agentgui 1.0.917 → 1.0.919

package/test.js

@@ -7,12 +7,9 @@ import { createQueries } from './lib/db-queries.js';
 import { encode, decode } from './lib/codec.js';
 import { WsRouter } from './lib/ws-protocol.js';
 import { WSOptimizer } from './lib/ws-optimizer.js';
-import * as tim from './lib/tool-install-machine.js';
 import * as exm from './lib/execution-machine.js';
 import * as asm from './lib/acp-server-machine.js';
 import { maskKey, buildSystemPrompt } from './lib/provider-config.js';
-import { buildBaseUrl, isRemoteRequest, encodeOAuthState, decodeOAuthState } from './lib/oauth-common.js';
-import { compareVersions } from './lib/tool-version-check.js';
 import { initializeDescriptors, getAgentDescriptor } from './lib/agent-descriptors.js';
 import { createACPProtocolHandler } from './lib/acp-protocol.js';
 import { sendJSON, compressAndSend, acceptsEncoding } from './lib/http-utils.js';
@@ -87,8 +84,7 @@ await ok('WsRouter: dispatch + 404 + error + legacy', async () => {
   assert.deepEqual(replies[0], { r: 1, d: { pong: 7 } });
   assert.equal(replies[1].e.c, 404); assert.equal(replies[2].e.c, 422); assert.equal(legacy.type, 'subscribe');
 });
-await ok('machines: tool-install + execution + acp-server lifecycle', () => {
-  assert.ok(tim.getMachineActors() instanceof Map);
+await ok('machines: execution + acp-server lifecycle', () => {
   assert.equal(exm.snapshot('nonexistent-conv-id'), null);
   assert.equal(asm.getOrCreate('test-tool').getSnapshot().value, 'stopped');
   asm.send('test-tool', { type: 'START', pid: 123 });
@@ -122,22 +118,6 @@ await ok('provider-config: maskKey + buildSystemPrompt', () => {
   assert.equal(buildSystemPrompt('opencode', 'sonnet'), 'Use opencode subagent for all tasks. Model: sonnet.');
   assert.equal(buildSystemPrompt('foo-·-bar', null, 'sub'), 'Use foo subagent for all tasks. Subagent: sub.');
 });
-await ok('oauth-common: state codec + url helpers', () => {
-  const dec = decodeOAuthState(encodeOAuthState('csrf-tok', 'https://relay.test/cb'));
-  assert.equal(dec.csrfToken, 'csrf-tok'); assert.equal(dec.relayUrl, 'https://relay.test/cb');
-  const fb = decodeOAuthState('not-base64-json');
-  assert.equal(fb.csrfToken, 'not-base64-json'); assert.equal(fb.relayUrl, null);
-  const reqRemote = { headers: { 'x-forwarded-host': 'a.com', 'x-forwarded-proto': 'https' }, socket: {} };
-  assert.equal(buildBaseUrl(reqRemote, 3000), 'https://a.com'); assert.equal(isRemoteRequest(reqRemote), true);
-  assert.equal(buildBaseUrl({ headers: {}, socket: {} }, 3000), 'http://127.0.0.1:3000');
-  assert.equal(isRemoteRequest({ headers: {} }), false);
-});
-await ok('tool-version-check: compareVersions', () => {
-  assert.equal(compareVersions('1.0.0', '1.0.1'), true); assert.equal(compareVersions('1.0.1', '1.0.0'), false);
-  assert.equal(compareVersions('1.0.0', '1.0.0'), false); assert.equal(compareVersions('1.2', '1.2.1'), true);
-  assert.equal(compareVersions('2.0.0', '1.99.99'), false);
-  assert.equal(compareVersions(null, '1.0.0'), false); assert.equal(compareVersions('1.0.0', null), false);
-});
 await ok('agent-descriptors: initialize + cache', () => {
   assert.equal(initializeDescriptors([{ id: 'claude-code', name: 'Claude Code', path: '/x' }]), 1);
   const d = getAgentDescriptor('claude-code');

package/ecosystem.config.cjs

@@ -1,22 +0,0 @@
-module.exports = {
-  apps: [{
-    name: 'agentgui',
-    script: 'server.js',
-    interpreter: 'node',
-    interpreter_args: '--experimental-vm-modules',
-    watch: false,
-    env: {
-      NODE_ENV: 'development',
-      PORT: '3000',
