npm - agentgui - Versions diffs - 1.0.702 → 1.0.703 - Mend

agentgui 1.0.702 → 1.0.703

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/CLAUDE.md +27 -0
package/lib/ws-handlers-util.js +33 -18
package/package.json +1 -1
package/server.js +344 -144
package/static/js/agent-auth.js +0 -106
package/static/js/client.js +0 -7
package/acp-queries.js +0 -182
package/static/js/codec.js +0 -2
package/static/js/sync-debug.js +0 -146
package/test-cli-detection.mjs +0 -37
package/test-fixes.mjs +0 -103
package/test-thread-steering.mjs +0 -100

package/CLAUDE.md CHANGED Viewed

@@ -82,6 +82,7 @@ XState v5 machines provide formal state tracking alongside (not replacing) the e
 - `BASE_URL` - URL prefix (default: /gm)
 - `STARTUP_CWD` - Working directory passed to agents
 - `HOT_RELOAD` - Set to "false" to disable watch mode
+- `CODEX_HOME` - Override Codex CLI home directory (default: `~/.codex`)
 ## ACP Tool Lifecycle
@@ -123,6 +124,11 @@ All routes are prefixed with `BASE_URL` (default `/gm`).
 - `GET /api/tools/:id/history` - Get tool install/update history (query: limit, offset)
 - `POST /api/tools/update` - Batch update all tools with available updates
 - `POST /api/tools/refresh-all` - Refresh all tool statuses from package manager
+- `POST /api/codex-oauth/start` - Start Codex CLI OAuth flow (returns `{ authUrl, mode }`)
+- `GET /api/codex-oauth/status` - Get current Codex OAuth state `{ status, email, error }`
+- `POST /api/codex-oauth/relay` - Relay OAuth code+state from remote browser (body: `{ code, state }`)
+- `POST /api/codex-oauth/complete` - Complete OAuth by pasting redirect URL (body: `{ url }`)
+- `GET /codex-oauth2callback` - OAuth callback endpoint (redirect_uri for local flows)
 ## Tool Update System
@@ -286,6 +292,27 @@ Speech models (~470MB total) are downloaded automatically on server startup. No
 - **Client init:** `loadAgents()`, `loadConversations()`, `checkSpeechStatus()` run in parallel via `Promise.all()`.
 - **`perMessageDeflate: false`** on WebSocket server — msgpack binary doesn't compress well, and zlib was blocking the event loop on every streaming_progress send.
+## Codex CLI OAuth
+OpenAI Codex CLI uses PKCE authorization code flow against `https://auth.openai.com`.
+**Flow:**
+1. `POST /api/codex-oauth/start` generates PKCE (SHA-256 S256 challenge), CSRF state, returns `authUrl`
+2. User opens `authUrl` in browser and authenticates via OpenAI/ChatGPT
+3. **Local**: Browser redirects to `http://localhost:1455/auth/callback` — but since agentgui's server is on a different port, the redirect goes to `GET /codex-oauth2callback` (agentgui intercepts via matching route). Token exchange happens server-side.
+4. **Remote**: Redirect goes to `/codex-oauth2callback` which serves a relay page. Relay POSTs `{ code, state }` to `/api/codex-oauth/relay`. Token exchange happens on the server.
+5. Tokens saved to `$CODEX_HOME/auth.json` (default: `~/.codex/auth.json`) as `{ auth_mode: "chatgpt", tokens: { id_token, access_token, refresh_token }, last_refresh }`
+**Constants (in server.js):**
+- Issuer: `https://auth.openai.com`
+- Client ID: `app_EMoamEEZ73f0CkXaXp7hrann`
+- Scopes: `openid profile email offline_access api.connectors.read api.connectors.invoke`
+- Redirect URI (local): `http://localhost:1455/auth/callback` (actual callback goes to agentgui's `/codex-oauth2callback`)
+**WebSocket handlers** (in `lib/ws-handlers-util.js`): `codex.start`, `codex.status`, `codex.relay`, `codex.complete`
+**Agent auth**: `POST /api/agents/codex/auth` starts OAuth flow same as Gemini — broadcasts `script_started`/`script_output`/`script_stopped` events as OAuth progresses.
 ## ACP SDK Integration
 - **@agentclientprotocol/sdk** (`^0.4.1`) added to dependencies

