agentgui 1.0.208 → 1.0.210

package/CLAUDE.md

@@ -89,3 +89,53 @@ Server broadcasts:
 - `streaming_complete` - Execution finished
 - `streaming_error` - Execution failed
 - `conversation_created`, `conversation_updated`, `conversation_deleted`
+- `tts_setup_progress` - Windows pocket-tts setup progress (step, status, message)
+
+## Pocket-TTS Windows Setup (Reliability for Slow/Bad Internet)
+
+On Windows, text-to-speech uses pocket-tts which requires Python and pip install. The setup process is now resilient to slow/unreliable connections:
+
+### Features
+- **Extended timeouts**: 120s for pip install (accommodates slow connections)
+- **Retry logic**: 3 attempts with exponential backoff (1s, 2s delays)
+- **Progress reporting**: Real-time updates via WebSocket to UI
+- **Partial install cleanup**: Failed venvs are removed to allow retry
+- **Installation verification**: Binary validation via `--version` check
+- **Concurrent waiting**: Multiple simultaneous requests wait for single setup (600s timeout)
+
+### Configuration (lib/windows-pocket-tts-setup.js)
+```javascript
+const CONFIG = {
+  PIP_TIMEOUT: 120000,           // 2 minutes
+  VENV_CREATION_TIMEOUT: 30000,  // 30 seconds
+  MAX_RETRIES: 3,                 // 3 attempts
+  RETRY_DELAY_MS: 1000,          // 1 second initial
+  RETRY_BACKOFF_MULTIPLIER: 2,   // 2x exponential
+};
+```
+
+### Network Requirements
+- **Minimum**: 50 kbps sustained, < 5s latency, < 10% packet loss
+- **Recommended**: 256+ kbps, < 2s latency, < 1% packet loss
+- **Expected time on slow connection**: 2-6 minutes with retries
+
+### Progress Messages
+During TTS setup on first use, WebSocket broadcasts:
+```json
+{
+  "type": "tts_setup_progress",
+  "step": "detecting-python|creating-venv|installing|verifying",
+  "status": "in-progress|success|error",
+  "message": "descriptive status message with retry count if applicable"
+}
+```
+
+### Recovery Behavior
+1. Network timeout → auto-retry with backoff
+2. Partial venv → auto-cleanup before retry
+3. Failed verification → auto-cleanup and error
+4. Concurrent requests → first starts setup, others wait up to 600s
+5. Interrupted setup → cleanup allows fresh retry
+
+### Testing
+Setup validates by running pocket-tts binary with `--version` flag to confirm functional installation, not just file existence.

package/lib/windows-pocket-tts-setup.js

@@ -8,6 +8,14 @@ const VENV_DIR = path.join(os.homedir(), '.gmgui', 'pocket-venv');
 const isWin = process.platform === 'win32';
 const EXECUTABLE_NAME = isWin ? 'pocket-tts.exe' : 'pocket-tts';
 
+const CONFIG = {
+  PIP_TIMEOUT: 120000,
+  VENV_CREATION_TIMEOUT: 30000,
+  MAX_RETRIES: 3,
+  RETRY_DELAY_MS: 1000,
+  RETRY_BACKOFF_MULTIPLIER: 2,
+};
+
 function getPocketTtsPath() {
   if (isWin) {
     return path.join(VENV_DIR, 'Scripts', EXECUTABLE_NAME);
@@ -17,7 +25,7 @@ function getPocketTtsPath() {
 
 function detectPython() {
   try {
-    const versionOutput = execSync('python --version', { encoding: 'utf-8' }).trim();
+    const versionOutput = execSync('python --version', { encoding: 'utf-8', timeout: 10000 }).trim();
     const match = versionOutput.match(/(\d+)\.(\d+)/);
     if (!match) return { found: false, version: null, error: 'Could not parse version' };
 
