agentgui 1.0.211 → 1.0.213

package/database.js

@@ -1120,6 +1120,24 @@ export const queries = {
     });
   },
 
+  getChunksSinceSeq(sessionId, sinceSeq) {
+    const stmt = prep(
+      `SELECT id, sessionId, conversationId, sequence, type, data, created_at
+       FROM chunks WHERE sessionId = ? AND sequence > ? ORDER BY sequence ASC`
+    );
+    const rows = stmt.all(sessionId, sinceSeq);
+    return rows.map(row => {
+      try {
+        return {
+          ...row,
+          data: typeof row.data === 'string' ? JSON.parse(row.data) : row.data
+        };
+      } catch (e) {
+        return row;
+      }
+    });
+  },
+
   deleteSessionChunks(sessionId) {
     const stmt = prep('DELETE FROM chunks WHERE sessionId = ?');
     const result = stmt.run(sessionId);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentgui",
-  "version": "1.0.211",
+  "version": "1.0.213",
   "description": "Multi-agent ACP client with real-time communication",
   "type": "module",
   "main": "server.js",

package/server.js

@@ -336,6 +336,67 @@ function geminiOAuthResultPage(title, message, success) {
 </div></body></html>`;
 }
 
+function encodeOAuthState(csrfToken, relayUrl) {
+  const payload = JSON.stringify({ t: csrfToken, r: relayUrl });
+  return Buffer.from(payload).toString('base64url');
+}
+
+function decodeOAuthState(stateStr) {
+  try {
+    const payload = JSON.parse(Buffer.from(stateStr, 'base64url').toString());
+    return { csrfToken: payload.t, relayUrl: payload.r };
+  } catch (_) {
+    return { csrfToken: stateStr, relayUrl: null };
+  }
+}
+
+function geminiOAuthRelayPage(code, state, error) {
+  const stateData = decodeOAuthState(state || '');
+  const relayUrl = stateData.relayUrl || '';
+  const escapedCode = (code || '').replace(/['"\\]/g, '');
+  const escapedState = (state || '').replace(/['"\\]/g, '');
+  const escapedError = (error || '').replace(/['"\\]/g, '');
+  const escapedRelay = relayUrl.replace(/['"\\]/g, '');
+  return `<!DOCTYPE html><html><head><title>Completing sign-in...</title></head>
+<body style="margin:0;display:flex;align-items:center;justify-content:center;min-height:100vh;background:#111827;font-family:system-ui,sans-serif;color:white;">
+<div id="status" style="text-align:center;max-width:400px;padding:2rem;">
+<div id="spinner" style="font-size:2rem;margin-bottom:1rem;">&#8987;</div>
+<h1 id="title" style="font-size:1.5rem;margin-bottom:0.5rem;">Completing sign-in...</h1>
+<p id="msg" style="color:#9ca3af;">Relaying authentication to server...</p>
+</div>
+<script>
+(function() {
+  var code = '${escapedCode}';
+  var state = '${escapedState}';
+  var error = '${escapedError}';
+  var relayUrl = '${escapedRelay}';
+  function show(icon, title, msg, color) {
+    document.getElementById('spinner').textContent = icon;
+    document.getElementById('spinner').style.color = color;
+    document.getElementById('title').textContent = title;
+    document.getElementById('msg').textContent = msg;
+  }
+  if (error) { show('\\u2717', 'Authentication Failed', error, '#ef4444'); return; }
+  if (!code) { show('\\u2717', 'Authentication Failed', 'No authorization code received.', '#ef4444'); return; }
+  if (!relayUrl) { show('\\u2713', 'Authentication Successful', 'Credentials saved. You can close this tab.', '#10b981'); return; }
+  fetch(relayUrl, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ code: code, state: state })
+  }).then(function(r) { return r.json(); }).then(function(data) {
+    if (data.success) {
+      show('\\u2713', 'Authentication Successful', data.email ? 'Signed in as ' + data.email + '. You can close this tab.' : 'Credentials saved. You can close this tab.', '#10b981');
+    } else {
+      show('\\u2717', 'Authentication Failed', data.error || 'Unknown error', '#ef4444');
+    }
+  }).catch(function(e) {
+    show('\\u2717', 'Relay Failed', 'Could not reach server: ' + e.message + '. You may need to paste the URL manually.', '#ef4444');
+  });
+})();
+</script>
+</body></html>`;
+}
+
 function isRemoteRequest(req) {
   return !!(req && (req.headers['x-forwarded-for'] || req.headers['x-forwarded-host'] || req.headers['x-forwarded-proto']));
 }
@@ -353,7 +414,10 @@ async function startGeminiOAuth(req) {
     redirectUri = `http://localhost:${PORT}${BASE_URL}/oauth2callback`;
   }
 
