bloby-bot 0.29.0 → 0.30.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bloby-bot",
-  "version": "0.29.0",
+  "version": "0.30.0",
   "releaseNotes": [
     "1. # voice note (PTT bubble)",
     "2. # audio file + caption",

package/scripts/tempo-balance.ts

@@ -1,23 +1,23 @@
 // Read on-chain USDC balances for one or more Tempo addresses.
 //
-// Fill in the CONFIG block below, then run from repo root:
-//   cp scripts/tempo-balance.ts /tmp/tempo-transfer/ && \
-//     (cd /tmp/tempo-transfer && ./node_modules/.bin/tsx tempo-balance.ts)
-//
-// (The script must be executed from inside the isolated /tmp/tempo-transfer/
-// install — the repo's own node_modules has a @noble/hashes version conflict
-// that breaks viem's ESM import resolution. To rebuild the isolated dir if
-// missing: mkdir -p /tmp/tempo-transfer && cd /tmp/tempo-transfer \
-//   && npm init -y && npm install viem@2.47.6 tsx)
+// RUN (one-liner, from repo root): cp scripts/tempo-balance.ts /tmp/tempo-transfer/ && (cd /tmp/tempo-transfer && ./node_modules/.bin/tsx tempo-balance.ts)
 //
+// Edit the ACCOUNTS list in the CONFIG block below to add/remove wallets.
 // Each entry prints: USDC balance, nonce (0 = wallet has never sent a tx),
 // and whether the address is an EOA or a contract.
+//
+// Why the copy-into-/tmp dance: the repo's own node_modules has a
+// @noble/hashes version conflict that breaks viem's ESM import resolution,
+// so the script must run from the isolated /tmp/tempo-transfer/ install.
+// To rebuild that dir if it's missing:
+//   mkdir -p /tmp/tempo-transfer && cd /tmp/tempo-transfer && npm init -y && npm install viem@2.47.6 tsx
 
 // ─── CONFIG ──────────────────────────────────────────────────────────────────
 
 const ACCOUNTS = [
-  { label: 'Bot wallet', wallet: '0xc65d8a0dB80f637337B87e42b8BEb5D86D46f942' },
+  { label: 'Bloby', wallet: '0xc65d8a0dB80f637337B87e42b8BEb5D86D46f942' },
   { label: 'Treasury',   wallet: '0x084A80e395FaE8Aaf58F591f47F63DA1EeF06bbC' },
+  { label: 'Serge',   wallet: '0x21AC79F74da90c9F441699Ee6215dA32c0CE9F5a' },
 ];
 
 // ─────────────────────────────────────────────────────────────────────────────

package/worker/codex-auth.ts

@@ -1,9 +1,22 @@
 /**
  * Codex OAuth PKCE flow for ChatGPT Plus/Pro subscription authentication.
- * Adapted from CodeDeck's CodexOAuthService for server-side Node.js.
  *
  * Spins up a temporary HTTP server on port 1455 to capture the OAuth callback.
- * Credentials are stored in ~/.codex/codedeck-auth.json.
+ * Credentials are stored in ~/.codex/auth.json in the same shape Codex CLI
+ * itself writes, so a spawned `codex app-server` process can use them directly.
+ *
+ * Shape on disk (chatgpt mode):
+ *   {
+ *     "OPENAI_API_KEY": null,
+ *     "auth_mode": "chatgpt",
+ *     "tokens": {
+ *       "id_token": "<raw jwt>",
+ *       "access_token": "<jwt>",
+ *       "refresh_token": "...",
+ *       "account_id": "<chatgpt_account_id from id_token claims>"
+ *     },
+ *     "last_refresh": "2026-05-03T12:34:56.789Z"
+ *   }
  */
 
 import crypto from 'crypto';
@@ -23,50 +36,124 @@ const OAUTH_CONFIG = {
 };
 
 const AUTH_DIR = path.join(os.homedir(), '.codex');
-const AUTH_FILE = path.join(AUTH_DIR, 'codedeck-auth.json');
+const AUTH_FILE = path.join(AUTH_DIR, 'auth.json');
+const LEGACY_AUTH_FILE = path.join(AUTH_DIR, 'codedeck-auth.json');
+
+/** Refresh access tokens this many ms before they actually expire. */
+const REFRESH_LEEWAY_MS = 5 * 60 * 1000;
 
 let codeVerifier: string | null = null;
 let oauthState: string | null = null;
 let callbackServer: http.Server | null = null;
 