@@ -40,6 +48,53 @@ function isSetup() {
   return fs.existsSync(exePath);
 }
 
+function cleanupPartialInstall() {
+  try {
+    if (fs.existsSync(VENV_DIR)) {
+      fs.rmSync(VENV_DIR, { recursive: true, force: true });
+      return true;
+    }
+  } catch (e) {
+    console.error(`Failed to cleanup partial install: ${e.message}`);
+  }
+  return false;
+}
+
+function verifyInstallation() {
+  const exePath = getPocketTtsPath();
+  if (!fs.existsSync(exePath)) {
+    return { valid: false, error: `Binary not found at ${exePath}` };
+  }
+
+  try {
+    const versionOutput = execSync(`"${exePath}" --version`, { encoding: 'utf-8', timeout: 10000, stdio: 'pipe' });
+    return { valid: true, version: versionOutput.trim() };
+  } catch (e) {
+    return { valid: false, error: `Binary exists but failed verification: ${e.message}` };
+  }
+}
+
+async function executeWithRetry(fn, stepName, maxRetries = CONFIG.MAX_RETRIES) {
+  let lastError = null;
+  let delayMs = CONFIG.RETRY_DELAY_MS;
+
+  for (let attempt = 1; attempt <= maxRetries; attempt++) {
+    try {
+      return await fn(attempt);
+    } catch (e) {
+      lastError = e;
+      if (attempt < maxRetries) {
+        console.log(`Attempt ${attempt}/${maxRetries} failed for ${stepName}, retrying in ${delayMs}ms`);
+        await new Promise(r => setTimeout(r, delayMs));
+        delayMs *= CONFIG.RETRY_BACKOFF_MULTIPLIER;
+      }
+    }
+  }
+
+  const msg = `${stepName} failed after ${maxRetries} attempts: ${lastError.message || lastError}`;
+  throw new Error(msg);
+}
+
 async function install(onProgress) {
   const pythonDetect = detectPython();
 
@@ -57,56 +112,79 @@ async function install(onProgress) {
   if (onProgress) onProgress({ step: 'detecting-python', status: 'success', message: `Found Python ${pythonDetect.version}` });
 
   if (isSetup()) {
-    if (onProgress) onProgress({ step: 'verifying', status: 'success', message: 'pocket-tts already installed' });
-    return { success: true };
+    const verify = verifyInstallation();
+    if (verify.valid) {
+      if (onProgress) onProgress({ step: 'verifying', status: 'success', message: 'pocket-tts already installed' });
+      return { success: true };
+    }
   }
 
   if (onProgress) onProgress({ step: 'creating-venv', status: 'in-progress', message: `Creating virtual environment at ${VENV_DIR}` });
 
   try {
-    const mkdirResult = execSync(`python -m venv "${VENV_DIR}"`, { encoding: 'utf-8', stdio: 'pipe' });
+    await executeWithRetry(async (attempt) => {
+      return execSync(`python -m venv "${VENV_DIR}"`, {
+        encoding: 'utf-8',
+        stdio: 'pipe',
+        timeout: CONFIG.VENV_CREATION_TIMEOUT,
+      });
+    }, 'venv creation', 2);
+
     if (onProgress) onProgress({ step: 'creating-venv', status: 'success', message: 'Virtual environment created' });
   } catch (e) {
-    const msg = `Failed to create venv: ${e.message || e.stderr || e}`;
+    const msg = `Failed to create venv: ${e.message || e}`;
     if (onProgress) onProgress({ step: 'creating-venv', status: 'error', message: msg });
+    cleanupPartialInstall();
     return { success: false, error: msg };
   }
 
-  if (onProgress) onProgress({ step: 'installing', status: 'in-progress', message: 'Installing pocket-tts via pip (this may take a minute)' });
+  if (onProgress) onProgress({ step: 'installing', status: 'in-progress', message: 'Installing pocket-tts via pip (this may take 2-5 minutes on slow connections)' });
 
   try {
-    const pipCmd = isWin
-      ? `"${path.join(VENV_DIR, 'Scripts', 'pip')}" install pocket-tts`
-      : `"${path.join(VENV_DIR, 'bin', 'pip')}" install pocket-tts`;
+    await executeWithRetry(async (attempt) => {
+      if (attempt > 1 && onProgress) {
+        onProgress({ step: 'installing', status: 'in-progress', message: `Installing pocket-tts (attempt ${attempt}/${CONFIG.MAX_RETRIES})` });
+      }
+
+      const pipCmd = isWin
+        ? `"${path.join(VENV_DIR, 'Scripts', 'pip')}" install --no-cache-dir pocket-tts`
+        : `"${path.join(VENV_DIR, 'bin', 'pip')}" install --no-cache-dir pocket-tts`;
+
+      return execSync(pipCmd, {
+        encoding: 'utf-8',
+        stdio: 'pipe',
+        timeout: CONFIG.PIP_TIMEOUT,
+        env: { ...process.env, PIP_DEFAULT_TIMEOUT: '120' },
+      });
+    }, 'pip install', CONFIG.MAX_RETRIES);
 