-  const state = crypto.randomBytes(32).toString('hex');
+  const csrfToken = crypto.randomBytes(32).toString('hex');
+  const relayUrl = req ? `${buildBaseUrl(req)}${BASE_URL}/api/gemini-oauth/relay` : null;
+  const state = encodeOAuthState(csrfToken, relayUrl);
+
   const client = new OAuth2Client({
     clientId: creds.clientId,
     clientSecret: creds.clientSecret,
@@ -367,7 +431,7 @@ async function startGeminiOAuth(req) {
   });
 
   const mode = useCustomClient ? 'custom' : (remote ? 'cli-remote' : 'cli-local');
-  geminiOAuthPending = { client, redirectUri, state };
+  geminiOAuthPending = { client, redirectUri, state: csrfToken };
   geminiOAuthState = { status: 'pending', error: null, email: null };
 
   setTimeout(() => {
@@ -380,12 +444,13 @@ async function startGeminiOAuth(req) {
   return { authUrl, mode };
 }
 
-async function exchangeGeminiOAuthCode(code, state) {
+async function exchangeGeminiOAuthCode(code, stateParam) {
   if (!geminiOAuthPending) throw new Error('No pending OAuth flow. Please start authentication again.');
 
-  const { client, redirectUri, state: expectedState } = geminiOAuthPending;
+  const { client, redirectUri, state: expectedCsrf } = geminiOAuthPending;
+  const { csrfToken } = decodeOAuthState(stateParam);
 
-  if (state !== expectedState) {
+  if (csrfToken !== expectedCsrf) {
     geminiOAuthState = { status: 'error', error: 'State mismatch', email: null };
     geminiOAuthPending = null;
     throw new Error('State mismatch - possible CSRF attack.');
@@ -423,6 +488,23 @@ async function exchangeGeminiOAuthCode(code, state) {
 
 async function handleGeminiOAuthCallback(req, res) {
   const reqUrl = new URL(req.url, `http://localhost:${PORT}`);
+  const code = reqUrl.searchParams.get('code');
+  const state = reqUrl.searchParams.get('state');
+  const error = reqUrl.searchParams.get('error');
+  const errorDesc = reqUrl.searchParams.get('error_description');
+
+  if (error) {
+    const desc = errorDesc || error;
+    geminiOAuthState = { status: 'error', error: desc, email: null };
+    geminiOAuthPending = null;
+  }
+
+  const stateData = decodeOAuthState(state || '');
+  if (stateData.relayUrl) {
+    res.writeHead(200, { 'Content-Type': 'text/html' });
+    res.end(geminiOAuthRelayPage(code, state, errorDesc || error));
+    return;
+  }
 
   if (!geminiOAuthPending) {
     res.writeHead(200, { 'Content-Type': 'text/html' });
@@ -431,20 +513,8 @@ async function handleGeminiOAuthCallback(req, res) {
   }
 