-/* ── Helpers ── */
+interface AuthDotJson {
+  OPENAI_API_KEY: string | null;
+  auth_mode?: 'apikey' | 'chatgpt' | 'chatgptAuthTokens' | 'agentIdentity';
+  tokens?: {
+    id_token: string;
+    access_token: string;
+    refresh_token: string;
+    account_id?: string | null;
+  };
+  last_refresh?: string;
+  [key: string]: unknown;
+}
 
-function stopCallbackServer(): void {
-  if (callbackServer) {
-    try { callbackServer.close(); } catch {}
-    callbackServer = null;
+/* ── File I/O ── */
+
+function readAuthFile(): AuthDotJson | null {
+  try {
+    if (!fs.existsSync(AUTH_FILE)) return null;
+    return JSON.parse(fs.readFileSync(AUTH_FILE, 'utf-8'));
+  } catch {
+    return null;
   }
 }
 
-function storeCredentials(tokens: any): void {
-  if (!fs.existsSync(AUTH_DIR)) {
-    fs.mkdirSync(AUTH_DIR, { recursive: true });
+function writeAuthFile(auth: AuthDotJson): void {
+  fs.mkdirSync(AUTH_DIR, { recursive: true });
+  fs.writeFileSync(AUTH_FILE, JSON.stringify(auth, null, 2), 'utf-8');
+  try { fs.chmodSync(AUTH_FILE, 0o600); } catch {}
+}
+
+/** Decode a JWT and return its parsed payload, or null on failure. */
+function decodeJwt(token: string): Record<string, any> | null {
+  try {
+    const parts = token.split('.');
+    if (parts.length < 2) return null;
+    return JSON.parse(Buffer.from(parts[1], 'base64url').toString('utf-8'));
+  } catch {
+    return null;
   }
+}
 
-  const credentials: Record<string, any> = {
-    access_token: tokens.access_token,
-    token_type: tokens.token_type || 'Bearer',
-  };
+/** Read the JWT `exp` claim as a Unix epoch (seconds). Null if missing/invalid. */
+function jwtExpiryMs(token: string): number | null {
+  const payload = decodeJwt(token);
+  if (!payload || typeof payload.exp !== 'number') return null;
+  return payload.exp * 1000;
+}
 
-  if (tokens.refresh_token) credentials.refresh_token = tokens.refresh_token;
-  if (tokens.id_token) credentials.id_token = tokens.id_token;
-  if (tokens.expires_in) {
-    credentials.expires_at = Date.now() + (tokens.expires_in - 300) * 1000;
+/** Pull `chatgpt_account_id` out of the id_token JWT claims, if present. */
+function extractAccountId(idToken: string): string | undefined {
+  const payload = decodeJwt(idToken);
+  const authClaims = payload?.['https://api.openai.com/auth'] || {};
+  return authClaims.chatgpt_account_id || undefined;
+}
+
+/** One-shot migration from the old `codedeck-auth.json` layout (pre-codex-native). */
+function migrateLegacyFile(): void {
+  if (fs.existsSync(AUTH_FILE)) {
+    // If auth.json already has chatgpt tokens, nothing to do.
+    const existing = readAuthFile();
+    if (existing?.tokens?.refresh_token) return;
   }
+  if (!fs.existsSync(LEGACY_AUTH_FILE)) return;
 