-    const installResult = execSync(pipCmd, { encoding: 'utf-8', stdio: 'pipe', timeout: 300000 });
     if (onProgress) onProgress({ step: 'installing', status: 'success', message: 'pocket-tts installed successfully' });
   } catch (e) {
-    const msg = `Failed to install pocket-tts: ${e.message || e.stderr || e}`;
+    const msg = `Failed to install pocket-tts: ${e.message || e}`;
     if (onProgress) onProgress({ step: 'installing', status: 'error', message: msg });
+    cleanupPartialInstall();
     return { success: false, error: msg };
   }
 
   if (onProgress) onProgress({ step: 'verifying', status: 'in-progress', message: 'Verifying installation' });
 
-  const exePath = getPocketTtsPath();
-  const binDir = path.join(VENV_DIR, 'bin');
-  const binExePath = path.join(binDir, 'pocket-tts');
-
-  if (!fs.existsSync(exePath)) {
-    const msg = `pocket-tts binary not found at ${exePath}`;
+  const verify = verifyInstallation();
+  if (!verify.valid) {
+    const msg = verify.error || 'Installation verification failed';
     if (onProgress) onProgress({ step: 'verifying', status: 'error', message: msg });
+    cleanupPartialInstall();
     return { success: false, error: msg };
   }
 
-  // On Windows, webtalk looks for pocket-tts in bin/ (Unix path structure)
-  // Copy the executable there for compatibility with Node.js spawn()
+  const exePath = getPocketTtsPath();
+  const binDir = path.join(VENV_DIR, 'bin');
+  const binExePath = path.join(binDir, 'pocket-tts');
+
   if (isWin) {
     try {
       fs.mkdirSync(binDir, { recursive: true });
     } catch (e) {}
 
-    // Copy pocket-tts.exe to bin folder
     const exeWithExt = path.join(binDir, 'pocket-tts.exe');
     if (fs.existsSync(exePath) && !fs.existsSync(exeWithExt)) {
       try {
@@ -114,7 +192,6 @@ async function install(onProgress) {
       } catch (e) {}
     }
 
-    // Create a batch file wrapper for Node.js spawn compatibility
     const batchFile = path.join(binDir, 'pocket-tts.bat');
     if (!fs.existsSync(batchFile) && fs.existsSync(exeWithExt)) {
       try {
@@ -124,9 +201,9 @@ async function install(onProgress) {
     }
   }
 
-  if (onProgress) onProgress({ step: 'verifying', status: 'success', message: 'pocket-tts ready' });
+  if (onProgress) onProgress({ step: 'verifying', status: 'success', message: `pocket-tts ready (${verify.version})` });
 
   return { success: true };
 }
 
-export { detectPython, isSetup, install, getPocketTtsPath, VENV_DIR };
+export { detectPython, isSetup, install, getPocketTtsPath, VENV_DIR, CONFIG, cleanupPartialInstall, verifyInstallation };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentgui",
-  "version": "1.0.208",
+  "version": "1.0.210",
   "description": "Multi-agent ACP client with real-time communication",
   "type": "module",
   "main": "server.js",

package/server.js

@@ -27,7 +27,8 @@ async function ensurePocketTtsSetup(onProgress) {
 
   if (pocketTtsSetupState.inProgress) {
     let waited = 0;
-    while (pocketTtsSetupState.inProgress && waited < 30000) {
+    const MAX_WAIT = 600000;
+    while (pocketTtsSetupState.inProgress && waited < MAX_WAIT) {
       await new Promise(r => setTimeout(r, 100));
       waited += 100;
     }
@@ -332,11 +333,11 @@ function geminiOAuthResultPage(title, message, success) {
 </div></body></html>`;
 }
 