   try {
-    const error = reqUrl.searchParams.get('error');
-    if (error) {
-      const desc = reqUrl.searchParams.get('error_description') || error;
-      geminiOAuthState = { status: 'error', error: desc, email: null };
-      geminiOAuthPending = null;
-      res.writeHead(200, { 'Content-Type': 'text/html' });
-      res.end(geminiOAuthResultPage('Authentication Failed', desc, false));
-      return;
-    }
-
-    const code = reqUrl.searchParams.get('code');
-    const state = reqUrl.searchParams.get('state');
+    if (error) throw new Error(errorDesc || error);
     const email = await exchangeGeminiOAuthCode(code, state);
-
     res.writeHead(200, { 'Content-Type': 'text/html' });
     res.end(geminiOAuthResultPage('Authentication Successful', email ? `Signed in as ${email}` : 'Gemini CLI credentials saved.', true));
   } catch (e) {
@@ -941,9 +1011,15 @@ const server = http.createServer(async (req, res) => {
       if (!sess) { sendJSON(req, res, 404, { error: 'Session not found' }); return; }
 
       const url = new URL(req.url, 'http://localhost');
+      const sinceSeq = parseInt(url.searchParams.get('sinceSeq') || '-1');
       const since = parseInt(url.searchParams.get('since') || '0');
 
-      const chunks = queries.getChunksSince(sessionId, since);
+      let chunks;
+      if (sinceSeq >= 0) {
+        chunks = queries.getChunksSinceSeq(sessionId, sinceSeq);
+      } else {
+        chunks = queries.getChunksSince(sessionId, since);
+      }
             sendJSON(req, res, 200, { ok: true, chunks });
       return;
     }
@@ -1159,6 +1235,24 @@ const server = http.createServer(async (req, res) => {
       return;
     }
 
+    if (pathOnly === '/api/gemini-oauth/relay' && req.method === 'POST') {
+      try {
+        const body = await parseBody(req);
+        const { code, state: stateParam } = body;
+        if (!code || !stateParam) {
+          sendJSON(req, res, 400, { error: 'Missing code or state' });
+          return;
+        }
+        const email = await exchangeGeminiOAuthCode(code, stateParam);
+        sendJSON(req, res, 200, { success: true, email });
+      } catch (e) {
+        geminiOAuthState = { status: 'error', error: e.message, email: null };
+        geminiOAuthPending = null;
+        sendJSON(req, res, 400, { error: e.message });
+      }
+      return;
+    }
+
     if (pathOnly === '/api/gemini-oauth/complete' && req.method === 'POST') {
       try {
         const body = await parseBody(req);
@@ -1711,6 +1805,7 @@ async function processMessageWithStreaming(conversationId, messageId, sessionId,
           conversationId,
           block: systemBlock,
           blockIndex: allBlocks.length,
+          seq: currentSequence,
           timestamp: Date.now()
         });
       } else if (parsed.type === 'assistant' && parsed.message?.content) {
@@ -1726,6 +1821,7 @@ async function processMessageWithStreaming(conversationId, messageId, sessionId,
             conversationId,
             block,
             blockIndex: allBlocks.length - 1,
+            seq: currentSequence,
             timestamp: Date.now()
           });
 
@@ -1752,6 +1848,7 @@ async function processMessageWithStreaming(conversationId, messageId, sessionId,
               conversationId,
               block: toolResultBlock,
               blockIndex: allBlocks.length,
+              seq: currentSequence,
               timestamp: Date.now()
             });
           }
@@ -1777,6 +1874,7 @@ async function processMessageWithStreaming(conversationId, messageId, sessionId,
           block: resultBlock,
           blockIndex: allBlocks.length,
           isResult: true,
+          seq: currentSequence,
           timestamp: Date.now()
         });
 
@@ -1827,6 +1925,7 @@ async function processMessageWithStreaming(conversationId, messageId, sessionId,
       sessionId,
       conversationId,
       eventCount,
+      seq: currentSequence,
       timestamp: Date.now()
     });
 
