npm - browser-use - Versions diffs - 0.6.1 → 0.7.1 - Mend

browser-use 0.6.1 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (84) hide show

package/README.md +24 -18
package/dist/actor/element.js +24 -3
package/dist/actor/mouse.js +21 -3
package/dist/actor/page.js +33 -11
package/dist/agent/gif.js +28 -3
package/dist/agent/message-manager/service.js +2 -22
package/dist/agent/message-manager/utils.js +15 -2
package/dist/agent/message-manager/views.d.ts +7 -7
package/dist/agent/message-manager/views.js +1 -0
package/dist/agent/prompts.d.ts +3 -0
package/dist/agent/prompts.js +22 -12
package/dist/agent/service.d.ts +9 -1
package/dist/agent/service.js +204 -79
package/dist/agent/system_prompt.md +12 -11
package/dist/agent/system_prompt_anthropic_flash.md +6 -5
package/dist/agent/system_prompt_no_thinking.md +12 -11
package/dist/agent/views.d.ts +2 -0
package/dist/agent/views.js +48 -36
package/dist/browser/extensions.js +20 -10
package/dist/browser/profile.d.ts +4 -0
package/dist/browser/profile.js +107 -4
package/dist/browser/session.d.ts +28 -1
package/dist/browser/session.js +1436 -528
package/dist/browser/watchdogs/default-action-watchdog.js +32 -3
package/dist/browser/watchdogs/downloads-watchdog.d.ts +4 -0
package/dist/browser/watchdogs/downloads-watchdog.js +105 -9
package/dist/browser/watchdogs/har-recording-watchdog.d.ts +1 -0
package/dist/browser/watchdogs/har-recording-watchdog.js +54 -2
package/dist/browser/watchdogs/permissions-watchdog.d.ts +5 -0
package/dist/browser/watchdogs/permissions-watchdog.js +106 -3
package/dist/browser/watchdogs/recording-watchdog.d.ts +2 -0
package/dist/browser/watchdogs/recording-watchdog.js +54 -2
package/dist/browser/watchdogs/security-watchdog.d.ts +1 -0
package/dist/browser/watchdogs/security-watchdog.js +47 -7
package/dist/browser/watchdogs/storage-state-watchdog.d.ts +6 -0
package/dist/browser/watchdogs/storage-state-watchdog.js +206 -14
package/dist/cli.d.ts +13 -2
package/dist/cli.js +190 -9
package/dist/code-use/namespace.js +52 -7
package/dist/code-use/notebook-export.js +18 -2
package/dist/code-use/service.js +1 -0
package/dist/config.js +26 -4
package/dist/controller/action-timeout.d.ts +9 -0
package/dist/controller/action-timeout.js +95 -0
package/dist/controller/registry/service.d.ts +1 -0
package/dist/controller/registry/service.js +28 -1
package/dist/controller/service.d.ts +2 -1
package/dist/controller/service.js +494 -329
package/dist/entrypoint.d.ts +1 -0
package/dist/entrypoint.js +27 -0
package/dist/filesystem/file-system.js +38 -8
package/dist/integrations/gmail/service.js +30 -6
package/dist/llm/browser-use/chat.js +2 -2
package/dist/llm/codex/auth.d.ts +118 -0
package/dist/llm/codex/auth.js +599 -0
package/dist/llm/codex/chat.d.ts +70 -0
package/dist/llm/codex/chat.js +392 -0
package/dist/llm/codex/index.d.ts +2 -0
package/dist/llm/codex/index.js +2 -0
package/dist/llm/google/chat.js +18 -1
package/dist/logging-config.js +22 -11
package/dist/mcp/client.d.ts +1 -0
package/dist/mcp/client.js +12 -10
package/dist/mcp/redaction.d.ts +3 -0
package/dist/mcp/redaction.js +132 -0
package/dist/mcp/server.d.ts +2 -0
package/dist/mcp/server.js +64 -22
package/dist/screenshots/service.js +25 -2
package/dist/skill-cli/direct.d.ts +4 -1
package/dist/skill-cli/direct.js +263 -66
package/dist/skill-cli/server.d.ts +1 -0
package/dist/skill-cli/server.js +115 -25
package/dist/skill-cli/tunnel.d.ts +1 -0
package/dist/skill-cli/tunnel.js +16 -4
package/dist/sync/auth.js +22 -9
package/dist/telemetry/service.js +21 -2
package/dist/telemetry/views.js +31 -8
package/dist/tokens/custom-pricing.js +2 -2
package/dist/tokens/openrouter-pricing.d.ts +11 -0
package/dist/tokens/openrouter-pricing.js +102 -0
package/dist/tokens/service.js +20 -16
package/dist/utils.d.ts +3 -1
package/dist/utils.js +3 -1