-      HOT_RELOAD: 'false'
-    },
-    max_memory_restart: '512M',
-    restart_delay: 2000,
-    max_restarts: 10,
-    exp_backoff_restart_delay: 100,
-    error_file: '~/.gmgui/logs/err.log',
-    out_file: '~/.gmgui/logs/out.log',
-    merge_logs: true,
-    time: true
-  }]
-};

package/lib/checkpoint-manager.js

@@ -1,182 +0,0 @@
-/**
- * Checkpoint Manager
- * Handles session recovery by loading checkpoints and injecting into resume flow
- * Ensures idempotency and prevents duplicate event replay
- */
-
-class CheckpointManager {
-  constructor(queries) {
-    this.queries = queries;
-    this._injectedSessions = new Set(); // Track which sessions already had checkpoints injected
-    this._pendingCheckpoints = new Map(); // Store checkpoints to inject on subscribe: { conversationId -> checkpoint }
-  }
-
-  /**
-   * Load checkpoint for a session (all events + chunks from previous session)
-   * Used when resuming after interruption
-   */
-  loadCheckpoint(previousSessionId) {
-    if (!previousSessionId) return null;
-
-    try {
-      const session = this.queries.getSession(previousSessionId);
-      if (!session) return null;
-
-      const events = this.queries.getSessionEvents(previousSessionId);
-      const chunks = this.queries.getChunksSinceSeq(previousSessionId, -1);
-
-      return {
-        sessionId: previousSessionId,
-        conversationId: session.conversationId,
-        events: events || [],
-        chunks: chunks || [],
-        lastSequence: chunks.length > 0 ? Math.max(...chunks.map(c => c.sequence)) : -1
-      };
-    } catch (e) {
-      console.error(`[checkpoint] Failed to load checkpoint for session ${previousSessionId}:`, e.message);
-      return null;
-    }
-  }
-
-  /**
-   * Inject checkpoint events into the new session
-   * Marks them with resumeOrigin to prevent replay
-   * Returns the next sequence number to use
-   */
-  injectCheckpointEvents(newSessionId, checkpoint, broadcastFn) {
-    if (!checkpoint || !checkpoint.events || checkpoint.events.length === 0) {
-      return -1;
-    }
-
-    // Prevent double-injection for same session
-    const injectionKey = `${newSessionId}:checkpoint`;
-    if (this._injectedSessions.has(injectionKey)) {
-      console.log(`[checkpoint] Session ${newSessionId} already had checkpoint injected, skipping`);
-      return checkpoint.lastSequence;
-    }
-
-    let sequenceStart = checkpoint.lastSequence + 1;
-
-    try {
-      // Broadcast each checkpoint event as if it's arriving now
-      for (const evt of checkpoint.events) {
-        // Skip internal session management events
-        if (evt.type === 'session.created') continue;
-
-        // Re-broadcast with resume markers
-        broadcastFn({
-          ...evt,
-          resumeOrigin: 'checkpoint',
-          originalSessionId: checkpoint.sessionId,
-          newSessionId: newSessionId,
-          timestamp: Date.now()
-        });
-      }
-
-      // Mark this session as having been injected
-      this._injectedSessions.add(injectionKey);
-
-      console.log(
-        `[checkpoint] Injected ${checkpoint.events.length} events from session ` +
-        `${checkpoint.sessionId} into new session ${newSessionId}`
-      );
-
-      return sequenceStart;
-    } catch (e) {
-      console.error(`[checkpoint] Failed to inject checkpoint events:`, e.message);
-      return checkpoint.lastSequence;
-    }
-  }
-
-  /**
-   * Copy checkpoint chunks to new session with modified sequence
-   * Ensures chunks are marked as injected to distinguish from new streaming
-   */
