better-opencode-openai-codex-auth 0.1.1 → 0.1.3

package/dist/lib/auth/auth.js

@@ -1,11 +1,13 @@
 import { generatePKCE } from "@openauthjs/openauth/pkce";
 import { randomBytes } from "node:crypto";
+import { DEVICE_AUTH } from "../constants.js";
 // OAuth constants (from openai/codex)
 export const CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
 export const AUTHORIZE_URL = "https://auth.openai.com/oauth/authorize";
 export const TOKEN_URL = "https://auth.openai.com/oauth/token";
 export const REDIRECT_URI = "http://localhost:1455/auth/callback";
 export const SCOPE = "openid profile email offline_access";
+const refreshInFlight = new Map();
 /**
  * Generate a random state value for OAuth flow
  * @returns Random hex string
@@ -44,11 +46,14 @@ export function parseAuthorizationInput(input) {
     return { code: value };
 }
 /**
- * Exchange authorization code for access and refresh tokens
+ * Exchange authorization code for access and refresh tokens.
+ * Captures id_token when returned — it contains chatgpt_account_id as a
+ * dedicated JWT claim, making account-ID extraction more reliable.
+ *
  * @param code - Authorization code from OAuth flow
  * @param verifier - PKCE verifier
  * @param redirectUri - OAuth redirect URI
- * @returns Token result
+ * @returns Token result (includes id_token when available)
  */
 export async function exchangeAuthorizationCode(code, verifier, redirectUri = REDIRECT_URI) {
     const res = await fetch(TOKEN_URL, {
@@ -64,14 +69,14 @@ export async function exchangeAuthorizationCode(code, verifier, redirectUri = RE
     });
     if (!res.ok) {
         const text = await res.text().catch(() => "");
-        console.error("[openai-codex-plugin] code->token failed:", res.status, text);
+        console.error(`[openai-codex-plugin] code->token failed: ${res.status}`, text);
         return { type: "failed" };
     }
     const json = (await res.json());
     if (!json?.access_token ||
         !json?.refresh_token ||
         typeof json?.expires_in !== "number") {
-        console.error("[openai-codex-plugin] token response missing fields:", json);
+        console.error("[openai-codex-plugin] token response missing fields");
         return { type: "failed" };
     }
     return {
@@ -79,6 +84,7 @@ export async function exchangeAuthorizationCode(code, verifier, redirectUri = RE
         access: json.access_token,
         refresh: json.refresh_token,
         expires: Date.now() + json.expires_in * 1000,
+        id_token: json.id_token,
     };
 }
 /**
@@ -92,15 +98,71 @@ export function decodeJWT(token) {
         if (parts.length !== 3)
             return null;
         const payload = parts[1];
-        const decoded = Buffer.from(payload, "base64").toString("utf-8");
-        return JSON.parse(decoded);
+        if (!payload)
+            return null;
+        const decoded = Buffer.from(payload, "base64url").toString("utf-8");
+        const parsed = JSON.parse(decoded);
+        // Validate that the parsed payload is a non-null object
+        if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+            return null;
+        }
+        return parsed;
     }
     catch {
         return null;
     }
 }
 /**
- * Refresh access token using refresh token
+ * Extract the ChatGPT account ID from a JWT token string.
+ * Checks (in priority order, matching first-party opencode CodexAuthPlugin):
+ *   1. Root-level chatgpt_account_id claim
+ *   2. Nested https://api.openai.com/auth.chatgpt_account_id claim
+ *   3. organizations[0].id fallback
+ *
+ * @param token - JWT string (id_token or access_token)
+ * @returns Account ID or undefined if not found
+ */
+export function extractAccountIdFromToken(token) {
+    if (!token)
+        return undefined;
+    const claims = decodeJWT(token);
+    if (!claims)
+        return undefined;
+    // 1. Root-level claim (most authoritative)
+    if (typeof claims.chatgpt_account_id === "string" && claims.chatgpt_account_id) {
+        return claims.chatgpt_account_id;
+    }
+    // 2. Nested claim
+    const nested = claims["https://api.openai.com/auth"];
+    if (nested?.chatgpt_account_id) {
+        return nested.chatgpt_account_id;
+    }
+    // 3. Organizations fallback
+    const orgs = claims.organizations;
+    if (Array.isArray(orgs) && orgs[0]?.id) {
+        return orgs[0].id;
+    }
+    return undefined;
+}
+/**
+ * Extract account ID from a token-response object.
+ * Tries id_token first (more authoritative), then access_token.
+ *
+ * @param tokens - Object with access_token and optional id_token
+ * @returns Account ID or undefined
+ */
+export function extractAccountId(tokens) {
+    if (tokens.id_token) {
+        const fromIdToken = extractAccountIdFromToken(tokens.id_token);
+        if (fromIdToken)
+            return fromIdToken;
+    }
+    return extractAccountIdFromToken(tokens.access_token);
+}
+/**
+ * Refresh access token using refresh token.
+ * Captures id_token when returned by the server.