@@ -2066,9 +2165,13 @@ wss.on('connection', (ws, req) => {
           }));
         } else if (data.type === 'set_voice') {
           ws.ttsVoiceId = data.voiceId || 'default';
+        } else if (data.type === 'latency_report') {
+          ws.latencyTier = data.quality || 'good';
+          ws.latencyAvg = data.avg || 0;
         } else if (data.type === 'ping') {
           ws.send(JSON.stringify({
             type: 'pong',
+            requestId: data.requestId,
             timestamp: Date.now()
           }));
         }
@@ -2097,13 +2200,16 @@ wss.on('connection', (ws, req) => {
 const BROADCAST_TYPES = new Set([
   'message_created', 'conversation_created', 'conversation_updated',
   'conversations_updated', 'conversation_deleted', 'queue_status', 'queue_updated',
-  'streaming_start', 'streaming_complete', 'streaming_error',
   'rate_limit_hit', 'rate_limit_clear',
   'script_started', 'script_stopped', 'script_output'
 ]);
 
 const wsBatchQueues = new Map();
-const WS_BATCH_INTERVAL = 16;
+const BATCH_BY_TIER = { excellent: 16, good: 32, fair: 50, poor: 100, bad: 200 };
+
+function getBatchInterval(ws) {
+  return BATCH_BY_TIER[ws.latencyTier] || 32;
+}
 
 function flushWsBatch(ws) {
   const queue = wsBatchQueues.get(ws);
@@ -2124,7 +2230,7 @@ function sendToClient(ws, data) {
   if (!queue) { queue = { msgs: [], timer: null }; wsBatchQueues.set(ws, queue); }
   queue.msgs.push(data);
   if (!queue.timer) {
-    queue.timer = setTimeout(() => flushWsBatch(ws), WS_BATCH_INTERVAL);
+    queue.timer = setTimeout(() => flushWsBatch(ws), getBatchInterval(ws));
   }
 }
 

package/static/index.html

@@ -2213,6 +2213,85 @@
     }
 
     html.dark .event-streaming-complete { background: linear-gradient(135deg, #0a1f0f, #0f2b1a); }
+
+    @keyframes skeleton-pulse {
+      0%, 100% { opacity: 0.4; }
+      50% { opacity: 0.15; }
+    }
+    .skeleton-pulse { animation: skeleton-pulse 1.5s ease-in-out infinite; }
+    .skeleton-loading { padding: 1rem; }
+
+    .message-sending { opacity: 0.6; transition: opacity 0.3s ease; }
+    .message-send-failed { border-left: 3px solid var(--color-error); }
+
+    .connection-indicator {
+      display: inline-flex;
+      align-items: center;
+      gap: 0.375rem;
+      padding: 0.25rem 0.5rem;
+      border-radius: 1rem;
+      font-size: 0.75rem;
+      cursor: pointer;
+      transition: all 0.3s ease;
+    }
+    .connection-dot {
+      width: 8px;
+      height: 8px;
+      border-radius: 50%;
+      transition: background-color 0.5s ease;
+    }
+    .connection-dot.excellent { background: #10b981; }
+    .connection-dot.good { background: #10b981; }
+    .connection-dot.fair { background: #f59e0b; }
+    .connection-dot.poor { background: #f97316; }
+    .connection-dot.bad { background: #ef4444; }
+    .connection-dot.unknown { background: #6b7280; }
+    .connection-dot.disconnected { background: #ef4444; animation: pulse 1.5s ease-in-out infinite; }
+    .connection-dot.reconnecting { background: #f59e0b; animation: pulse 1s ease-in-out infinite; }
+
+    .connection-tooltip {
+      position: absolute;
+      top: 100%;
+      right: 0;
+      margin-top: 0.5rem;
+      padding: 0.75rem;
+      background: var(--color-bg-secondary);
+      border: 1px solid var(--color-border);
+      border-radius: 0.5rem;
+      font-size: 0.75rem;
+      white-space: nowrap;
+      z-index: 100;
+      box-shadow: 0 4px 12px rgba(0,0,0,0.15);
+    }
+
+    .new-content-pill {
+      position: sticky;
+      bottom: 0.5rem;
+      left: 50%;
+      transform: translateX(-50%);
+      padding: 0.375rem 1rem;
+      background: var(--color-primary);
+      color: white;
+      border: none;
+      border-radius: 1rem;
+      font-size: 0.8rem;
+      cursor: pointer;
+      z-index: 50;
+      box-shadow: 0 2px 8px rgba(0,0,0,0.2);
+      transition: opacity 0.2s ease;
+    }
+    .new-content-pill:hover { opacity: 0.9; }
+
+    @keyframes block-appear {
+      from { opacity: 0; transform: translateY(6px); }
+      to { opacity: 1; transform: translateY(0); }
+    }
+    .streaming-blocks > * {
+      animation: block-appear 0.2s ease-out both;
+    }
+    .streaming-blocks > details.block-tool-use {
+      transition: max-height 0.3s ease;
+    }
   </style>
 </head>
 <body>