-  copyCheckpointChunks(oldSessionId, newSessionId, startSequence = 0) {
-    try {
-      const chunks = this.queries.getChunksSinceSeq(oldSessionId, -1);
-      if (!chunks || chunks.length === 0) return 0;
-
-      let copiedCount = 0;
-
-      for (let i = 0; i < chunks.length; i++) {
-        const chunk = chunks[i];
-        const newSequence = startSequence + i;
-
-        try {
-          this.queries.createChunk(
-            newSessionId,
-            chunk.conversationId,
-            newSequence,
-            chunk.type,
-            { ...chunk.data, resumeOrigin: 'checkpoint' }
-          );
-          copiedCount++;
-        } catch (e) {
-          console.error(`[checkpoint] Failed to copy chunk ${i}:`, e.message);
-        }
-      }
-
-      console.log(`[checkpoint] Copied ${copiedCount} chunks from ${oldSessionId} to ${newSessionId}`);
-      return startSequence + copiedCount;
-    } catch (e) {
-      console.error(`[checkpoint] Failed to copy checkpoint chunks:`, e.message);
-      return startSequence;
-    }
-  }
-
-  /**
-   * Clean up: mark previous session as properly resumed
-   * Prevents re-resuming the same interrupted session multiple times
-   */
-  markSessionResumed(previousSessionId) {
-    try {
-      this.queries.updateSession(previousSessionId, {
-        status: 'resumed',
-        completed_at: Date.now()
-      });
-      console.log(`[checkpoint] Marked session ${previousSessionId} as resumed`);
-    } catch (e) {
-      console.error(`[checkpoint] Failed to mark session as resumed:`, e.message);
-    }
-  }
-
-  /**
-   * Clear injected sessions cache (call on server restart)
-   */
-  reset() {
-    this._injectedSessions.clear();
-  }
-
-  /**
-   * Store a checkpoint to be injected when client subscribes
-   * (Used during server startup when no clients are connected yet)
-   */
-  storeCheckpointForDelay(conversationId, checkpoint) {
-    if (checkpoint && checkpoint.events && checkpoint.events.length > 0) {
-      this._pendingCheckpoints.set(conversationId, checkpoint);
-      console.log(`[checkpoint] Stored checkpoint for ${conversationId} to inject on subscribe (${checkpoint.events.length} events, ${checkpoint.chunks.length} chunks)`);
-    }
-  }
-
-  /**
-   * Get and remove a pending checkpoint (called when client subscribes)
-   */
-  getPendingCheckpoint(conversationId) {
-    const checkpoint = this._pendingCheckpoints.get(conversationId);
-    if (checkpoint) {
-      this._pendingCheckpoints.delete(conversationId);
-      console.log(`[checkpoint] Retrieved pending checkpoint for ${conversationId}`);
-    }
-    return checkpoint;
-  }
-
-  /**
-   * Check if there's a pending checkpoint for a conversation
-   */
-  hasPendingCheckpoint(conversationId) {
-    return this._pendingCheckpoints.has(conversationId);
-  }
-}
-
-export default CheckpointManager;

package/lib/db-queries-tools.js

@@ -1,131 +0,0 @@
-export function addToolQueries(q, db, prep, generateId) {
-  q.initializeToolInstallations = function(tools) {
-    const now = Date.now();
-    for (const tool of tools) {
-      const stmt = prep(`
-        INSERT OR IGNORE INTO tool_installations
-        (id, tool_id, status, created_at, updated_at)
-        VALUES (?, ?, ?, ?, ?)
-      `);
-      stmt.run(generateId('tinst'), tool.id, 'not_installed', now, now);
-    }
-  };
-
-  q.getToolStatus = function(toolId) {
-    const stmt = prep(`
-      SELECT id, tool_id, version, installed_at, status, last_check_at,
-             error_message, update_available, latest_version, created_at, updated_at
-      FROM tool_installations
-      WHERE tool_id = ?
