accountId: Schema.optional(Schema.String)
+}) {};
+var OpenAiCodexTokenBrokerResponse = class extends Schema.Class("OpenAiCodexTokenBrokerResponse")({
+	accessToken: Schema.String,
+	expiresAt: Schema.Number,
+	accountId: Schema.optional(Schema.String)
+}) {};
+const toOAuthAccessToken = (token) => new OAuthAccessToken({
+	provider: openAiCodexProviderId,
+	accessToken: token.accessToken,
+	expiresAt: token.expiresAt,
+	accountId: token.accountId
+});
+const makeOpenAiCodexBrokerRequest = (input) => new TokenBrokerRequest({
+	provider: openAiCodexProviderId,
+	subjectId: input.subjectId,
+	minTtlSeconds: input.minTtlSeconds,
+	forceRefresh: input.forceRefresh
+});
+const openAiCodexAuthorizationHeaders = (token) => {
+	const baseHeaders = {
+		authorization: `Bearer ${token.accessToken}`,
+		originator: "opencode"
+	};
+	if (token.accountId === void 0) return baseHeaders;
+	return {
+		...baseHeaders,
+		"ChatGPT-Account-Id": token.accountId
+	};
+};
+const makeOpenAiCodexTokenBrokerClient = (broker) => ({ getAccessToken: (input) => broker.getAccessToken(makeOpenAiCodexBrokerRequest(input)) });
+//#endregion
+export { OpenAiCodexOAuthToken, OpenAiCodexTokenBrokerResponse, makeOpenAiCodexBrokerRequest, makeOpenAiCodexTokenBrokerClient, openAiCodexAuthIssuer, openAiCodexAuthorizationHeaders, openAiCodexClientId, openAiCodexDeviceAuthCallbackRedirect, openAiCodexDeviceAuthTokenUrl, openAiCodexDeviceAuthUserCodeUrl, openAiCodexDeviceVerificationUrl, openAiCodexProviderId, openAiCodexRefreshBufferMs, openAiCodexResponsesUrl, openAiCodexTokenEndpoint, toOAuthAccessToken };
+
+//# sourceMappingURL=codex.mjs.map