+ *
  * @param refreshToken - Refresh token
  * @returns Token result
  */
@@ -117,13 +179,13 @@ export async function refreshAccessToken(refreshToken) {
         });
         if (!response.ok) {
             const text = await response.text().catch(() => "");
-            console.error("[openai-codex-plugin] Token refresh failed:", response.status, text);
+            console.error(`[openai-codex-plugin] Token refresh failed: ${response.status}`, text);
             return { type: "failed" };
         }
         const json = (await response.json());
         if (!json?.access_token ||
             typeof json?.expires_in !== "number") {
-            console.error("[openai-codex-plugin] Token refresh response missing fields:", json);
+            console.error("[openai-codex-plugin] Token refresh response missing fields");
             return { type: "failed" };
         }
         return {
@@ -131,16 +193,29 @@ export async function refreshAccessToken(refreshToken) {
             access: json.access_token,
             refresh: json.refresh_token || refreshToken,
             expires: Date.now() + json.expires_in * 1000,
+            id_token: json.id_token,
         };
     }
     catch (error) {
-        const err = error;
-        console.error("[openai-codex-plugin] Token refresh error:", err);
+        const err = error instanceof Error ? error : new Error(String(error));
+        console.error("[openai-codex-plugin] Token refresh error:", err.message);
         return { type: "failed" };
     }
 }
+export function refreshAccessTokenShared(accountKey, refreshToken) {
+    const key = `${accountKey}:${refreshToken}`;
+    const existing = refreshInFlight.get(key);
+    if (existing) {
+        return existing;
+    }
+    const promise = refreshAccessToken(refreshToken).finally(() => {
+        refreshInFlight.delete(key);
+    });
+    refreshInFlight.set(key, promise);
+    return promise;
+}
 /**
- * Create OAuth authorization flow
+ * Create OAuth authorization flow (browser PKCE)
  * @returns Authorization flow details
  */
 export async function createAuthorizationFlow() {
@@ -156,7 +231,61 @@ export async function createAuthorizationFlow() {
     url.searchParams.set("state", state);
     url.searchParams.set("id_token_add_organizations", "true");
     url.searchParams.set("codex_cli_simplified_flow", "true");
-    url.searchParams.set("originator", "codex_cli_rs");
+    // Use "opencode" — matching the first-party opencode CodexAuthPlugin (#2 fix)
+    url.searchParams.set("originator", "opencode");
     return { pkce, state, url: url.toString() };
 }
+/**
+ * Create a headless/device-code authorization flow.
+ *
+ * This flow requires no browser on the machine running opencode. The user
+ * visits a URL on any device and enters a short code to authenticate.
+ * Matches the "headless" method in the first-party opencode CodexAuthPlugin.
+ *
+ * @returns Device authorization flow details
+ */
+export async function createDeviceAuthorizationFlow() {
+    const response = await fetch(DEVICE_AUTH.USERCODE_URL, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ client_id: CLIENT_ID }),
+    });
+    if (!response.ok) {
+        throw new Error(`[openai-codex-plugin] Device auth usercode request failed: ${response.status}`);
+    }
+    const data = (await response.json());
+    const serverIntervalMs = Math.max(parseInt(data.interval) || 5, 1) * 1000;
+    const pollIntervalMs = serverIntervalMs + DEVICE_AUTH.POLL_SAFETY_MARGIN_MS;
+    const poll = async () => {
+        // eslint-disable-next-line no-constant-condition
+        while (true) {
+            const tokenResponse = await fetch(DEVICE_AUTH.TOKEN_URL, {
+                method: "POST",
+                headers: { "Content-Type": "application/json" },
+                body: JSON.stringify({
+                    device_auth_id: data.device_auth_id,
+                    user_code: data.user_code,
+                }),
+            });
+            if (tokenResponse.ok) {
+                const tokenData = (await tokenResponse.json());
+                // Exchange the authorization_code for final tokens
+                return exchangeAuthorizationCode(tokenData.authorization_code, tokenData.code_verifier, DEVICE_AUTH.REDIRECT_URI);
+            }
+            // 403 / 404 = still waiting for user to complete auth
+            if (tokenResponse.status !== 403 && tokenResponse.status !== 404) {
+                console.error(`[openai-codex-plugin] Device token poll failed: ${tokenResponse.status}`);
+                return { type: "failed" };
+            }
+            // Wait before next poll
+            await new Promise((r) => setTimeout(r, pollIntervalMs));
+        }
+    };
+    return {
+        activateUrl: DEVICE_AUTH.ACTIVATE_URL,
+        userCode: data.user_code,
+        pollIntervalMs,
+        poll,
+    };
+}
 //# sourceMappingURL=auth.js.map