-    `);
-    return stmt.get(toolId) || null;
-  };
-
-  q.getAllToolStatuses = function() {
-    const stmt = prep(`
-      SELECT id, tool_id, version, installed_at, status, last_check_at,
-             error_message, update_available, latest_version, created_at, updated_at
-      FROM tool_installations
-      ORDER BY tool_id
-    `);
-    return stmt.all();
-  };
-
-  q.insertToolInstallation = function(toolId, data) {
-    const now = Date.now();
-    const stmt = prep(`
-      INSERT OR IGNORE INTO tool_installations
-      (id, tool_id, version, installed_at, status, last_check_at, error_message, update_available, latest_version, created_at, updated_at)
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-    `);
-    stmt.run(
-      generateId('ti'),
-      toolId,
-      data.version || null,
-      data.installed_at || null,
-      data.status || 'not_installed',
-      now,
-      data.error_message || null,
-      0,
-      null,
-      now,
-      now
-    );
-  };
-
-  q.updateToolStatus = function(toolId, data) {
-    const now = Date.now();
-    const stmt = prep(`
-      UPDATE tool_installations
-      SET version = ?, installed_at = ?, status = ?, last_check_at = ?,
-          error_message = ?, update_available = ?, latest_version = ?, updated_at = ?
-      WHERE tool_id = ?
-    `);
-    stmt.run(
-      data.version || null,
-      data.installed_at || null,
-      data.status || 'not_installed',
-      data.last_check_at || now,
-      data.error_message || null,
-      data.update_available ? 1 : 0,
-      data.latest_version || null,
-      now,
-      toolId
-    );
-  };
-
-  q.addToolInstallHistory = function(toolId, action, status, error) {
-    const now = Date.now();
-    // Ensure the parent tool_installations row exists before inserting history
-    // (handles tools added after the DB was first initialized)
-    prep(`INSERT OR IGNORE INTO tool_installations (id, tool_id, status, created_at, updated_at) VALUES (?, ?, ?, ?, ?)`)
-      .run(generateId('tinst'), toolId, 'not_installed', now, now);
-    const stmt = prep(`
-      INSERT INTO tool_install_history
-      (id, tool_id, action, started_at, completed_at, status, error_message, created_at)
-      VALUES (?, ?, ?, ?, ?, ?, ?, ?)
-    `);
-    stmt.run(generateId('thist'), toolId, action, now, now, status, error || null, now);
-  };
-
-  q.getToolInstallHistory = function(toolId, limit = 20, offset = 0) {
-    const stmt = prep(`
-      SELECT id, tool_id, action, started_at, completed_at, status, error_message, created_at
-      FROM tool_install_history
-      WHERE tool_id = ?
-      ORDER BY created_at DESC
-      LIMIT ? OFFSET ?
-    `);
-    return stmt.all(toolId, limit, offset);
-  };
-
-  q.pruneToolInstallHistory = function(toolId, keepCount = 100) {
-    const stmt = prep(`
-      DELETE FROM tool_install_history
-      WHERE tool_id = ? AND id NOT IN (
-        SELECT id FROM tool_install_history
-        WHERE tool_id = ?
-        ORDER BY created_at DESC
-        LIMIT ?
-      )
-    `);
-    return stmt.run(toolId, toolId, keepCount).changes;
-  };
-
-  q.searchMessages = function(query, limit = 50) {
-    try {
-      const sanitized = '"' + query.replace(/"/g, '""') + '"';
-      const stmt = prep(`
-        SELECT m.id, m.conversationId, m.role, m.content, m.created_at,
-               c.title as conversationTitle, c.agentType
-        FROM messages_fts fts
-        JOIN messages m ON m.rowid = fts.rowid
-        JOIN conversations c ON c.id = m.conversationId
-        WHERE messages_fts MATCH ?
-        ORDER BY m.created_at DESC LIMIT ?