package/lib/ws-handlers-util.js CHANGED Viewed

@@ -9,7 +9,7 @@ export function register(router, deps) {
   const { queries, wsOptimizer, modelDownloadState, ensureModelsDownloaded,
     broadcastSync, getSpeech, getProviderConfigs, saveProviderConfig,
     startGeminiOAuth, exchangeGeminiOAuthCode, geminiOAuthState,
-    startCodexDeviceAuth, codexDeviceAuthState,
+    startCodexOAuth, exchangeCodexOAuthCode, codexOAuthState,
     STARTUP_CWD, activeScripts, voiceCacheManager, toolManager, discoveredAgents } = deps;
   router.handle('home', () => ({ home: os.homedir(), cwd: STARTUP_CWD }));
@@ -158,31 +158,46 @@ export function register(router, deps) {
     } catch (e) { err(400, e.message); }
   });
+  router.handle('gemini.complete', async (p) => {
+    const pastedUrl = (p.url || '').trim();
+    if (!pastedUrl) err(400, 'No URL provided');
+    let parsed;
+    try { parsed = new URL(pastedUrl); } catch { err(400, 'Invalid URL. Paste the full URL from the browser address bar.'); }
+    const urlError = parsed.searchParams.get('error');
+    if (urlError) {
+      const desc = parsed.searchParams.get('error_description') || urlError;
+      return { error: desc };
+    }
+    const code = parsed.searchParams.get('code');
+    const state = parsed.searchParams.get('state');
+    try {
+      const email = await exchangeGeminiOAuthCode(code, state);
+      return { success: true, email };
+    } catch (e) { err(400, e.message); }
+  });
   router.handle('codex.start', async () => {
     try {
-      const result = startCodexDeviceAuth();
-      const st = typeof codexDeviceAuthState === 'function' ? codexDeviceAuthState() : codexDeviceAuthState;
-      if (result.alreadyAuthenticated) return { status: 'success', authenticated: true };
-      const waitForCode = () => new Promise((resolve) => {
-        let tries = 12;
-        const poll = () => {
-          const state = typeof codexDeviceAuthState === 'function' ? codexDeviceAuthState() : codexDeviceAuthState;
-          if (state.authUrl || tries-- <= 0) resolve(state);
-          else setTimeout(poll, 400);
-        };
-        poll();
-      });
-      const state = await waitForCode();
-      return { status: state.status, authUrl: state.authUrl, userCode: state.userCode };
+      const result = await startCodexOAuth();
+      return { authUrl: result.authUrl, mode: result.mode };
     } catch (e) { err(500, e.message); }
   });
   router.handle('codex.status', () => {
-    const st = typeof codexDeviceAuthState === 'function' ? codexDeviceAuthState() : codexDeviceAuthState;
+    const st = typeof codexOAuthState === 'function' ? codexOAuthState() : codexOAuthState;
     return st;
   });
-  router.handle('gemini.complete', async (p) => {
+  router.handle('codex.relay', async (p) => {
+    const { code, state } = p;
+    if (!code || !state) err(400, 'Missing code or state');
+    try {
+      const email = await exchangeCodexOAuthCode(code, state);
+      return { success: true, email };
+    } catch (e) { err(400, e.message); }
+  });
+  router.handle('codex.complete', async (p) => {
     const pastedUrl = (p.url || '').trim();
     if (!pastedUrl) err(400, 'No URL provided');
     let parsed;
@@ -195,7 +210,7 @@ export function register(router, deps) {
     const code = parsed.searchParams.get('code');
     const state = parsed.searchParams.get('state');
     try {
-      const email = await exchangeGeminiOAuthCode(code, state);
+      const email = await exchangeCodexOAuthCode(code, state);
       return { success: true, email };
     } catch (e) { err(400, e.message); }
   });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "agentgui",
-  "version": "1.0.702",
+  "version": "1.0.703",
   "description": "Multi-agent ACP client with real-time communication",
   "type": "module",
   "main": "server.js",