package/dist/lib/auth/auth.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../lib/auth/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAG1C,sCAAsC;AACtC,MAAM,CAAC,MAAM,SAAS,GAAG,8BAA8B,CAAC;AACxD,MAAM,CAAC,MAAM,aAAa,GAAG,yCAAyC,CAAC;AACvE,MAAM,CAAC,MAAM,SAAS,GAAG,qCAAqC,CAAC;AAC/D,MAAM,CAAC,MAAM,YAAY,GAAG,qCAAqC,CAAC;AAClE,MAAM,CAAC,MAAM,KAAK,GAAG,qCAAqC,CAAC;AAE3D;;;GAGG;AACH,MAAM,UAAU,WAAW;IAC1B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACxC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,KAAa;IACpD,MAAM,KAAK,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IAEtB,IAAI,CAAC;QACJ,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO;YACN,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS;YAC/C,KAAK,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS;SACjD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IAEV,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAC1C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IACxB,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC;QAC1C,OAAO;YACN,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS;YACrC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS;SACvC,CAAC;IACH,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACxB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC9C,IAAY,EACZ,QAAgB,EAChB,cAAsB,YAAY;IAElC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;QAClC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACzB,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,SAAS;YACpB,IAAI;YACJ,aAAa,EAAE,QAAQ;YACvB,YAAY,EAAE,WAAW;SACzB,CAAC;KACF,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,KAAK,CAAC,2CAA2C,EAAE,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;QAC7E,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC3B,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI7B,CAAC;IACF,IACC,CAAC,IAAI,EAAE,YAAY;QACnB,CAAC,IAAI,EAAE,aAAa;QACpB,OAAO,IAAI,EAAE,UAAU,KAAK,QAAQ,EACnC,CAAC;QACF,OAAO,CAAC,KAAK,CAAC,sDAAsD,EAAE,IAAI,CAAC,CAAC;QAC5E,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC3B,CAAC;IACD,OAAO;QACN,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,IAAI,CAAC,YAAY;QACzB,OAAO,EAAE,IAAI,CAAC,aAAa;QAC3B,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;KAC5C,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa;IACtC,IAAI,CAAC;QACJ,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACzB,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACjE,OAAO,IAAI,CAAC,KAAK,CAAC,OAAO,CAAe,CAAC;IAC1C,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;AACF,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAAoB;IAC5D,IAAI,CAAC;QACJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YACvC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC;gBACzB,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,YAAY;gBAC3B,SAAS,EAAE,SAAS;aACpB,CAAC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,KAAK,CACZ,6CAA6C,EAC7C,QAAQ,CAAC,MAAM,EACf,IAAI,CACJ,CAAC;YACF,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC3B,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIlC,CAAC;QACF,IACC,CAAC,IAAI,EAAE,YAAY;YACnB,OAAO,IAAI,EAAE,UAAU,KAAK,QAAQ,EACnC,CAAC;YACF,OAAO,CAAC,KAAK,CACZ,8DAA8D,EAC9D,IAAI,CACJ,CAAC;YACF,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC3B,CAAC;QAED,OAAO;YACN,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,IAAI,CAAC,YAAY;YACzB,OAAO,EAAE,IAAI,CAAC,aAAa,IAAI,YAAY;YAC3C,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;SAC5C,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QAChB,MAAM,GAAG,GAAG,KAAc,CAAC;QAC3B,OAAO,CAAC,KAAK,CAAC,4CAA4C,EAAE,GAAG,CAAC,CAAC;QACjE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC3B,CAAC;AACF,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB;IAC5C,MAAM,IAAI,GAAG,CAAC,MAAM,YAAY,EAAE,CAAa,CAAC;IAChD,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;IAE5B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;IACnC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAC7C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;IACnD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACrC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACvD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACrC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,4BAA4B,EAAE,MAAM,CAAC,CAAC;IAC3D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,2BAA2B,EAAE,MAAM,CAAC,CAAC;IAC1D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,cAAc,CAAC,CAAC;IAEnD,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;AAC7C,CAAC"}
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../lib/auth/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C,sCAAsC;AACtC,MAAM,CAAC,MAAM,SAAS,GAAG,8BAA8B,CAAC;AACxD,MAAM,CAAC,MAAM,aAAa,GAAG,yCAAyC,CAAC;AACvE,MAAM,CAAC,MAAM,SAAS,GAAG,qCAAqC,CAAC;AAC/D,MAAM,CAAC,MAAM,YAAY,GAAG,qCAAqC,CAAC;AAClE,MAAM,CAAC,MAAM,KAAK,GAAG,qCAAqC,CAAC;AAE3D,MAAM,eAAe,GAAG,IAAI,GAAG,EAAgC,CAAC;AAEhE;;;GAGG;AACH,MAAM,UAAU,WAAW;IAC1B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACxC,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,uBAAuB,CAAC,KAAa;IACpD,MAAM,KAAK,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IAEtB,IAAI,CAAC;QACJ,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO;YACN,IAAI,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS;YAC/C,KAAK,EAAE,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS;SACjD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IAEV,IAAI,KAAK,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACzB,MAAM,CAAC,IAAI,EAAE,KAAK,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QAC1C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;IACxB,CAAC;IACD,IAAI,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QAC7B,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,KAAK,CAAC,CAAC;QAC1C,OAAO;YACN,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,SAAS;YACrC,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS;SACvC,CAAC;IACH,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC;AACxB,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC9C,IAAY,EACZ,QAAgB,EAChB,cAAsB,YAAY;IAElC,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;QAClC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACzB,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,SAAS;YACpB,IAAI;YACJ,aAAa,EAAE,QAAQ;YACvB,YAAY,EAAE,WAAW;SACzB,CAAC;KACF,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACb,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;QAC9C,OAAO,CAAC,KAAK,CAAC,6CAA6C,GAAG,CAAC,MAAM,EAAE,EAAE,IAAI,CAAC,CAAC;QAC/E,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC3B,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAK7B,CAAC;IACF,IACC,CAAC,IAAI,EAAE,YAAY;QACnB,CAAC,IAAI,EAAE,aAAa;QACpB,OAAO,IAAI,EAAE,UAAU,KAAK,QAAQ,EACnC,CAAC;QACF,OAAO,CAAC,KAAK,CAAC,qDAAqD,CAAC,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC3B,CAAC;IACD,OAAO;QACN,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,IAAI,CAAC,YAAY;QACzB,OAAO,EAAE,IAAI,CAAC,aAAa;QAC3B,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;QAC5C,QAAQ,EAAE,IAAI,CAAC,QAAQ;KACvB,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa;IACtC,IAAI,CAAC;QACJ,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACzB,IAAI,CAAC,OAAO;YAAE,OAAO,IAAI,CAAC;QAC1B,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACpE,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAE5C,wDAAwD;QACxD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YACpE,OAAO,IAAI,CAAC;QACb,CAAC;QAED,OAAO,MAAoB,CAAC;IAC7B,CAAC;IAAC,MAAM,CAAC;QACR,OAAO,IAAI,CAAC;IACb,CAAC;AACF,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,UAAU,yBAAyB,CAAC,KAAa;IACtD,IAAI,CAAC,KAAK;QAAE,OAAO,SAAS,CAAC;IAC7B,MAAM,MAAM,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAChC,IAAI,CAAC,MAAM;QAAE,OAAO,SAAS,CAAC;IAE9B,2CAA2C;IAC3C,IAAI,OAAO,MAAM,CAAC,kBAAkB,KAAK,QAAQ,IAAI,MAAM,CAAC,kBAAkB,EAAE,CAAC;QAChF,OAAO,MAAM,CAAC,kBAAkB,CAAC;IAClC,CAAC;IAED,kBAAkB;IAClB,MAAM,MAAM,GAAG,MAAM,CAAC,6BAA6B,CAEvC,CAAC;IACb,IAAI,MAAM,EAAE,kBAAkB,EAAE,CAAC;QAChC,OAAO,MAAM,CAAC,kBAAkB,CAAC;IAClC,CAAC;IAED,4BAA4B;IAC5B,MAAM,IAAI,GAAG,MAAM,CAAC,aAAa,CAAC;IAClC,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACnB,CAAC;IAED,OAAO,SAAS,CAAC;AAClB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAGhC;IACA,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACrB,MAAM,WAAW,GAAG,yBAAyB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAC/D,IAAI,WAAW;YAAE,OAAO,WAAW,CAAC;IACrC,CAAC;IACD,OAAO,yBAAyB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;AACvD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,YAAoB;IAC5D,IAAI,CAAC;QACJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YACvC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,IAAI,eAAe,CAAC;gBACzB,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,YAAY;gBAC3B,SAAS,EAAE,SAAS;aACpB,CAAC;SACF,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YAClB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAC;YACnD,OAAO,CAAC,KAAK,CACZ,+CAA+C,QAAQ,CAAC,MAAM,EAAE,EAChE,IAAI,CACJ,CAAC;YACF,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC3B,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAKlC,CAAC;QACF,IACC,CAAC,IAAI,EAAE,YAAY;YACnB,OAAO,IAAI,EAAE,UAAU,KAAK,QAAQ,EACnC,CAAC;YACF,OAAO,CAAC,KAAK,CACZ,6DAA6D,CAC7D,CAAC;YACF,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;QAC3B,CAAC;QAED,OAAO;YACN,IAAI,EAAE,SAAS;YACf,MAAM,EAAE,IAAI,CAAC,YAAY;YACzB,OAAO,EAAE,IAAI,CAAC,aAAa,IAAI,YAAY;YAC3C,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;YAC5C,QAAQ,EAAE,IAAI,CAAC,QAAQ;SACvB,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QAChB,MAAM,GAAG,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,KAAK,CAAC,4CAA4C,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QACzE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAC3B,CAAC;AACF,CAAC;AAED,MAAM,UAAU,wBAAwB,CACvC,UAAkB,EAClB,YAAoB;IAEpB,MAAM,GAAG,GAAG,GAAG,UAAU,IAAI,YAAY,EAAE,CAAC;IAC5C,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAC1C,IAAI,QAAQ,EAAE,CAAC;QACd,OAAO,QAAQ,CAAC;IACjB,CAAC;IAED,MAAM,OAAO,GAAG,kBAAkB,CAAC,YAAY,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE;QAC7D,eAAe,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IACH,eAAe,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IAClC,OAAO,OAAO,CAAC;AAChB,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,uBAAuB;IAC5C,MAAM,IAAI,GAAG,CAAC,MAAM,YAAY,EAAE,CAAa,CAAC;IAChD,MAAM,KAAK,GAAG,WAAW,EAAE,CAAC;IAE5B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;IACnC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;IAC7C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;IACnD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACrC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IACvD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACrC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,4BAA4B,EAAE,MAAM,CAAC,CAAC;IAC3D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,2BAA2B,EAAE,MAAM,CAAC,CAAC;IAC1D,8EAA8E;IAC9E,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;IAE/C,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,CAAC;AAC7C,CAAC;AAgBD;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,6BAA6B;IAClD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE;QACtD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC;KAC9C,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QAClB,MAAM,IAAI,KAAK,CACd,8DAA8D,QAAQ,CAAC,MAAM,EAAE,CAC/E,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIlC,CAAC;IAEF,MAAM,gBAAgB,GAAG,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;IAC1E,MAAM,cAAc,GAAG,gBAAgB,GAAG,WAAW,CAAC,qBAAqB,CAAC;IAE5E,MAAM,IAAI,GAAG,KAAK,IAA0B,EAAE;QAC7C,iDAAiD;QACjD,OAAO,IAAI,EAAE,CAAC;YACb,MAAM,aAAa,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,SAAS,EAAE;gBACxD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;gBAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACpB,cAAc,EAAE,IAAI,CAAC,cAAc;oBACnC,SAAS,EAAE,IAAI,CAAC,SAAS;iBACzB,CAAC;aACF,CAAC,CAAC;YAEH,IAAI,aAAa,CAAC,EAAE,EAAE,CAAC;gBACtB,MAAM,SAAS,GAAG,CAAC,MAAM,aAAa,CAAC,IAAI,EAAE,CAG5C,CAAC;gBAEF,mDAAmD;gBACnD,OAAO,yBAAyB,CAC/B,SAAS,CAAC,kBAAkB,EAC5B,SAAS,CAAC,aAAa,EACvB,WAAW,CAAC,YAAY,CACxB,CAAC;YACH,CAAC;YAED,sDAAsD;YACtD,IAAI,aAAa,CAAC,MAAM,KAAK,GAAG,IAAI,aAAa,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAClE,OAAO,CAAC,KAAK,CACZ,mDAAmD,aAAa,CAAC,MAAM,EAAE,CACzE,CAAC;gBACF,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;YAC3B,CAAC;YAED,wBAAwB;YACxB,MAAM,IAAI,OAAO,CAAO,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC,CAAC;QAC/D,CAAC;IACF,CAAC,CAAC;IAEF,OAAO;QACN,WAAW,EAAE,WAAW,CAAC,YAAY;QACrC,QAAQ,EAAE,IAAI,CAAC,SAAS;QACxB,cAAc;QACd,IAAI;KACJ,CAAC;AACH,CAAC"}