package/static/js/agent-auth.js

@@ -130,46 +130,61 @@
 
   function closeDropdown() { dropdown.classList.remove('open'); editingProvider = null; }
 
-  var oauthPollInterval = null, oauthPollTimeout = null;
+  var oauthPollInterval = null, oauthPollTimeout = null, oauthFallbackTimer = null;
 
   function cleanupOAuthPolling() {
     if (oauthPollInterval) { clearInterval(oauthPollInterval); oauthPollInterval = null; }
     if (oauthPollTimeout) { clearTimeout(oauthPollTimeout); oauthPollTimeout = null; }
+    if (oauthFallbackTimer) { clearTimeout(oauthFallbackTimer); oauthFallbackTimer = null; }
   }
 
-  function showOAuthPasteModal() {
-    removeOAuthPasteModal();
+  function showOAuthWaitingModal() {
+    removeOAuthModal();
     var overlay = document.createElement('div');
-    overlay.id = 'oauthPasteModal';
+    overlay.id = 'oauthWaitingModal';
     overlay.style.cssText = 'position:fixed;inset:0;background:rgba(0,0,0,0.7);display:flex;align-items:center;justify-content:center;z-index:9999;';
-    var s = function(c) { return 'font-size:0.8rem;color:var(--color-text-secondary,#d1d5db);margin:0 0 ' + (c ? '0' : '0.5rem') + ';'; };
     overlay.innerHTML = '<div style="background:var(--color-bg-secondary,#1f2937);border-radius:1rem;padding:2rem;max-width:28rem;width:calc(100% - 2rem);box-shadow:0 25px 50px rgba(0,0,0,0.5);color:var(--color-text-primary,white);font-family:system-ui,sans-serif;" onclick="event.stopPropagation()">' +
       '<div style="display:flex;justify-content:space-between;align-items:center;margin-bottom:1rem;">' +
-      '<h2 style="font-size:1.125rem;font-weight:700;margin:0;">Complete Google Sign-In</h2>' +
-      '<button id="oauthPasteClose" style="background:none;border:none;color:var(--color-text-secondary,#9ca3af);font-size:1.5rem;cursor:pointer;padding:0;line-height:1;">\u00d7</button></div>' +
+      '<h2 style="font-size:1.125rem;font-weight:700;margin:0;">Google Sign-In</h2>' +
+      '<button id="oauthWaitingClose" style="background:none;border:none;color:var(--color-text-secondary,#9ca3af);font-size:1.5rem;cursor:pointer;padding:0;line-height:1;">\u00d7</button></div>' +
+      '<div id="oauthWaitingContent" style="text-align:center;padding:1.5rem 0;">' +
+      '<div style="font-size:2rem;margin-bottom:1rem;animation:pulse 2s infinite;">&#9203;</div>' +
+      '<p style="font-size:0.85rem;color:var(--color-text-secondary,#d1d5db);margin:0 0 0.5rem;">Waiting for Google sign-in to complete...</p>' +
+      '<p style="font-size:0.75rem;color:var(--color-text-secondary,#6b7280);margin:0;">Complete the sign-in in the tab that just opened.</p>' +
+      '<p style="font-size:0.75rem;color:var(--color-text-secondary,#6b7280);margin:0.25rem 0 0;">This dialog will close automatically when done.</p></div>' +
+      '<div id="oauthPasteFallback" style="display:none;">' +
       '<div style="margin-bottom:1rem;padding:1rem;background:var(--color-bg-tertiary,rgba(255,255,255,0.05));border-radius:0.5rem;">' +
-      '<p style="' + s() + '">1. A Google sign-in page has opened in a new tab.</p>' +
-      '<p style="' + s() + '">2. Complete the sign-in process with Google.</p>' +
-      '<p style="' + s() + '">3. After signing in, you will be redirected to a page that <span style="color:#facc15;font-weight:600;">may not load</span> (this is expected).</p>' +
-      '<p style="' + s(1) + '">4. Copy the <span style="color:white;font-weight:600;">entire URL</span> from the address bar and paste it below.</p></div>' +