-      `);
-      return stmt.all(sanitized, limit);
-    } catch (_) { return []; }
-  };
-
-}

package/lib/db-queries-voice.js

@@ -1,85 +0,0 @@
-export function addVoiceQueries(q, db, prep, generateId) {
-  q.getDownloadsByStatus = function(status) {
-    const stmt = prep('SELECT * FROM  WHERE status = ? ORDER BY started_at DESC');
-    return stmt.all(status);
-  };
-
-  q.updateDownloadResume = function(downloadId, currentSize, attempts, lastAttempt, status) {
-    const stmt = prep(`
-      UPDATE
-      SET downloaded_bytes = ?, attempts = ?, lastAttempt = ?, status = ?
-      WHERE id = ?
-    `);
-    stmt.run(currentSize, attempts, lastAttempt, status, downloadId);
-  };
-
-  q.updateDownloadHash = function(downloadId, hash) {
-    const stmt = prep('UPDATE  SET hash = ? WHERE id = ?');
-    stmt.run(hash, downloadId);
-  };
-
-  q.markDownloadResuming = function(downloadId) {
-    const stmt = prep('UPDATE  SET status = ?, lastAttempt = ? WHERE id = ?');
-    stmt.run('resuming', Date.now(), downloadId);
-  };
-
-  q.markDownloadPaused = function(downloadId, errorMessage) {
-    const stmt = prep('UPDATE  SET status = ?, error_message = ?, lastAttempt = ? WHERE id = ?');
-    stmt.run('paused', errorMessage, Date.now(), downloadId);
-  };
-
-  q.saveVoiceCache = function(conversationId, text, audioBlob, ttlMs = 3600000) {
-    const id = generateId('vcache');
-    const now = Date.now();
-    const expiresAt = now + ttlMs;
-    const byteSize = audioBlob ? Buffer.byteLength(audioBlob) : 0;
-    const stmt = prep(`
-      INSERT INTO voice_cache (id, conversationId, text, audioBlob, byteSize, created_at, expires_at)
-      VALUES (?, ?, ?, ?, ?, ?, ?)
-    `);
-    stmt.run(id, conversationId, text, audioBlob || null, byteSize, now, expiresAt);
-    return { id, conversationId, text, byteSize, created_at: now, expires_at: expiresAt };
-  };
-
-  q.getVoiceCache = function(conversationId, text) {
-    const now = Date.now();
-    const stmt = prep(`
-      SELECT id, conversationId, text, audioBlob, byteSize, created_at, expires_at
-      FROM voice_cache
-      WHERE conversationId = ? AND text = ? AND expires_at > ?
-      LIMIT 1
-    `);
-    return stmt.get(conversationId, text, now) || null;
-  };
-
-  q.cleanExpiredVoiceCache = function() {
-    const now = Date.now();
-    const stmt = prep('DELETE FROM voice_cache WHERE expires_at <= ?');
-    return stmt.run(now).changes;
-  };
-
-  q.getVoiceCacheSize = function(conversationId) {
-    const now = Date.now();
-    const stmt = prep(`
-      SELECT COALESCE(SUM(byteSize), 0) as totalSize
-      FROM voice_cache
-      WHERE conversationId = ? AND expires_at > ?
-    `);
-    return stmt.get(conversationId, now).totalSize || 0;
-  };
-
-  q.deleteOldestVoiceCache = function(conversationId, neededBytes) {
-    const stmt = prep(`
-      SELECT id FROM voice_cache
-      WHERE conversationId = ?
-      ORDER BY created_at ASC
-      LIMIT (SELECT COUNT(*) FROM voice_cache WHERE conversationId = ? AND byteSize > ?)