package/dist/lib/auth/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../lib/auth/server.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAMnD;;;;GAIG;AACH,wBAAgB,qBAAqB,CAAC,EAAE,KAAK,EAAE,EAAE;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,eAAe,CAAC,CAkE5F"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../../lib/auth/server.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAOnD;;;;GAIG;AACH,wBAAgB,qBAAqB,CAAC,EAAE,KAAK,EAAE,EAAE;IAAE,KAAK,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,eAAe,CAAC,CAqE5F"}

package/dist/lib/auth/server.js

@@ -2,6 +2,7 @@ import http from "node:http";
 import fs from "node:fs";
 import path from "node:path";
 import { fileURLToPath } from "node:url";
+import { OAUTH_SERVER, PLUGIN_NAME } from "../constants.js";
 // Resolve path to oauth-success.html (one level up from auth/ subfolder)
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const successHtml = fs.readFileSync(path.join(__dirname, "..", "oauth-success.html"), "utf-8");
@@ -35,21 +36,22 @@ export function startLocalOAuthServer({ state }) {
             res.end(successHtml);
             server._lastCode = code;
         }
-        catch {
+        catch (error) {
+            console.error(`[${PLUGIN_NAME}] OAuth callback handler error:`, error);
             res.statusCode = 500;
             res.end("Internal error");
         }
     });
     return new Promise((resolve) => {
         server
-            .listen(1455, "127.0.0.1", () => {
+            .listen(OAUTH_SERVER.PORT, "127.0.0.1", () => {
             resolve({
-                port: 1455,
+                port: OAUTH_SERVER.PORT,
                 ready: true,
                 close: () => server.close(),
                 waitForCode: async () => {
-                    const poll = () => new Promise((r) => setTimeout(r, 100));
-                    for (let i = 0; i < 600; i++) {
+                    const poll = () => new Promise((r) => setTimeout(r, OAUTH_SERVER.POLL_INTERVAL_MS));
+                    for (let i = 0; i < OAUTH_SERVER.MAX_POLL_ITERATIONS; i++) {
                         const lastCode = server._lastCode;
                         if (lastCode)
                             return { code: lastCode };
@@ -60,15 +62,17 @@ export function startLocalOAuthServer({ state }) {
             });
         })
             .on("error", (err) => {
-            console.error("[openai-codex-plugin] Failed to bind http://127.0.0.1:1455 (", err?.code, ") Falling back to manual paste.");
+            console.error(`[${PLUGIN_NAME}] Failed to bind http://127.0.0.1:${OAUTH_SERVER.PORT} (`, err?.code, ") Falling back to manual paste.");
             resolve({
-                port: 1455,
+                port: OAUTH_SERVER.PORT,
                 ready: false,
                 close: () => {
                     try {
                         server.close();
                     }
-                    catch { }
+                    catch (closeErr) {
+                        console.error(`[${PLUGIN_NAME}] Error closing server:`, closeErr);
+                    }
                 },
                 waitForCode: async () => null,
             });

package/dist/lib/auth/server.js.map

@@ -1 +1 @@
-{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../lib/auth/server.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAGzC,yEAAyE;AACzE,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC/D,MAAM,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,oBAAoB,CAAC,EAAE,OAAO,CAAC,CAAC;AAE/F;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CAAC,EAAE,KAAK,EAAqB;IACjE,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC7C,IAAI,CAAC;YACJ,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE,kBAAkB,CAAC,CAAC;YACvD,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;gBACvC,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;gBACrB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACrB,OAAO;YACR,CAAC;YACD,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC7C,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;gBACrB,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;gBAC1B,OAAO;YACR,CAAC;YACD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;gBACrB,GAAG,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;gBACtC,OAAO;YACR,CAAC;YACD,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;YACrB,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;YAC1D,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACpB,MAA+C,CAAC,SAAS,GAAG,IAAI,CAAC;QACnE,CAAC;QAAC,MAAM,CAAC;YACR,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3B,CAAC;IACF,CAAC,CAAC,CAAC;IAEH,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC9B,MAAM;aACJ,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;YAC/B,OAAO,CAAC;gBACP,IAAI,EAAE,IAAI;gBACV,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,EAAE;gBAC3B,WAAW,EAAE,KAAK,IAAI,EAAE;oBACvB,MAAM,IAAI,GAAG,GAAG,EAAE,CAAC,IAAI,OAAO,CAAO,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;oBAChE,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;wBAC9B,MAAM,QAAQ,GAAI,MAA+C,CAAC,SAAS,CAAC;wBAC5E,IAAI,QAAQ;4BAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;wBACxC,MAAM,IAAI,EAAE,CAAC;oBACd,CAAC;oBACD,OAAO,IAAI,CAAC;gBACb,CAAC;aACD,CAAC,CAAC;QACJ,CAAC,CAAC;aACD,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;YAC3C,OAAO,CAAC,KAAK,CACZ,8DAA8D,EAC9D,GAAG,EAAE,IAAI,EACT,iCAAiC,CACjC,CAAC;YACF,OAAO,CAAC;gBACP,IAAI,EAAE,IAAI;gBACV,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,GAAG,EAAE;oBACX,IAAI,CAAC;wBACJ,MAAM,CAAC,KAAK,EAAE,CAAC;oBAChB,CAAC;oBAAC,MAAM,CAAC,CAAA,CAAC;gBACX,CAAC;gBACD,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC,IAAI;aAC7B,CAAC,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"server.js","sourceRoot":"","sources":["../../../lib/auth/server.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,MAAM,SAAS,CAAC;AACzB,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAEzC,OAAO,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE5D,yEAAyE;AACzE,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC/D,MAAM,WAAW,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,oBAAoB,CAAC,EAAE,OAAO,CAAC,CAAC;AAE/F;;;;GAIG;AACH,MAAM,UAAU,qBAAqB,CAAC,EAAE,KAAK,EAAqB;IACjE,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC7C,IAAI,CAAC;YACJ,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE,kBAAkB,CAAC,CAAC;YACvD,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;gBACvC,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;gBACrB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACrB,OAAO;YACR,CAAC;YACD,IAAI,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,KAAK,KAAK,EAAE,CAAC;gBAC7C,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;gBACrB,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;gBAC1B,OAAO;YACR,CAAC;YACD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC1C,IAAI,CAAC,IAAI,EAAE,CAAC;gBACX,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;gBACrB,GAAG,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;gBACtC,OAAO;YACR,CAAC;YACD,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;YACrB,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,0BAA0B,CAAC,CAAC;YAC1D,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACpB,MAA+C,CAAC,SAAS,GAAG,IAAI,CAAC;QACnE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,iCAAiC,EAAE,KAAK,CAAC,CAAC;YACvE,GAAG,CAAC,UAAU,GAAG,GAAG,CAAC;YACrB,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC3B,CAAC;IACF,CAAC,CAAC,CAAC;IAEH,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;QAC9B,MAAM;aACJ,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;YAC5C,OAAO,CAAC;gBACP,IAAI,EAAE,YAAY,CAAC,IAAI;gBACvB,KAAK,EAAE,IAAI;gBACX,KAAK,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,EAAE;gBAC3B,WAAW,EAAE,KAAK,IAAI,EAAE;oBACvB,MAAM,IAAI,GAAG,GAAG,EAAE,CAAC,IAAI,OAAO,CAAO,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,YAAY,CAAC,gBAAgB,CAAC,CAAC,CAAC;oBAC1F,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,YAAY,CAAC,mBAAmB,EAAE,CAAC,EAAE,EAAE,CAAC;wBAC3D,MAAM,QAAQ,GAAI,MAA+C,CAAC,SAAS,CAAC;wBAC5E,IAAI,QAAQ;4BAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;wBACxC,MAAM,IAAI,EAAE,CAAC;oBACd,CAAC;oBACD,OAAO,IAAI,CAAC;gBACb,CAAC;aACD,CAAC,CAAC;QACJ,CAAC,CAAC;aACD,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;YAC3C,OAAO,CAAC,KAAK,CACZ,IAAI,WAAW,qCAAqC,YAAY,CAAC,IAAI,IAAI,EACzE,GAAG,EAAE,IAAI,EACT,iCAAiC,CACjC,CAAC;YACF,OAAO,CAAC;gBACP,IAAI,EAAE,YAAY,CAAC,IAAI;gBACvB,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,GAAG,EAAE;oBACX,IAAI,CAAC;wBACJ,MAAM,CAAC,KAAK,EAAE,CAAC;oBAChB,CAAC;oBAAC,OAAO,QAAQ,EAAE,CAAC;wBACnB,OAAO,CAAC,KAAK,CAAC,IAAI,WAAW,yBAAyB,EAAE,QAAQ,CAAC,CAAC;oBACnE,CAAC;gBACF,CAAC;gBACD,WAAW,EAAE,KAAK,IAAI,EAAE,CAAC,IAAI;aAC9B,CAAC,CAAC;QACJ,CAAC,CAAC,CAAC;IACJ,CAAC,CAAC,CAAC;AACJ,CAAC"}

package/dist/lib/auth/ui/account-menu.d.ts

@@ -0,0 +1,50 @@
+/**
+ * Account pool management UI for the Codex OAuth plugin.
+ *
+ * Shown when the user runs `opencode auth login` and existing accounts
+ * are already in the pool.  Provides TTY-interactive menu on terminals;
+ * falls back to a plain readline prompt on headless/non-TTY environments.
+ *
+ * Inspired by NoeFabris/opencode-antigravity-auth ui/auth-menu.ts.
+ */
+import type { AccountPoolEntry } from "../../types.js";
+import { AccountPool } from "../../account-pool.js";
+export type AccountStatus = "active" | "rate-limited" | "cooling-down" | "expired" | "unknown";
+export interface DisplayAccount {
+    entry: AccountPoolEntry;
+    index: number;
+    status: AccountStatus;
+}
+/**
+ * Derive a human-readable status from pool entry timestamps.
+ */
+export declare function getAccountStatus(entry: AccountPoolEntry): AccountStatus;
+export type ManageResult = {
+    action: "add";
+} | {
+    action: "delete-one";
+    index: number;
+} | {
+    action: "delete-all";
+} | {
+    action: "refresh-token";
+    index: number;
+} | {
+    action: "done";
+};
+/**
+ * Show the account management menu.
+ *
+ * Loads the current pool, displays it with live status, and applies the
+ * user's chosen action (delete, refresh-token, delete-all, or add).
+ *
+ * Returns the final `ManageResult` after the user is done. Callers should
+ * loop as long as `action !== "done"` && `action !== "add"`.
+ */
+export declare function showAccountManager(): Promise<ManageResult>;
+/**
+ * Apply a ManageResult to the pool and persist.
+ * Returns true if the caller should proceed to add a new account.