-      '<label style="display:block;font-size:0.8rem;color:var(--color-text-secondary,#d1d5db);margin-bottom:0.5rem;">Paste the redirect URL here:</label>' +
+      '<p style="font-size:0.8rem;color:var(--color-text-secondary,#d1d5db);margin:0 0 0.5rem;">The automatic relay did not complete. This can happen when accessing the server remotely.</p>' +
+      '<p style="font-size:0.8rem;color:var(--color-text-secondary,#d1d5db);margin:0;">Copy the <span style="color:white;font-weight:600;">entire URL</span> from the sign-in tab and paste it below.</p></div>' +
       '<input type="text" id="oauthPasteInput" placeholder="http://localhost:3000/gm/oauth2callback?code=..." style="width:100%;box-sizing:border-box;padding:0.75rem 1rem;background:var(--color-bg-primary,#374151);border:1px solid var(--color-border,#4b5563);border-radius:0.5rem;color:var(--color-text-primary,white);font-size:0.8rem;font-family:monospace;outline:none;" />' +
-      '<p id="oauthPasteError" style="font-size:0.75rem;color:#ef4444;margin:0.5rem 0 0;display:none;"></p>' +
+      '<p id="oauthPasteError" style="font-size:0.75rem;color:#ef4444;margin:0.5rem 0 0;display:none;"></p></div>' +
       '<div style="display:flex;gap:0.75rem;margin-top:1.25rem;">' +
-      '<button id="oauthPasteCancel" style="flex:1;padding:0.625rem;border-radius:0.5rem;border:1px solid var(--color-border,#4b5563);background:transparent;color:var(--color-text-primary,white);font-size:0.8rem;cursor:pointer;font-weight:600;">Cancel</button>' +
-      '<button id="oauthPasteSubmit" style="flex:1;padding:0.625rem;border-radius:0.5rem;border:none;background:var(--color-primary,#3b82f6);color:white;font-size:0.8rem;cursor:pointer;font-weight:600;">Complete Sign-In</button></div>' +
-      '<p style="font-size:0.7rem;color:var(--color-text-secondary,#6b7280);margin-top:1rem;text-align:center;">If the redirect page loaded successfully, this dialog will close automatically.</p></div>';
+      '<button id="oauthWaitingCancel" style="flex:1;padding:0.625rem;border-radius:0.5rem;border:1px solid var(--color-border,#4b5563);background:transparent;color:var(--color-text-primary,white);font-size:0.8rem;cursor:pointer;font-weight:600;">Cancel</button>' +
+      '<button id="oauthPasteSubmit" style="flex:1;padding:0.625rem;border-radius:0.5rem;border:none;background:var(--color-primary,#3b82f6);color:white;font-size:0.8rem;cursor:pointer;font-weight:600;display:none;">Complete Sign-In</button></div>' +
+      '<style>@keyframes pulse{0%,100%{opacity:1}50%{opacity:0.5}}</style></div>';
     document.body.appendChild(overlay);
-    var dismiss = function() { cleanupOAuthPolling(); authRunning = false; removeOAuthPasteModal(); };
-    document.getElementById('oauthPasteClose').addEventListener('click', dismiss);
-    document.getElementById('oauthPasteCancel').addEventListener('click', dismiss);
+    var dismiss = function() { cleanupOAuthPolling(); authRunning = false; removeOAuthModal(); };
+    document.getElementById('oauthWaitingClose').addEventListener('click', dismiss);
+    document.getElementById('oauthWaitingCancel').addEventListener('click', dismiss);
     document.getElementById('oauthPasteSubmit').addEventListener('click', submitOAuthPasteUrl);
-    document.getElementById('oauthPasteInput').addEventListener('keydown', function(e) { if (e.key === 'Enter') submitOAuthPasteUrl(); });
-    setTimeout(function() { var i = document.getElementById('oauthPasteInput'); if (i) i.focus(); }, 100);
   }
 