-  // Decode JWT claims for account info
   try {
-    const payload = JSON.parse(Buffer.from(tokens.access_token.split('.')[1], 'base64url').toString());
-    const authClaims = payload['https://api.openai.com/auth'] || {};
-    if (authClaims.chatgpt_account_id) credentials.chatgpt_account_id = authClaims.chatgpt_account_id;
-    if (authClaims.chatgpt_plan_type) credentials.chatgpt_plan_type = authClaims.chatgpt_plan_type;
-  } catch {
-    log.warn('Codex: failed to decode JWT claims');
+    const legacy = JSON.parse(fs.readFileSync(LEGACY_AUTH_FILE, 'utf-8'));
+    if (!legacy.access_token || !legacy.refresh_token) return;
+
+    const existing = readAuthFile() || { OPENAI_API_KEY: null };
+    const next: AuthDotJson = {
+      ...existing,
+      auth_mode: 'chatgpt',
+      tokens: {
+        id_token: legacy.id_token || '',
+        access_token: legacy.access_token,
+        refresh_token: legacy.refresh_token,
+        account_id: legacy.chatgpt_account_id || extractAccountId(legacy.access_token),
+      },
+      last_refresh: new Date().toISOString(),
+    };
+    writeAuthFile(next);
+    try { fs.unlinkSync(LEGACY_AUTH_FILE); } catch {}
+    log.ok('Codex: migrated legacy codedeck-auth.json → auth.json');
+  } catch (err: any) {
+    log.warn(`Codex: legacy migration failed — ${err.message}`);
   }
+}
 
-  fs.writeFileSync(AUTH_FILE, JSON.stringify(credentials, null, 2), 'utf-8');
-  try { fs.chmodSync(AUTH_FILE, 0o600); } catch {}
-  log.ok('Codex credentials stored');
+/* ── Token exchange & refresh ── */
+
+function storeTokens(tokens: { access_token: string; refresh_token?: string; id_token?: string }): void {
+  const existing = readAuthFile() || { OPENAI_API_KEY: null };
+  const prev = existing.tokens;
+  const idToken = tokens.id_token ?? prev?.id_token ?? '';
+
+  const next: AuthDotJson = {
+    ...existing,
+    OPENAI_API_KEY: existing.OPENAI_API_KEY ?? null,
+    auth_mode: 'chatgpt',
+    tokens: {
+      id_token: idToken,
+      access_token: tokens.access_token,
+      refresh_token: tokens.refresh_token ?? prev?.refresh_token ?? '',
+      account_id: idToken ? extractAccountId(idToken) ?? prev?.account_id : prev?.account_id,
+    },
+    last_refresh: new Date().toISOString(),
+  };
+  writeAuthFile(next);
 }
 
 async function exchangeCode(code: string): Promise<{ success: boolean; error?: string }> {
@@ -94,27 +181,61 @@ async function exchangeCode(code: string): Promise<{ success: boolean; error?: s
     }
 
     const tokens = await response.json();
-    storeCredentials(tokens);
+    if (!tokens.access_token) {
+      return { success: false, error: 'OAuth response missing access_token.' };
+    }
+    storeTokens(tokens);
     codeVerifier = null;
     oauthState = null;
+    log.ok('Codex credentials stored');
+    // Clean up the legacy file on first successful new auth.
+    try { fs.unlinkSync(LEGACY_AUTH_FILE); } catch {}
     return { success: true };
   } catch (err: any) {
     return { success: false, error: err.message };
   }
 }
 
+async function refreshTokens(refreshToken: string): Promise<boolean> {
+  try {
+    log.ok('Codex: refreshing access token...');
+    const response = await fetch(OAUTH_CONFIG.TOKEN_URL, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        client_id: OAUTH_CONFIG.CLIENT_ID,
+        grant_type: 'refresh_token',
+        refresh_token: refreshToken,
+      }),
+    });
+    if (!response.ok) {
+      log.warn(`Codex: refresh failed (${response.status})`);
+      return false;
+    }
+    const tokens = await response.json();
+    if (!tokens.access_token) {
+      log.warn('Codex: refresh response missing access_token');
+      return false;
+    }
+    storeTokens(tokens);
+    log.ok('Codex: token refreshed');
+    return true;
+  } catch (err: any) {
+    log.warn(`Codex: refresh error — ${err.message}`);
+    return false;
+  }
+}
+
 /* ── Public API ── */
 
 export function startCodexOAuth(): Promise<{ success: boolean; authUrl?: string; error?: string }> {
   return new Promise((resolve) => {
     stopCallbackServer();
 
-    // Generate PKCE
     codeVerifier = crypto.randomBytes(32).toString('base64url');
     const codeChallenge = crypto.createHash('sha256').update(codeVerifier).digest('base64url');
     oauthState = crypto.randomUUID();
 