package/dist/codex.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"codex.mjs","names":[],"sources":["../src/codex.ts"],"sourcesContent":["import * as Schema from 'effect/Schema'\nimport { OAuthAccessToken, TokenBrokerRequest, type TokenBrokerClient } from '@yolk-sdk/oauth'\n\nexport const openAiCodexProviderId = 'openai-codex'\nexport const openAiCodexResponsesUrl = 'https://chatgpt.com/backend-api/codex/responses'\nexport const openAiCodexAuthIssuer = 'https://auth.openai.com'\nexport const openAiCodexClientId = 'app_EMoamEEZ73f0CkXaXp7hrann'\nexport const openAiCodexDeviceAuthUserCodeUrl = `${openAiCodexAuthIssuer}/api/accounts/deviceauth/usercode`\nexport const openAiCodexDeviceAuthTokenUrl = `${openAiCodexAuthIssuer}/api/accounts/deviceauth/token`\nexport const openAiCodexDeviceAuthCallbackRedirect = `${openAiCodexAuthIssuer}/deviceauth/callback`\nexport const openAiCodexDeviceVerificationUrl = `${openAiCodexAuthIssuer}/codex/device`\nexport const openAiCodexTokenEndpoint = `${openAiCodexAuthIssuer}/oauth/token`\nexport const openAiCodexRefreshBufferMs = 5 * 60 * 1000\n\nexport class OpenAiCodexOAuthToken extends Schema.Class<OpenAiCodexOAuthToken>(\n  'OpenAiCodexOAuthToken'\n)({\n  accessToken: Schema.String,\n  refreshToken: Schema.String,\n  expiresAt: Schema.Number,\n  accountId: Schema.optional(Schema.String)\n}) {}\n\nexport class OpenAiCodexTokenBrokerResponse extends Schema.Class<OpenAiCodexTokenBrokerResponse>(\n  'OpenAiCodexTokenBrokerResponse'\n)({\n  accessToken: Schema.String,\n  expiresAt: Schema.Number,\n  accountId: Schema.optional(Schema.String)\n}) {}\n\nexport const toOAuthAccessToken = (token: OpenAiCodexTokenBrokerResponse) =>\n  new OAuthAccessToken({\n    provider: openAiCodexProviderId,\n    accessToken: token.accessToken,\n    expiresAt: token.expiresAt,\n    accountId: token.accountId\n  })\n\nexport const makeOpenAiCodexBrokerRequest = (input: {\n  readonly subjectId: string\n  readonly minTtlSeconds?: number\n  readonly forceRefresh?: boolean\n}) =>\n  new TokenBrokerRequest({\n    provider: openAiCodexProviderId,\n    subjectId: input.subjectId,\n    minTtlSeconds: input.minTtlSeconds,\n    forceRefresh: input.forceRefresh\n  })\n\nexport const openAiCodexAuthorizationHeaders = (token: OAuthAccessToken) => {\n  const baseHeaders = {\n    authorization: `Bearer ${token.accessToken}`,\n    originator: 'opencode'\n  }\n\n  if (token.accountId === undefined) {\n    return baseHeaders\n  }\n\n  return {\n    ...baseHeaders,\n    'ChatGPT-Account-Id': token.accountId\n  }\n}\n\nexport const makeOpenAiCodexTokenBrokerClient = (broker: TokenBrokerClient) => ({\n  getAccessToken: (input: {\n    readonly subjectId: string\n    readonly minTtlSeconds?: number\n    readonly forceRefresh?: boolean\n  }) => broker.getAccessToken(makeOpenAiCodexBrokerRequest(input))\n})\n"],"mappings":";;;AAGA,MAAa,wBAAwB;AACrC,MAAa,0BAA0B;AACvC,MAAa,wBAAwB;AACrC,MAAa,sBAAsB;AACnC,MAAa,mCAAmC,GAAG,sBAAsB;AACzE,MAAa,gCAAgC,GAAG,sBAAsB;AACtE,MAAa,wCAAwC,GAAG,sBAAsB;AAC9E,MAAa,mCAAmC,GAAG,sBAAsB;AACzE,MAAa,2BAA2B,GAAG,sBAAsB;AACjE,MAAa,6BAA6B,MAAS;AAEnD,IAAa,wBAAb,cAA2C,OAAO,MAChD,uBACF,EAAE;CACA,aAAa,OAAO;CACpB,cAAc,OAAO;CACrB,WAAW,OAAO;CAClB,WAAW,OAAO,SAAS,OAAO,MAAM;AAC1C,CAAC,EAAE,CAAC;AAEJ,IAAa,iCAAb,cAAoD,OAAO,MACzD,gCACF,EAAE;CACA,aAAa,OAAO;CACpB,WAAW,OAAO;CAClB,WAAW,OAAO,SAAS,OAAO,MAAM;AAC1C,CAAC,EAAE,CAAC;AAEJ,MAAa,sBAAsB,UACjC,IAAI,iBAAiB;CACnB,UAAU;CACV,aAAa,MAAM;CACnB,WAAW,MAAM;CACjB,WAAW,MAAM;AACnB,CAAC;AAEH,MAAa,gCAAgC,UAK3C,IAAI,mBAAmB;CACrB,UAAU;CACV,WAAW,MAAM;CACjB,eAAe,MAAM;CACrB,cAAc,MAAM;AACtB,CAAC;AAEH,MAAa,mCAAmC,UAA4B;CAC1E,MAAM,cAAc;EAClB,eAAe,UAAU,MAAM;EAC/B,YAAY;CACd;CAEA,IAAI,MAAM,cAAc,KAAA,GACtB,OAAO;CAGT,OAAO;EACL,GAAG;EACH,sBAAsB,MAAM;CAC9B;AACF;AAEA,MAAa,oCAAoC,YAA+B,EAC9E,iBAAiB,UAIX,OAAO,eAAe,6BAA6B,KAAK,CAAC,EACjE"}