package/package.json +68 -27

package/dist/llm/codex/auth.js ADDED Viewed

@@ -0,0 +1,599 @@
+import { promises as fs } from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import { randomUUID } from 'node:crypto';
+import { CONFIG } from '../../config.js';
+export const CODEX_PROVIDER = 'openai-codex';
+export const DEFAULT_CODEX_BASE_URL = 'https://chatgpt.com/backend-api/codex';
+export const CODEX_OAUTH_CLIENT_ID = 'app_EMoamEEZ73f0CkXaXp7hrann';
+export const CODEX_OAUTH_TOKEN_URL = 'https://auth.openai.com/oauth/token';
+export const CODEX_DEVICE_AUTH_BASE_URL = 'https://auth.openai.com';
+export const CODEX_ACCESS_TOKEN_REFRESH_SKEW_SECONDS = 120;
+const AUTH_STORE_VERSION = 1;
+const DEFAULT_LOCK_TIMEOUT_MS = 20_000;
+export class CodexAuthError extends Error {
+    provider = CODEX_PROVIDER;
+    code;
+    relogin_required;
+    constructor(message, code = 'codex_auth_error', reloginRequired = false) {
+        super(message);
+        this.name = 'CodexAuthError';
+        this.code = code;
+        this.relogin_required = reloginRequired;
+    }
+}
+const sleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+const nowIso = () => new Date().toISOString().replace('+00:00', 'Z');
+const expandHome = (value) => {
+    if (value === '~') {
+        return os.homedir();
+    }
+    if (value.startsWith('~/') || value.startsWith('~\\')) {
+        return path.join(os.homedir(), value.slice(2));
+    }
+    return value;
+};
+const resolveBaseConfigDir = (configDir) => configDir
+    ? path.resolve(expandHome(configDir))
+    : (CONFIG.BROWSER_USE_CONFIG_DIR ??
+        path.join(os.homedir(), '.config', 'browseruse'));
+export const getCodexAuthStorePath = (options = {}) => options.authStorePath
+    ? path.resolve(expandHome(options.authStorePath))
+    : path.join(resolveBaseConfigDir(options.configDir), 'auth.json');
+const chmodPrivatePath = async (targetPath, mode) => {
+    if (process.platform === 'win32') {
+        return;
+    }
+    try {
+        await fs.chmod(targetPath, mode);
+    }
+    catch {
+        /* best effort */
+    }
+};
+const ensurePrivateDirectory = async (dirPath) => {
+    await fs.mkdir(dirPath, { recursive: true, mode: 0o700 });
+    await chmodPrivatePath(dirPath, 0o700);
+};
+const normalizeStore = (store) => ({
+    version: AUTH_STORE_VERSION,
+    ...store,
+    providers: store.providers && typeof store.providers === 'object'
+        ? store.providers
+        : {},
+});
+const readStore = async (authStorePath) => {
+    try {
+        const raw = await fs.readFile(authStorePath, 'utf-8');
+        const parsed = JSON.parse(raw);
+        if (!parsed || typeof parsed !== 'object') {
+            return normalizeStore({});
+        }
+        return normalizeStore(parsed);
+    }
+    catch (error) {
+        const nodeError = error;
+        if (nodeError.code === 'ENOENT') {
+            return normalizeStore({});
+        }
+        throw error;
+    }
+};
+const writeStore = async (authStorePath, store) => {
+    await ensurePrivateDirectory(path.dirname(authStorePath));
+    const tmpPath = `${authStorePath}.${process.pid}.${randomUUID()}.tmp`;
+    await fs.writeFile(tmpPath, JSON.stringify(normalizeStore(store), null, 2), {
+        encoding: 'utf-8',
+        mode: 0o600,
+    });
+    await chmodPrivatePath(tmpPath, 0o600);
+    await fs.rename(tmpPath, authStorePath);
+    await chmodPrivatePath(authStorePath, 0o600);
+};
+const waitForLockRetry = async (start, timeoutMs) => {
+    if (Date.now() - start >= timeoutMs) {
+        throw new CodexAuthError('Timed out waiting for the Codex auth store lock.', 'codex_auth_lock_timeout');
+    }
+    await sleep(50);
+};
+const withAuthStoreLock = async (authStorePath, callback, timeoutMs = DEFAULT_LOCK_TIMEOUT_MS) => {