-    // Start local callback server
     callbackServer = http.createServer((req, res) => {
       if (!req.url?.startsWith('/auth/callback')) {
         res.writeHead(404);
@@ -172,28 +293,71 @@ export function cancelCodexOAuth(): void {
   oauthState = null;
 }
 
-export function getCodexAuthStatus(): { authenticated: boolean; plan?: string; error?: string } {
+export async function getCodexAuthStatus(): Promise<{
+  authenticated: boolean;
+  plan?: string;
+  error?: string;
+}> {
   try {
-    if (!fs.existsSync(AUTH_FILE)) return { authenticated: false };
-    const creds = JSON.parse(fs.readFileSync(AUTH_FILE, 'utf-8'));
-    if (!creds.access_token) return { authenticated: false };
-    if (creds.expires_at && Date.now() >= creds.expires_at) {
-      return { authenticated: false, error: 'Token expired' };
+    migrateLegacyFile();
+    const auth = readAuthFile();
+    const tokens = auth?.tokens;
+    if (!tokens?.access_token) return { authenticated: false };
+
+    const expMs = jwtExpiryMs(tokens.access_token);
+    const valid = expMs ? Date.now() + REFRESH_LEEWAY_MS < expMs : true;
+
+    if (!valid && tokens.refresh_token) {
+      const ok = await refreshTokens(tokens.refresh_token);
+      if (!ok) return { authenticated: false, error: 'Token expired and refresh failed' };
     }
-    return { authenticated: true, plan: creds.chatgpt_plan_type || 'plus' };
+
+    const fresh = readAuthFile();
+    const idClaims = fresh?.tokens?.id_token ? decodeJwt(fresh.tokens.id_token) : null;
+    const plan = idClaims?.['https://api.openai.com/auth']?.chatgpt_plan_type || 'plus';
+    return { authenticated: true, plan };
   } catch (err: any) {
     return { authenticated: false, error: err.message };
   }
 }
 
+/**
+ * Read a valid Codex access token, refreshing if expired. Returns null if unavailable.
+ * This is what the Codex harness should call before each app-server invocation.
+ */
+export async function getCodexAccessToken(): Promise<string | null> {
+  migrateLegacyFile();
+  const auth = readAuthFile();
+  const tokens = auth?.tokens;
+  if (!tokens?.access_token) return null;
+
+  const expMs = jwtExpiryMs(tokens.access_token);
+  if (!expMs || Date.now() + REFRESH_LEEWAY_MS < expMs) {
+    return tokens.access_token;
+  }
+
+  if (!tokens.refresh_token) return null;
+  const ok = await refreshTokens(tokens.refresh_token);
+  if (!ok) return null;
+
+  return readAuthFile()?.tokens?.access_token ?? null;
+}
+
+/** Synchronous accessor — returns the stored access token without refreshing. */
 export function readCodexAccessToken(): string | null {
-  try {
-    if (!fs.existsSync(AUTH_FILE)) return null;
-    const creds = JSON.parse(fs.readFileSync(AUTH_FILE, 'utf-8'));
-    if (!creds.access_token) return null;
-    if (creds.expires_at && Date.now() >= creds.expires_at) return null;
-    return creds.access_token;
-  } catch {
-    return null;
+  const auth = readAuthFile();
+  const token = auth?.tokens?.access_token;
+  if (!token) return null;
+  const expMs = jwtExpiryMs(token);
+  if (expMs && Date.now() >= expMs) return null;
+  return token;
+}
+
+/* ── Helpers ── */
+
+function stopCallbackServer(): void {
+  if (callbackServer) {
+    try { callbackServer.close(); } catch {}
+    callbackServer = null;
   }
 }

package/worker/index.ts

@@ -9,7 +9,7 @@ import { initDb, closeDb, listConversations, createConversation, deleteConversat
 import webpush from 'web-push';
 import { TOTP } from 'otpauth';
 import QRCode from 'qrcode';
-import { startCodexOAuth, cancelCodexOAuth, getCodexAuthStatus, readCodexAccessToken } from './codex-auth.js';
+import { startCodexOAuth, cancelCodexOAuth, getCodexAuthStatus } from './codex-auth.js';
 import { startClaudeOAuth, exchangeClaudeCode, getClaudeAuthStatus, readClaudeAccessToken } from './claude-auth.js';
 import { checkAvailability, registerHandle, claimReservedHandle, releaseHandle, updateTunnelUrl, startHeartbeat, stopHeartbeat } from '../shared/relay.js';
 import { ensureFileDirs } from '../supervisor/file-saver.js';
@@ -181,8 +181,8 @@ app.post('/api/auth/codex/cancel', (_req, res) => {
   res.json({ ok: true });
 });
 