+ */
+export declare function applyManageResult(result: ManageResult, pool: AccountPool): boolean;
+//# sourceMappingURL=account-menu.d.ts.map

package/dist/lib/auth/ui/account-menu.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"account-menu.d.ts","sourceRoot":"","sources":["../../../../lib/auth/ui/account-menu.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAMH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,gBAAgB,CAAC;AACvD,OAAO,EAAE,WAAW,EAAE,MAAM,uBAAuB,CAAC;AAEpD,MAAM,MAAM,aAAa,GAAG,QAAQ,GAAG,cAAc,GAAG,cAAc,GAAG,SAAS,GAAG,SAAS,CAAC;AAE/F,MAAM,WAAW,cAAc;IAC9B,KAAK,EAAE,gBAAgB,CAAC;IACxB,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,aAAa,CAAC;CACtB;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,KAAK,EAAE,gBAAgB,GAAG,aAAa,CAMvE;AAgLD,MAAM,MAAM,YAAY,GACrB;IAAE,MAAM,EAAE,KAAK,CAAA;CAAE,GACjB;IAAE,MAAM,EAAE,YAAY,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GACvC;IAAE,MAAM,EAAE,YAAY,CAAA;CAAE,GACxB;IAAE,MAAM,EAAE,eAAe,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,GAC1C;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,CAAC;AAEtB;;;;;;;;GAQG;AACH,wBAAsB,kBAAkB,IAAI,OAAO,CAAC,YAAY,CAAC,CAkDhE;AAED;;;GAGG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,YAAY,EAAE,IAAI,EAAE,WAAW,GAAG,OAAO,CAuBlF"}

package/dist/lib/auth/ui/account-menu.js

@@ -0,0 +1,258 @@
+/**
+ * Account pool management UI for the Codex OAuth plugin.
+ *
+ * Shown when the user runs `opencode auth login` and existing accounts
+ * are already in the pool.  Provides TTY-interactive menu on terminals;
+ * falls back to a plain readline prompt on headless/non-TTY environments.
+ *
+ * Inspired by NoeFabris/opencode-antigravity-auth ui/auth-menu.ts.
+ */
+import { createInterface } from "node:readline/promises";
+import { ANSI, isTTY } from "./ansi.js";
+import { select } from "./select.js";
+import { confirm } from "./confirm.js";
+import { AccountPool } from "../../account-pool.js";
+/**
+ * Derive a human-readable status from pool entry timestamps.
+ */
+export function getAccountStatus(entry) {
+    const now = Date.now();
+    if (entry.rateLimitedUntil && entry.rateLimitedUntil > now)
+        return "rate-limited";
+    if (entry.coolingDownUntil && entry.coolingDownUntil > now)
+        return "cooling-down";
+    if (entry.expires < now)
+        return "expired";
+    return "active";
+}
+function statusBadge(status) {
+    switch (status) {
+        case "active": return `${ANSI.green}[active]${ANSI.reset}`;
+        case "rate-limited": return `${ANSI.yellow}[rate-limited]${ANSI.reset}`;
+        case "cooling-down": return `${ANSI.yellow}[cooling-down]${ANSI.reset}`;
+        case "expired": return `${ANSI.red}[expired]${ANSI.reset}`;
+        default: return `${ANSI.dim}[unknown]${ANSI.reset}`;
+    }
+}
+function relativeTime(ts) {
+    if (!ts)
+        return "never";
+    const diff = Date.now() - ts;
+    const mins = Math.floor(diff / 60_000);
+    if (mins < 1)
+        return "just now";
+    if (mins < 60)
+        return `${mins}m ago`;
+    const hrs = Math.floor(mins / 60);
+    if (hrs < 24)
+        return `${hrs}h ago`;
+    const days = Math.floor(hrs / 24);
+    if (days < 7)
+        return `${days}d ago`;
+    return new Date(ts).toLocaleDateString();
+}
+function countdownTime(until) {
+    if (!until)
+        return "";
+    const ms = until - Date.now();
+    if (ms <= 0)
+        return "";
+    const secs = Math.ceil(ms / 1000);
+    if (secs < 60)
+        return ` (${secs}s)`;
+    return ` (${Math.ceil(secs / 60)}m)`;
+}
+async function showMainMenu(accounts) {
+    const items = [
+        { label: "Actions", value: { type: "cancel" }, kind: "heading" },
+        { label: "Add another account", value: { type: "add" }, color: "cyan" },
+        { label: "", value: { type: "cancel" }, separator: true },
+        { label: `Accounts (${accounts.length})`, value: { type: "cancel" }, kind: "heading" },
+        ...accounts.map((acc) => {
+            const label = acc.entry.email || `Account ${acc.index + 1}`;
+            const badge = statusBadge(acc.status);
+            const countdown = acc.status !== "active" ? countdownTime(acc.entry.rateLimitedUntil ?? acc.entry.coolingDownUntil) : "";
+            return {
+                label: `${acc.index + 1}. ${label} ${badge}${countdown}`,
+                hint: acc.entry.lastUsed ? relativeTime(acc.entry.lastUsed) : "",
+                value: { type: "select", account: acc },
+            };
+        }),
+        { label: "", value: { type: "cancel" }, separator: true },
+        { label: "Danger zone", value: { type: "cancel" }, kind: "heading" },
+        { label: "Delete all accounts", value: { type: "delete-all" }, color: "red" },
+    ];
+    while (true) {
+        const result = await select(items, {
+            message: "OpenAI Codex accounts",
+            subtitle: "Select an action or account",
+            clearScreen: true,
+        });
+        if (!result)
+            return { type: "cancel" };
+        if (result.type === "delete-all") {
+            const confirmed = await confirm("Delete ALL accounts? This cannot be undone.");
+            if (!confirmed)
+                continue;
+        }
+        return result;
+    }
+}
+async function showAccountDetail(acc) {
+    const label = acc.entry.email || `Account ${acc.index + 1}`;
+    const badge = statusBadge(acc.status);
+    while (true) {
+        const result = await select([
+            { label: "Back", value: "back" },
+            { label: "Refresh token (re-authenticate)", value: "refresh-token", color: "cyan" },
+            { label: "Delete this account", value: "delete", color: "red" },
+        ], {
+            message: `${label} ${badge}`,
+            subtitle: [
+                `ID: ${acc.entry.accountId}`,
+                `Last used: ${relativeTime(acc.entry.lastUsed)}`,