+    const lockPath = `${authStorePath}.lock`;
+    const lockDir = path.dirname(lockPath);
+    await ensurePrivateDirectory(lockDir);
+    const start = Date.now();
+    const staleMs = Math.max(timeoutMs * 2, 30_000);
+    let handle = null;
+    while (!handle) {
+        try {
+            handle = await fs.open(lockPath, 'wx', 0o600);
+            await handle.writeFile(JSON.stringify({
+                pid: process.pid,
+                created_at: nowIso(),
+            }));
+            await handle.close();
+            handle = null;
+            break;
+        }
+        catch (error) {
+            const nodeError = error;
+            if (nodeError.code !== 'EEXIST') {
+                throw error;
+            }
+            try {
+                const stat = await fs.stat(lockPath);
+                if (Date.now() - stat.mtimeMs > staleMs) {
+                    await fs.unlink(lockPath);
+                    continue;
+                }
+            }
+            catch (statError) {
+                const statNodeError = statError;
+                if (statNodeError.code === 'ENOENT') {
+                    continue;
+                }
+                throw statError;
+            }
+            await waitForLockRetry(start, timeoutMs);
+        }
+    }
+    try {
+        return await callback();
+    }
+    finally {
+        try {
+            await fs.unlink(lockPath);
+        }
+        catch {
+            /* best effort */
+        }
+    }
+};
+const requireTokenString = (value, code, message) => {
+    if (typeof value !== 'string' || !value.trim()) {
+        throw new CodexAuthError(message, code, true);
+    }
+    return value.trim();
+};
+export const readCodexTokens = async (options = {}) => {
+    const authStorePath = getCodexAuthStorePath(options);
+    const store = await readStore(authStorePath);
+    const state = store.providers?.[CODEX_PROVIDER];
+    if (!state) {
+        throw new CodexAuthError('No Codex credentials stored. Run `browser-use auth codex login` to authenticate.', 'codex_auth_missing', true);
+    }
+    if (!state.tokens || typeof state.tokens !== 'object') {
+        throw new CodexAuthError('Codex auth state is missing tokens. Run `browser-use auth codex login` to re-authenticate.', 'codex_auth_invalid_shape', true);
+    }
+    const accessToken = requireTokenString(state.tokens.access_token, 'codex_auth_missing_access_token', 'Codex auth is missing access_token. Run `browser-use auth codex login` to re-authenticate.');
+    const refreshToken = requireTokenString(state.tokens.refresh_token, 'codex_auth_missing_refresh_token', 'Codex auth is missing refresh_token. Run `browser-use auth codex login` to re-authenticate.');
+    return {
+        tokens: {
+            ...state.tokens,
+            access_token: accessToken,
+            refresh_token: refreshToken,
+        },
+        last_refresh: typeof state.last_refresh === 'string' ? state.last_refresh : null,
+        auth_mode: typeof state.auth_mode === 'string' ? state.auth_mode : null,
+        source: typeof state.source === 'string' ? state.source : null,
+    };
+};
+export const saveCodexTokens = async (tokens, options = {}) => {
+    const accessToken = requireTokenString(tokens.access_token, 'codex_auth_missing_access_token', 'Cannot save Codex auth without access_token.');
+    const refreshToken = requireTokenString(tokens.refresh_token, 'codex_auth_missing_refresh_token', 'Cannot save Codex auth without refresh_token.');
+    const authStorePath = getCodexAuthStorePath(options);
+    await withAuthStoreLock(authStorePath, async () => {
+        const store = await readStore(authStorePath);
+        const providers = store.providers ?? {};
+        providers[CODEX_PROVIDER] = {
+            ...(providers[CODEX_PROVIDER] ?? {}),