-    `);
-    const oldest = stmt.all(conversationId, conversationId, neededBytes);
-    const deleteStmt = prep('DELETE FROM voice_cache WHERE id = ?');
-    for (const row of oldest) {
-      deleteStmt.run(row.id);
-    }
-    return oldest.length;
-  };
-}

package/lib/oauth-codex.js

@@ -1,164 +0,0 @@
-import fs from 'fs';
-import path from 'path';
-import os from 'os';
-import crypto from 'crypto';
-import { buildBaseUrl, isRemoteRequest, encodeOAuthState, decodeOAuthState, oauthResultPage, oauthRelayPage } from './oauth-common.js';
-
-const CODEX_HOME = process.env.CODEX_HOME || path.join(os.homedir(), '.codex');
-const CODEX_AUTH_FILE = path.join(CODEX_HOME, 'auth.json');
-const CODEX_OAUTH_ISSUER = 'https://auth.openai.com';
-const CODEX_CLIENT_ID = 'app_EMoamEEZ73f0CkXaXp7hrann';
-const CODEX_SCOPES = 'openid profile email offline_access api.connectors.read api.connectors.invoke';
-const CODEX_OAUTH_PORT = 1455;
-
-let codexOAuthState = { status: 'idle', error: null, email: null };
-let codexOAuthPending = null;
-
-function generatePkce() {
-  const verifierBytes = crypto.randomBytes(64);
-  const codeVerifier = verifierBytes.toString('base64url');
-  const challengeBytes = crypto.createHash('sha256').update(codeVerifier).digest();
-  const codeChallenge = challengeBytes.toString('base64url');
-  return { codeVerifier, codeChallenge };
-}
-
-function parseJwtEmail(jwt) {
-  try {
-    const parts = jwt.split('.');
-    if (parts.length < 2) return '';
-    const payload = JSON.parse(Buffer.from(parts[1], 'base64url').toString());
-    return payload.email || payload['https://api.openai.com/profile']?.email || '';
-  } catch (_) { return ''; }
-}
-
-function saveCodexCredentials(tokens) {
-  if (!fs.existsSync(CODEX_HOME)) fs.mkdirSync(CODEX_HOME, { recursive: true });
-  const auth = { auth_mode: 'chatgpt', tokens, last_refresh: new Date().toISOString() };
-  fs.writeFileSync(CODEX_AUTH_FILE, JSON.stringify(auth, null, 2), { mode: 0o600 });
-  try { fs.chmodSync(CODEX_AUTH_FILE, 0o600); } catch (_) {}
-}
-
-export function getCodexOAuthStatus() {
-  try {
-    if (fs.existsSync(CODEX_AUTH_FILE)) {
-      const auth = JSON.parse(fs.readFileSync(CODEX_AUTH_FILE, 'utf8'));
-      if (auth.tokens?.access_token || auth.tokens?.refresh_token) {
-        const email = parseJwtEmail(auth.tokens?.id_token || '') || '';
-        return { hasKey: true, apiKey: email || '****oauth', defaultModel: '', path: CODEX_AUTH_FILE, authMethod: 'oauth' };
-      }
-    }
-  } catch (_) {}
-  return null;
-}
-
-export async function startCodexOAuth(req, { PORT, BASE_URL }) {
-  const remote = isRemoteRequest(req);
-  const redirectUri = remote
-    ? `${buildBaseUrl(req, PORT)}${BASE_URL}/codex-oauth2callback`
-    : `http://localhost:${CODEX_OAUTH_PORT}/auth/callback`;
-  const pkce = generatePkce();
-  const csrfToken = crypto.randomBytes(32).toString('hex');
-  const relayUrl = remote ? `${buildBaseUrl(req, PORT)}${BASE_URL}/api/codex-oauth/relay` : null;
-  const state = encodeOAuthState(csrfToken, relayUrl);
-  const params = new URLSearchParams({
-    response_type: 'code',
-    client_id: CODEX_CLIENT_ID,
-    redirect_uri: redirectUri,
-    scope: CODEX_SCOPES,
-    code_challenge: pkce.codeChallenge,
-    code_challenge_method: 'S256',
-    id_token_add_organizations: 'true',
-    codex_cli_simplified_flow: 'true',
-    state,
-  });
-  const authUrl = `${CODEX_OAUTH_ISSUER}/oauth/authorize?${params.toString()}`;
-  const mode = remote ? 'remote' : 'local';
-  codexOAuthPending = { pkce, redirectUri, state: csrfToken };
-  codexOAuthState = { status: 'pending', error: null, email: null };