-async function startGeminiOAuth(baseUrl) {
+async function startGeminiOAuth() {
   const creds = getGeminiOAuthCreds();
   if (!creds) throw new Error('Could not find Gemini CLI OAuth credentials. Install gemini CLI first.');
 
-  const redirectUri = `${baseUrl}${BASE_URL}/oauth2callback`;
+  const redirectUri = `http://localhost:${PORT}${BASE_URL}/oauth2callback`;
   const state = crypto.randomBytes(32).toString('hex');
 
   const client = new OAuth2Client({
@@ -364,71 +365,74 @@ async function startGeminiOAuth(baseUrl) {
   return authUrl;
 }
 
-async function handleGeminiOAuthCallback(req, res) {
-  const reqUrl = new URL(req.url, buildBaseUrl(req));
-
-  if (!geminiOAuthPending) {
-    res.writeHead(200, { 'Content-Type': 'text/html' });
-    res.end(geminiOAuthResultPage('Authentication Failed', 'No pending OAuth flow.', false));
-    return;
-  }
-
-  const error = reqUrl.searchParams.get('error');
-  if (error) {
-    const desc = reqUrl.searchParams.get('error_description') || error;
-    geminiOAuthState = { status: 'error', error: desc, email: null };
-    geminiOAuthPending = null;
-    res.writeHead(200, { 'Content-Type': 'text/html' });
-    res.end(geminiOAuthResultPage('Authentication Failed', desc, false));
-    return;
-  }
+async function exchangeGeminiOAuthCode(code, state) {
+  if (!geminiOAuthPending) throw new Error('No pending OAuth flow. Please start authentication again.');
 
   const { client, redirectUri, state: expectedState } = geminiOAuthPending;
 
-  if (reqUrl.searchParams.get('state') !== expectedState) {
+  if (state !== expectedState) {
     geminiOAuthState = { status: 'error', error: 'State mismatch', email: null };
     geminiOAuthPending = null;
-    res.writeHead(200, { 'Content-Type': 'text/html' });
-    res.end(geminiOAuthResultPage('Authentication Failed', 'State mismatch.', false));
-    return;
+    throw new Error('State mismatch - possible CSRF attack.');
   }
 
-  const code = reqUrl.searchParams.get('code');
   if (!code) {
-    geminiOAuthState = { status: 'error', error: 'No authorization code', email: null };
+    geminiOAuthState = { status: 'error', error: 'No authorization code received', email: null };
     geminiOAuthPending = null;
+    throw new Error('No authorization code received.');
+  }
+
+  const { tokens } = await client.getToken({ code, redirect_uri: redirectUri });
+  client.setCredentials(tokens);
+
+  let email = '';
+  try {
+    const { token } = await client.getAccessToken();
+    if (token) {
+      const resp = await fetch('https://www.googleapis.com/oauth2/v2/userinfo', {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      if (resp.ok) {
+        const info = await resp.json();
+        email = info.email || '';
+      }
+    }
+  } catch (_) {}
+
+  saveGeminiCredentials(tokens, email);
+  geminiOAuthState = { status: 'success', error: null, email };
+  geminiOAuthPending = null;
+
+  return email;
+}
+
+async function handleGeminiOAuthCallback(req, res) {
+  const reqUrl = new URL(req.url, `http://localhost:${PORT}`);
+
+  if (!geminiOAuthPending) {
     res.writeHead(200, { 'Content-Type': 'text/html' });
-    res.end(geminiOAuthResultPage('Authentication Failed', 'No authorization code received.', false));
+    res.end(geminiOAuthResultPage('Authentication Failed', 'No pending OAuth flow.', false));
     return;
   }
 
   try {
-    const { tokens } = await client.getToken({ code, redirect_uri: redirectUri });
-    client.setCredentials(tokens);
-
-    let email = '';
-    try {
-      const { token } = await client.getAccessToken();
-      if (token) {
-        const resp = await fetch('https://www.googleapis.com/oauth2/v2/userinfo', {
-          headers: { Authorization: `Bearer ${token}` }
-        });
-        if (resp.ok) {
-          const info = await resp.json();
-          email = info.email || '';
-        }
-      }
-    } catch (_) {}
+    const error = reqUrl.searchParams.get('error');
+    if (error) {
+      const desc = reqUrl.searchParams.get('error_description') || error;
+      geminiOAuthState = { status: 'error', error: desc, email: null };
+      geminiOAuthPending = null;
+      res.writeHead(200, { 'Content-Type': 'text/html' });
+      res.end(geminiOAuthResultPage('Authentication Failed', desc, false));
+      return;
+    }
 