+                `Expires: ${new Date(acc.entry.expires).toLocaleString()}`,
+            ].join("  |  "),
+            clearScreen: true,
+        });
+        if (result === "delete") {
+            const confirmed = await confirm(`Delete ${label}?`);
+            if (!confirmed)
+                continue;
+        }
+        if (result === "refresh-token") {
+            const confirmed = await confirm(`Re-authenticate ${label}? You will be redirected to log in again.`);
+            if (!confirmed)
+                continue;
+        }
+        return result ?? "cancel";
+    }
+}
+// ---------------------------------------------------------------------------
+// Fallback for non-TTY (headless server)
+// ---------------------------------------------------------------------------
+async function showMenuFallback(accounts) {
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    try {
+        process.stdout.write("\n");
+        process.stdout.write(`  OpenAI Codex accounts (${accounts.length})\n`);
+        process.stdout.write("  ─────────────────────────────\n");
+        for (const acc of accounts) {
+            const label = acc.entry.email || `Account ${acc.index + 1}`;
+            const status = acc.status;
+            process.stdout.write(`  ${acc.index + 1}. ${label}  [${status}]  last used: ${relativeTime(acc.entry.lastUsed)}\n`);
+        }
+        process.stdout.write("\n");
+        while (true) {
+            const answer = await rl.question("  (a)dd account  (d)elete <n>  (da) delete all  (q)uit: ");
+            const parts = answer.trim().toLowerCase().split(/\s+/);
+            const cmd = parts[0] ?? "";
+            if (cmd === "a" || cmd === "add")
+                return { action: "add" };
+            if (cmd === "q" || cmd === "quit" || cmd === "")
+                return { action: "done" };
+            if ((cmd === "da" || cmd === "delete-all")) {
+                const confirm = await rl.question("  Delete ALL accounts? (yes/no): ");
+                if (confirm.trim().toLowerCase() === "yes")
+                    return { action: "delete-all" };
+                continue;
+            }
+            if (cmd === "d" || cmd === "delete") {
+                const idxStr = parts[1];
+                const idx = idxStr ? parseInt(idxStr, 10) - 1 : NaN;
+                if (Number.isNaN(idx) || idx < 0 || idx >= accounts.length) {
+                    process.stdout.write("  Usage: d <account number>\n");
+                    continue;
+                }
+                const label = accounts[idx].entry.email || `Account ${idx + 1}`;
+                const confirmStr = await rl.question(`  Delete ${label}? (yes/no): `);
+                if (confirmStr.trim().toLowerCase() === "yes") {
+                    return { action: "delete-one", index: idx };
+                }
+                continue;
+            }
+            process.stdout.write("  Unknown command. Try: a | d <n> | da | q\n");
+        }
+    }
+    finally {
+        rl.close();
+    }
+}
+/**
+ * Show the account management menu.
+ *
+ * Loads the current pool, displays it with live status, and applies the
+ * user's chosen action (delete, refresh-token, delete-all, or add).
+ *
+ * Returns the final `ManageResult` after the user is done. Callers should
+ * loop as long as `action !== "done"` && `action !== "add"`.
+ */
+export async function showAccountManager() {
+    const pool = AccountPool.load();
+    const accounts = pool.getAccounts();
+    if (accounts.length === 0) {
+        process.stdout.write("\n  No accounts in pool — proceeding to add one.\n\n");
+        return { action: "add" };
+    }
+    const displayAccounts = accounts.map((entry, index) => ({
+        entry,
+        index,
+        status: getAccountStatus(entry),
+    }));
+    if (!isTTY()) {
+        return showMenuFallback(displayAccounts);
+    }
+    // TTY interactive loop
+    while (true) {
+        const mainAction = await showMainMenu(displayAccounts);
+        if (mainAction.type === "cancel")
+            return { action: "done" };
+        if (mainAction.type === "add")
+            return { action: "add" };
+        if (mainAction.type === "delete-all") {
+            // Remove all accounts from pool and save
+            for (let i = accounts.length - 1; i >= 0; i--) {
+                accounts.splice(i, 1);
+            }
+            pool.save();
+            process.stdout.write("\n  All accounts removed.\n\n");
+            return { action: "add" };
+        }
+        if (mainAction.type === "select") {
+            const detail = await showAccountDetail(mainAction.account);
+            if (detail === "back")
+                continue;
+            if (detail === "delete") {
+                return { action: "delete-one", index: mainAction.account.index };
+            }
+            if (detail === "refresh-token") {
+                return { action: "refresh-token", index: mainAction.account.index };
+            }
+        }
+    }
+}
+/**
+ * Apply a ManageResult to the pool and persist.
+ * Returns true if the caller should proceed to add a new account.
+ */
+export function applyManageResult(result, pool) {
+    const accounts = pool.getAccounts();
+    if (result.action === "delete-one") {
+        accounts.splice(result.index, 1);
+        pool.save();
+        const label = accounts[result.index]?.email || `Account ${result.index + 1}`;
+        process.stdout.write(`\n  Account removed.\n\n`);
+        return false;
+    }
+    if (result.action === "delete-all") {
+        accounts.splice(0, accounts.length);
+        pool.save();
+        process.stdout.write("\n  All accounts removed.\n\n");
+        return true; // proceed to add
+    }
+    if (result.action === "add" || result.action === "refresh-token") {
+        return true;
+    }
+    return false;
+}
+//# sourceMappingURL=account-menu.js.map