package/dist/index.d.mts

@@ -0,0 +1,2 @@
+import { OpenAiCodexOAuthToken, OpenAiCodexTokenBrokerResponse, makeOpenAiCodexBrokerRequest, makeOpenAiCodexTokenBrokerClient, openAiCodexAuthIssuer, openAiCodexAuthorizationHeaders, openAiCodexClientId, openAiCodexDeviceAuthCallbackRedirect, openAiCodexDeviceAuthTokenUrl, openAiCodexDeviceAuthUserCodeUrl, openAiCodexDeviceVerificationUrl, openAiCodexProviderId, openAiCodexRefreshBufferMs, openAiCodexResponsesUrl, openAiCodexTokenEndpoint, toOAuthAccessToken } from "./codex.mjs";
+export { OpenAiCodexOAuthToken, OpenAiCodexTokenBrokerResponse, makeOpenAiCodexBrokerRequest, makeOpenAiCodexTokenBrokerClient, openAiCodexAuthIssuer, openAiCodexAuthorizationHeaders, openAiCodexClientId, openAiCodexDeviceAuthCallbackRedirect, openAiCodexDeviceAuthTokenUrl, openAiCodexDeviceAuthUserCodeUrl, openAiCodexDeviceVerificationUrl, openAiCodexProviderId, openAiCodexRefreshBufferMs, openAiCodexResponsesUrl, openAiCodexTokenEndpoint, toOAuthAccessToken };

package/dist/index.mjs

@@ -0,0 +1,2 @@
+import { OpenAiCodexOAuthToken, OpenAiCodexTokenBrokerResponse, makeOpenAiCodexBrokerRequest, makeOpenAiCodexTokenBrokerClient, openAiCodexAuthIssuer, openAiCodexAuthorizationHeaders, openAiCodexClientId, openAiCodexDeviceAuthCallbackRedirect, openAiCodexDeviceAuthTokenUrl, openAiCodexDeviceAuthUserCodeUrl, openAiCodexDeviceVerificationUrl, openAiCodexProviderId, openAiCodexRefreshBufferMs, openAiCodexResponsesUrl, openAiCodexTokenEndpoint, toOAuthAccessToken } from "./codex.mjs";
+export { OpenAiCodexOAuthToken, OpenAiCodexTokenBrokerResponse, makeOpenAiCodexBrokerRequest, makeOpenAiCodexTokenBrokerClient, openAiCodexAuthIssuer, openAiCodexAuthorizationHeaders, openAiCodexClientId, openAiCodexDeviceAuthCallbackRedirect, openAiCodexDeviceAuthTokenUrl, openAiCodexDeviceAuthUserCodeUrl, openAiCodexDeviceVerificationUrl, openAiCodexProviderId, openAiCodexRefreshBufferMs, openAiCodexResponsesUrl, openAiCodexTokenEndpoint, toOAuthAccessToken };

package/package.json

@@ -0,0 +1,56 @@
+{
+  "name": "@yolk-sdk/openai",
+  "version": "0.0.1-canary.0",
+  "description": "OpenAI and Codex OAuth and provider mechanics for Yolk hosts.",
+  "license": "MIT",
+  "type": "module",
+  "sideEffects": false,
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/magoz/yolk-sdk.git",
+    "directory": "packages/openai"
+  },
+  "bugs": {
+    "url": "https://github.com/magoz/yolk-sdk/issues"
+  },
+  "homepage": "https://github.com/magoz/yolk-sdk#readme",
+  "keywords": [
+    "openai",
+    "codex",
+    "oauth",
+    "agent",
+    "effect"
+  ],
+  "engines": {
+    "node": ">=22"
+  },
+  "exports": {
+    "./package.json": "./package.json",
+    ".": {
+      "types": "./dist/index.d.mts",
+      "import": "./dist/index.mjs",
+      "default": "./dist/index.mjs"
+    }
+  },
+  "files": [
+    "src/**/*.ts",
+    "!src/**/*.test.ts",
+    "!src/**/*.test.tsx",
+    "dist/**/*",
+    "README.md"
+  ],
+  "publishConfig": {
+    "access": "public",
+    "provenance": true
+  },
+  "dependencies": {
+    "effect": "4.0.0-beta.65",
+    "@yolk-sdk/oauth": "^0.0.1-canary.0"
+  },
+  "scripts": {
+    "build": "tsdown",
+    "check": "tsc -p tsconfig.json --noEmit",
+    "test": "vitest run --passWithNoTests",
+    "test:run": "vitest run --passWithNoTests"
+  }
+}