-    saveGeminiCredentials(tokens, email);
-    geminiOAuthState = { status: 'success', error: null, email };
-    geminiOAuthPending = null;
+    const code = reqUrl.searchParams.get('code');
+    const state = reqUrl.searchParams.get('state');
+    const email = await exchangeGeminiOAuthCode(code, state);
 
     res.writeHead(200, { 'Content-Type': 'text/html' });
     res.end(geminiOAuthResultPage('Authentication Successful', email ? `Signed in as ${email}` : 'Gemini CLI credentials saved.', true));
   } catch (e) {
-    geminiOAuthState = { status: 'error', error: e.message, email: null };
-    geminiOAuthPending = null;
     res.writeHead(200, { 'Content-Type': 'text/html' });
     res.end(geminiOAuthResultPage('Authentication Failed', e.message, false));
   }
@@ -1126,7 +1130,7 @@ const server = http.createServer(async (req, res) => {
 
     if (pathOnly === '/api/gemini-oauth/start' && req.method === 'POST') {
       try {
-        const authUrl = await startGeminiOAuth(buildBaseUrl(req));
+        const authUrl = await startGeminiOAuth();
         sendJSON(req, res, 200, { authUrl });
       } catch (e) {
         console.error('[gemini-oauth] /api/gemini-oauth/start failed:', e);
@@ -1140,6 +1144,42 @@ const server = http.createServer(async (req, res) => {
       return;
     }
 
+    if (pathOnly === '/api/gemini-oauth/complete' && req.method === 'POST') {
+      try {
+        const body = await parseBody(req);
+        const pastedUrl = (body.url || '').trim();
+        if (!pastedUrl) {
+          sendJSON(req, res, 400, { error: 'No URL provided' });
+          return;
+        }
+
+        let parsed;
+        try { parsed = new URL(pastedUrl); } catch (_) {
+          sendJSON(req, res, 400, { error: 'Invalid URL. Paste the full URL from the browser address bar.' });
+          return;
+        }
+
+        const error = parsed.searchParams.get('error');
+        if (error) {
+          const desc = parsed.searchParams.get('error_description') || error;
+          geminiOAuthState = { status: 'error', error: desc, email: null };
+          geminiOAuthPending = null;
+          sendJSON(req, res, 200, { error: desc });
+          return;
+        }
+
+        const code = parsed.searchParams.get('code');
+        const state = parsed.searchParams.get('state');
+        const email = await exchangeGeminiOAuthCode(code, state);
+        sendJSON(req, res, 200, { success: true, email });
+      } catch (e) {
+        geminiOAuthState = { status: 'error', error: e.message, email: null };
+        geminiOAuthPending = null;
+        sendJSON(req, res, 400, { error: e.message });
+      }
+      return;
+    }
+
     const agentAuthMatch = pathOnly.match(/^\/api\/agents\/([^/]+)\/auth$/);
     if (agentAuthMatch && req.method === 'POST') {
       const agentId = agentAuthMatch[1];
@@ -1148,7 +1188,7 @@ const server = http.createServer(async (req, res) => {
 
       if (agentId === 'gemini') {
         try {
-          const authUrl = await startGeminiOAuth(buildBaseUrl(req));
+          const authUrl = await startGeminiOAuth();
           const conversationId = '__agent_auth__';
           broadcastSync({ type: 'script_started', conversationId, script: 'auth-gemini', agentId: 'gemini', timestamp: Date.now() });
           broadcastSync({ type: 'script_output', conversationId, data: `\x1b[36mOpening Google OAuth in your browser...\x1b[0m\r\n\r\nIf it doesn't open automatically, visit:\r\n${authUrl}\r\n`, stream: 'stdout', timestamp: Date.now() });

package/static/js/agent-auth.js

@@ -130,6 +130,81 @@
 
   function closeDropdown() { dropdown.classList.remove('open'); editingProvider = null; }
 