-  function removeOAuthPasteModal() {
-    var el = document.getElementById('oauthPasteModal');
+  function showOAuthPasteFallback() {
+    var fallback = document.getElementById('oauthPasteFallback');
+    var waitContent = document.getElementById('oauthWaitingContent');
+    var submitBtn = document.getElementById('oauthPasteSubmit');
+    if (fallback) fallback.style.display = 'block';
+    if (waitContent) waitContent.style.display = 'none';
+    if (submitBtn) submitBtn.style.display = 'block';
+    var input = document.getElementById('oauthPasteInput');
+    if (input) {
+      input.addEventListener('keydown', function(e) { if (e.key === 'Enter') submitOAuthPasteUrl(); });
+      setTimeout(function() { input.focus(); }, 100);
+    }
+  }
+
+  function removeOAuthModal() {
+    var el = document.getElementById('oauthWaitingModal');
     if (el) el.remove();
   }
 
@@ -193,7 +208,7 @@
       if (data.success) {
         cleanupOAuthPolling();
         authRunning = false;
-        removeOAuthPasteModal();
+        removeOAuthModal();
         refresh();
       } else {
         if (errorEl) { errorEl.textContent = data.error || 'Failed to complete authentication.'; errorEl.style.display = 'block'; }
@@ -217,26 +232,28 @@
         if (data.authUrl) {
           window.open(data.authUrl, '_blank');
           if (agentId === 'gemini') {
-            var needsPaste = data.mode === 'cli-remote';
-            if (needsPaste) showOAuthPasteModal();
+            showOAuthWaitingModal();
             cleanupOAuthPolling();
             oauthPollInterval = setInterval(function() {
               fetch(BASE + '/api/gemini-oauth/status').then(function(r) { return r.json(); }).then(function(status) {
                 if (status.status === 'success') {
                   cleanupOAuthPolling();
                   authRunning = false;
-                  removeOAuthPasteModal();
+                  removeOAuthModal();
                   refresh();
                 } else if (status.status === 'error') {
                   cleanupOAuthPolling();
                   authRunning = false;
-                  removeOAuthPasteModal();
+                  removeOAuthModal();
                 }
               }).catch(function() {});
             }, 1500);
+            oauthFallbackTimer = setTimeout(function() {
+              if (authRunning) showOAuthPasteFallback();
+            }, 30000);
             oauthPollTimeout = setTimeout(function() {
               cleanupOAuthPolling();
-              if (authRunning) { authRunning = false; removeOAuthPasteModal(); }
+              if (authRunning) { authRunning = false; removeOAuthModal(); }
             }, 5 * 60 * 1000);
           }
         }
@@ -257,7 +274,7 @@
       if (term) term.write(data.data);
     } else if (data.type === 'script_stopped') {
       authRunning = false;
-      removeOAuthPasteModal();
+      removeOAuthModal();
       cleanupOAuthPolling();
       var term = getTerminal();
       var msg = data.error ? data.error : ('exited with code ' + (data.code || 0));