-app.get('/api/auth/codex/status', (_req, res) => {
-  res.json(getCodexAuthStatus());
+app.get('/api/auth/codex/status', async (_req, res) => {
+  res.json(await getCodexAuthStatus());
 });
 
 // ── Claude OAuth routes ──
@@ -729,10 +729,10 @@ app.post('/api/onboard', (req, res) => {
   currentCfg.ai.model = model || '';
   currentCfg.ai.baseUrl = baseUrl || undefined;
 
-  // Read OAuth token if no API key provided
-  if (!apiKey && provider === 'openai') {
-    currentCfg.ai.apiKey = readCodexAccessToken() || '';
-  } else if (!apiKey && provider === 'anthropic') {
+  // OAuth providers store their tokens in their own credentials files
+  // (~/.codex/auth.json, ~/.claude/.credentials.json) and refresh them as
+  // needed — config.ai.apiKey only holds raw API keys.
+  if (!apiKey && provider === 'anthropic') {
     currentCfg.ai.apiKey = readClaudeAccessToken() || '';
   } else {
     currentCfg.ai.apiKey = apiKey || '';

package/worker/prompts/bloby-system-prompt.txt

@@ -335,6 +335,16 @@ MPPX_PRIVATE_KEY=$(jq -r .wallet.privateKey ~/.bloby/config.json) \
 
 If you see `ACCOUNT_NOT_FOUND - No account found.`, you forgot to set `MPPX_PRIVATE_KEY` — the CLI looked in its empty keychain. Re-run with the env var.
 
+**Buying a skill, blueprint, or bundle autonomously.** Same shape as the service call — point mppx at `/api/marketplace/buy/<productId>` instead. The relay tries your owner's credits first, then falls back to MPP from your wallet. Returns `{ skills: [{ url, sha256, ... }] }` — follow each `url` to download the .tar.gz and extract to `skills/`.
+
+```bash
+MPPX_PRIVATE_KEY=$(jq -r .wallet.privateKey ~/.bloby/config.json) \
+  npx -y mppx https://api.bloby.bot/api/marketplace/buy/<productId> \
+  -X POST -H "X-Bloby-Token: $RELAY_TOKEN"
+```
+
+**Don't use `/marketplace/checkout/bot` for autonomous buys.** That endpoint is the cart-style flow — balance-only, no MPP fallback. If you hit it and credits are short you'll get a 402 with no way to retry. Always prefer `/marketplace/buy/:productId`.
+
 **Wallet on disk:** `~/.bloby/config.json` field `wallet` — `address` is public, `privateKey` is secret. Never print the private key in chat. The address is fine to share.
 
 **Running low?** Tell your human you need funds. Don't mention USDC, Tempo, or crypto unless they ask — to them, it's just adding dollars to your wallet via the "Add Funds" button in the chat header.

package/workspace/client/src/App.tsx

@@ -16,9 +16,9 @@ function DashboardError() {
         playsInline
         style={{ height: 120, width: 120, borderRadius: '50%', objectFit: 'cover', marginBottom: 32 }}
       />
-      <h1 style={{ fontSize: 20, fontWeight: 600, marginBottom: 8 }}>Your app crashed</h1>
+      <h1 style={{ fontSize: 20, fontWeight: 600, marginBottom: 8 }}>Oopss.. Something wrong is not right</h1>
       <p style={{ fontSize: 14, color: 'rgba(255,255,255,0.5)', maxWidth: 320, lineHeight: 1.5 }}>
-        Ask the agent to fix it using the chat.
+      If your agent is working, this is normal. If not, go poke them
       </p>
     </div>
   );