-  if (codexOAuthPending._timeout) clearTimeout(codexOAuthPending._timeout);
-  codexOAuthPending._timeout = setTimeout(() => {
-    if (codexOAuthState.status === 'pending') {
-      codexOAuthState = { status: 'error', error: 'Authentication timed out', email: null };
-      codexOAuthPending = null;
-    }
-  }, 5 * 60 * 1000);
-  return { authUrl, mode };
-}
-
-export async function exchangeCodexOAuthCode(code, stateParam) {
-  if (!codexOAuthPending) throw new Error('No pending OAuth flow. Please start authentication again.');
-  if (codexOAuthPending._timeout) { clearTimeout(codexOAuthPending._timeout); codexOAuthPending._timeout = null; }
-  const { pkce, redirectUri, state: expectedCsrf } = codexOAuthPending;
-  const { csrfToken } = decodeOAuthState(stateParam);
-  if (csrfToken !== expectedCsrf) {
-    codexOAuthState = { status: 'error', error: 'State mismatch', email: null };
-    codexOAuthPending = null;
-    throw new Error('State mismatch - possible CSRF attack.');
-  }
-  if (!code) {
-    codexOAuthState = { status: 'error', error: 'No authorization code received', email: null };
-    codexOAuthPending = null;
-    throw new Error('No authorization code received.');
-  }
-  const body = new URLSearchParams({
-    grant_type: 'authorization_code',
-    code,
-    redirect_uri: redirectUri,
-    client_id: CODEX_CLIENT_ID,
-    code_verifier: pkce.codeVerifier,
-  });
-  const resp = await fetch(`${CODEX_OAUTH_ISSUER}/oauth/token`, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-    body: body.toString(),
-  });
-  if (!resp.ok) {
-    const text = await resp.text();
-    codexOAuthState = { status: 'error', error: `Token exchange failed: ${resp.status}`, email: null };
-    codexOAuthPending = null;
-    throw new Error(`Token exchange failed (${resp.status}): ${text}`);
-  }
-  const tokens = await resp.json();
-  const email = parseJwtEmail(tokens.id_token || '');
-  saveCodexCredentials(tokens);
-  codexOAuthState = { status: 'success', error: null, email };
-  codexOAuthPending = null;
-  return email;
-}
-
-export async function handleCodexOAuthCallback(req, res, PORT) {
-  const reqUrl = new URL(req.url, `http://localhost:${PORT}`);
-  const code = reqUrl.searchParams.get('code');
-  const state = reqUrl.searchParams.get('state');
-  const error = reqUrl.searchParams.get('error');
-  const errorDesc = reqUrl.searchParams.get('error_description');
-  if (error) {
-    const desc = errorDesc || error;
-    codexOAuthState = { status: 'error', error: desc, email: null };
-    codexOAuthPending = null;
-  }
-  const stateData = decodeOAuthState(state || '');
-  if (stateData.relayUrl) {
-    res.writeHead(200, { 'Content-Type': 'text/html' });
-    res.end(oauthRelayPage(code, state, errorDesc || error));
-    return;
-  }
-  if (!codexOAuthPending) {
-    res.writeHead(200, { 'Content-Type': 'text/html' });
-    res.end(oauthResultPage('Authentication Failed', 'No pending OAuth flow.', false));
-    return;
-  }
-  try {
-    if (error) throw new Error(errorDesc || error);
-    const email = await exchangeCodexOAuthCode(code, state);
-    res.writeHead(200, { 'Content-Type': 'text/html' });
-    res.end(oauthResultPage('Authentication Successful', email ? `Signed in as ${email}` : 'Codex CLI credentials saved.', true));
-  } catch (e) {
-    res.writeHead(200, { 'Content-Type': 'text/html' });
-    res.end(oauthResultPage('Authentication Failed', e.message, false));
-  }
-}
-
-export function getCodexOAuthState() { return codexOAuthState; }
-export function getCodexOAuthPending() { return codexOAuthPending; }
-export { CODEX_HOME, CODEX_AUTH_FILE };