+  var oauthPollInterval = null, oauthPollTimeout = null;
+
+  function cleanupOAuthPolling() {
+    if (oauthPollInterval) { clearInterval(oauthPollInterval); oauthPollInterval = null; }
+    if (oauthPollTimeout) { clearTimeout(oauthPollTimeout); oauthPollTimeout = null; }
+  }
+
+  function showOAuthPasteModal() {
+    removeOAuthPasteModal();
+    var overlay = document.createElement('div');
+    overlay.id = 'oauthPasteModal';
+    overlay.style.cssText = 'position:fixed;inset:0;background:rgba(0,0,0,0.7);display:flex;align-items:center;justify-content:center;z-index:9999;';
+    var s = function(c) { return 'font-size:0.8rem;color:var(--color-text-secondary,#d1d5db);margin:0 0 ' + (c ? '0' : '0.5rem') + ';'; };
+    overlay.innerHTML = '<div style="background:var(--color-bg-secondary,#1f2937);border-radius:1rem;padding:2rem;max-width:28rem;width:calc(100% - 2rem);box-shadow:0 25px 50px rgba(0,0,0,0.5);color:var(--color-text-primary,white);font-family:system-ui,sans-serif;" onclick="event.stopPropagation()">' +
+      '<div style="display:flex;justify-content:space-between;align-items:center;margin-bottom:1rem;">' +
+      '<h2 style="font-size:1.125rem;font-weight:700;margin:0;">Complete Google Sign-In</h2>' +
+      '<button id="oauthPasteClose" style="background:none;border:none;color:var(--color-text-secondary,#9ca3af);font-size:1.5rem;cursor:pointer;padding:0;line-height:1;">\u00d7</button></div>' +
+      '<div style="margin-bottom:1rem;padding:1rem;background:var(--color-bg-tertiary,rgba(255,255,255,0.05));border-radius:0.5rem;">' +
+      '<p style="' + s() + '">1. A Google sign-in page has opened in a new tab.</p>' +
+      '<p style="' + s() + '">2. Complete the sign-in process with Google.</p>' +
+      '<p style="' + s() + '">3. After signing in, you will be redirected to a page that <span style="color:#facc15;font-weight:600;">may not load</span> (this is expected).</p>' +
+      '<p style="' + s(1) + '">4. Copy the <span style="color:white;font-weight:600;">entire URL</span> from the address bar and paste it below.</p></div>' +
+      '<label style="display:block;font-size:0.8rem;color:var(--color-text-secondary,#d1d5db);margin-bottom:0.5rem;">Paste the redirect URL here:</label>' +
+      '<input type="text" id="oauthPasteInput" placeholder="http://localhost:3000/gm/oauth2callback?code=..." style="width:100%;box-sizing:border-box;padding:0.75rem 1rem;background:var(--color-bg-primary,#374151);border:1px solid var(--color-border,#4b5563);border-radius:0.5rem;color:var(--color-text-primary,white);font-size:0.8rem;font-family:monospace;outline:none;" />' +
+      '<p id="oauthPasteError" style="font-size:0.75rem;color:#ef4444;margin:0.5rem 0 0;display:none;"></p>' +
+      '<div style="display:flex;gap:0.75rem;margin-top:1.25rem;">' +
+      '<button id="oauthPasteCancel" style="flex:1;padding:0.625rem;border-radius:0.5rem;border:1px solid var(--color-border,#4b5563);background:transparent;color:var(--color-text-primary,white);font-size:0.8rem;cursor:pointer;font-weight:600;">Cancel</button>' +
+      '<button id="oauthPasteSubmit" style="flex:1;padding:0.625rem;border-radius:0.5rem;border:none;background:var(--color-primary,#3b82f6);color:white;font-size:0.8rem;cursor:pointer;font-weight:600;">Complete Sign-In</button></div>' +
+      '<p style="font-size:0.7rem;color:var(--color-text-secondary,#6b7280);margin-top:1rem;text-align:center;">If the redirect page loaded successfully, this dialog will close automatically.</p></div>';
+    document.body.appendChild(overlay);
+    var dismiss = function() { cleanupOAuthPolling(); authRunning = false; removeOAuthPasteModal(); };
+    document.getElementById('oauthPasteClose').addEventListener('click', dismiss);