package/src/codex.ts

@@ -0,0 +1,74 @@
+import * as Schema from 'effect/Schema'
+import { OAuthAccessToken, TokenBrokerRequest, type TokenBrokerClient } from '@yolk-sdk/oauth'
+
+export const openAiCodexProviderId = 'openai-codex'
+export const openAiCodexResponsesUrl = 'https://chatgpt.com/backend-api/codex/responses'
+export const openAiCodexAuthIssuer = 'https://auth.openai.com'
+export const openAiCodexClientId = 'app_EMoamEEZ73f0CkXaXp7hrann'
+export const openAiCodexDeviceAuthUserCodeUrl = `${openAiCodexAuthIssuer}/api/accounts/deviceauth/usercode`
+export const openAiCodexDeviceAuthTokenUrl = `${openAiCodexAuthIssuer}/api/accounts/deviceauth/token`
+export const openAiCodexDeviceAuthCallbackRedirect = `${openAiCodexAuthIssuer}/deviceauth/callback`
+export const openAiCodexDeviceVerificationUrl = `${openAiCodexAuthIssuer}/codex/device`
+export const openAiCodexTokenEndpoint = `${openAiCodexAuthIssuer}/oauth/token`
+export const openAiCodexRefreshBufferMs = 5 * 60 * 1000
+
+export class OpenAiCodexOAuthToken extends Schema.Class<OpenAiCodexOAuthToken>(
+  'OpenAiCodexOAuthToken'
+)({
+  accessToken: Schema.String,
+  refreshToken: Schema.String,
+  expiresAt: Schema.Number,
+  accountId: Schema.optional(Schema.String)
+}) {}
+
+export class OpenAiCodexTokenBrokerResponse extends Schema.Class<OpenAiCodexTokenBrokerResponse>(
+  'OpenAiCodexTokenBrokerResponse'
+)({
+  accessToken: Schema.String,
+  expiresAt: Schema.Number,
+  accountId: Schema.optional(Schema.String)
+}) {}
+
+export const toOAuthAccessToken = (token: OpenAiCodexTokenBrokerResponse) =>
+  new OAuthAccessToken({
+    provider: openAiCodexProviderId,
+    accessToken: token.accessToken,
+    expiresAt: token.expiresAt,
+    accountId: token.accountId
+  })
+
+export const makeOpenAiCodexBrokerRequest = (input: {
+  readonly subjectId: string
+  readonly minTtlSeconds?: number
+  readonly forceRefresh?: boolean
+}) =>
+  new TokenBrokerRequest({
+    provider: openAiCodexProviderId,
+    subjectId: input.subjectId,
+    minTtlSeconds: input.minTtlSeconds,
+    forceRefresh: input.forceRefresh
+  })
+
+export const openAiCodexAuthorizationHeaders = (token: OAuthAccessToken) => {
+  const baseHeaders = {
+    authorization: `Bearer ${token.accessToken}`,
+    originator: 'opencode'
+  }
+
+  if (token.accountId === undefined) {
+    return baseHeaders
+  }
+
+  return {
+    ...baseHeaders,
+    'ChatGPT-Account-Id': token.accountId
+  }
+}
+
+export const makeOpenAiCodexTokenBrokerClient = (broker: TokenBrokerClient) => ({
+  getAccessToken: (input: {
+    readonly subjectId: string
+    readonly minTtlSeconds?: number
+    readonly forceRefresh?: boolean
+  }) => broker.getAccessToken(makeOpenAiCodexBrokerRequest(input))
+})

package/src/index.ts

@@ -0,0 +1,18 @@
+export {
+  OpenAiCodexOAuthToken,
+  OpenAiCodexTokenBrokerResponse,
+  makeOpenAiCodexBrokerRequest,
+  makeOpenAiCodexTokenBrokerClient,
+  openAiCodexAuthIssuer,
+  openAiCodexAuthorizationHeaders,
+  openAiCodexClientId,
+  openAiCodexDeviceAuthCallbackRedirect,
+  openAiCodexDeviceAuthTokenUrl,
+  openAiCodexDeviceAuthUserCodeUrl,
+  openAiCodexDeviceVerificationUrl,
+  openAiCodexProviderId,
+  openAiCodexRefreshBufferMs,
+  openAiCodexResponsesUrl,
+  openAiCodexTokenEndpoint,
+  toOAuthAccessToken
+} from './codex.ts'