+    document.getElementById('oauthPasteCancel').addEventListener('click', dismiss);
+    document.getElementById('oauthPasteSubmit').addEventListener('click', submitOAuthPasteUrl);
+    document.getElementById('oauthPasteInput').addEventListener('keydown', function(e) { if (e.key === 'Enter') submitOAuthPasteUrl(); });
+    setTimeout(function() { var i = document.getElementById('oauthPasteInput'); if (i) i.focus(); }, 100);
+  }
+
+  function removeOAuthPasteModal() {
+    var el = document.getElementById('oauthPasteModal');
+    if (el) el.remove();
+  }
+
+  function submitOAuthPasteUrl() {
+    var input = document.getElementById('oauthPasteInput');
+    var errorEl = document.getElementById('oauthPasteError');
+    var submitBtn = document.getElementById('oauthPasteSubmit');
+    if (!input) return;
+    var url = input.value.trim();
+    if (!url) {
+      if (errorEl) { errorEl.textContent = 'Please paste the URL from the redirected page.'; errorEl.style.display = 'block'; }
+      return;
+    }
+    if (submitBtn) { submitBtn.disabled = true; submitBtn.textContent = 'Verifying...'; }
+    if (errorEl) errorEl.style.display = 'none';
+
+    fetch(BASE + '/api/gemini-oauth/complete', {
+      method: 'POST', headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ url: url })
+    }).then(function(r) { return r.json(); }).then(function(data) {
+      if (data.success) {
+        cleanupOAuthPolling();
+        authRunning = false;
+        removeOAuthPasteModal();
+        refresh();
+      } else {
+        if (errorEl) { errorEl.textContent = data.error || 'Failed to complete authentication.'; errorEl.style.display = 'block'; }
+        if (submitBtn) { submitBtn.disabled = false; submitBtn.textContent = 'Complete Sign-In'; }
+      }
+    }).catch(function(e) {
+      if (errorEl) { errorEl.textContent = e.message; errorEl.style.display = 'block'; }
+      if (submitBtn) { submitBtn.disabled = false; submitBtn.textContent = 'Complete Sign-In'; }
+    });
+  }
+
   function triggerAuth(agentId) {
     if (authRunning) return;
     fetch(BASE + '/api/agents/' + agentId + '/auth', {
@@ -141,6 +216,28 @@
         if (term) { term.clear(); term.writeln('\x1b[36m[authenticating ' + agentId + ']\x1b[0m\r\n'); }
         if (data.authUrl) {
           window.open(data.authUrl, '_blank');
+          if (agentId === 'gemini') {
+            showOAuthPasteModal();
+            cleanupOAuthPolling();
+            oauthPollInterval = setInterval(function() {
+              fetch(BASE + '/api/gemini-oauth/status').then(function(r) { return r.json(); }).then(function(status) {
+                if (status.status === 'success') {
+                  cleanupOAuthPolling();
+                  authRunning = false;
+                  removeOAuthPasteModal();
+                  refresh();
+                } else if (status.status === 'error') {
+                  cleanupOAuthPolling();
+                  authRunning = false;
+                  removeOAuthPasteModal();
+                }
+              }).catch(function() {});
+            }, 1500);
+            oauthPollTimeout = setTimeout(function() {
+              cleanupOAuthPolling();
+              if (authRunning) { authRunning = false; removeOAuthPasteModal(); }
+            }, 5 * 60 * 1000);
+          }
         }
       }
     }).catch(function() {});
@@ -159,6 +256,8 @@
       if (term) term.write(data.data);
     } else if (data.type === 'script_stopped') {
       authRunning = false;
+      removeOAuthPasteModal();
+      cleanupOAuthPolling();
       var term = getTerminal();
       var msg = data.error ? data.error : ('exited with code ' + (data.code || 0));
       if (term) term.writeln('\r\n\x1b[90m[auth ' + msg + ']\x1b[0m');