+            tokens: {
+                ...tokens,
+                access_token: accessToken,
+                refresh_token: refreshToken,
+            },
+            last_refresh: options.lastRefresh ?? nowIso(),
+            auth_mode: 'chatgpt',
+            source: options.source ?? 'browser-use-auth-store',
+        };
+        await writeStore(authStorePath, {
+            ...store,
+            version: AUTH_STORE_VERSION,
+            active_provider: CODEX_PROVIDER,
+            providers,
+        });
+    }, options.lockTimeoutMs);
+};
+export const clearCodexTokens = async (options = {}) => {
+    const authStorePath = getCodexAuthStorePath(options);
+    await withAuthStoreLock(authStorePath, async () => {
+        const store = await readStore(authStorePath);
+        const providers = { ...(store.providers ?? {}) };
+        delete providers[CODEX_PROVIDER];
+        await writeStore(authStorePath, {
+            ...store,
+            active_provider: store.active_provider === CODEX_PROVIDER
+                ? undefined
+                : store.active_provider,
+            providers,
+        });
+    }, options.lockTimeoutMs);
+};
+const decodeJwtPayload = (token) => {
+    const parts = token.split('.');
+    if (parts.length < 2 || !parts[1]) {
+        return null;
+    }
+    try {
+        const padded = parts[1] + '='.repeat((4 - (parts[1].length % 4)) % 4);
+        return JSON.parse(Buffer.from(padded, 'base64url').toString('utf-8'));
+    }
+    catch {
+        return null;
+    }
+};
+export const codexAccessTokenIsExpiring = (accessToken, skewSeconds = CODEX_ACCESS_TOKEN_REFRESH_SKEW_SECONDS, nowMs = Date.now()) => {
+    if (!accessToken.trim()) {
+        return true;
+    }
+    const claims = decodeJwtPayload(accessToken);
+    if (typeof claims?.exp !== 'number') {
+        return false;
+    }
+    return claims.exp * 1000 <= nowMs + skewSeconds * 1000;
+};
+export const getCodexCloudflareHeaders = (accessToken) => {
+    const headers = {
+        'User-Agent': 'codex_cli_rs/0.0.0 (browser-use)',
+        originator: 'codex_cli_rs',
+    };
+    const claims = decodeJwtPayload(accessToken);
+    const accountId = claims?.['https://api.openai.com/auth']?.chatgpt_account_id;
+    if (typeof accountId === 'string' && accountId.trim()) {
+        headers['ChatGPT-Account-ID'] = accountId.trim();
+    }
+    return headers;
+};
+export const importCodexCliTokens = async (options = {}) => {
+    const codexHome = options.codexHome ??
+        process.env.CODEX_HOME?.trim() ??
+        path.join(os.homedir(), '.codex');
+    const authPath = options.authPath
+        ? path.resolve(expandHome(options.authPath))
+        : path.join(path.resolve(expandHome(codexHome)), 'auth.json');
+    try {
+        const raw = await fs.readFile(authPath, 'utf-8');
+        const parsed = JSON.parse(raw);
+        const tokens = parsed?.tokens;
+        if (!tokens || typeof tokens !== 'object') {
+            return null;
+        }
+        const accessToken = tokens.access_token;
+        const refreshToken = tokens.refresh_token;
+        if (typeof accessToken !== 'string' ||
+            !accessToken.trim() ||
+            typeof refreshToken !== 'string' ||
+            !refreshToken.trim()) {
+            return null;
+        }
+        if (codexAccessTokenIsExpiring(accessToken, 0, options.nowMs)) {
+            return null;
+        }
+        return {
+            ...tokens,
+            access_token: accessToken.trim(),
+            refresh_token: refreshToken.trim(),
+        };
+    }
+    catch {
+        return null;
+    }
+};
+const fetchWithTimeout = async (url, init, options = {}) => {
+    const fetchImplementation = options.fetchImplementation ?? fetch;
+    const timeoutMs = options.timeoutMs ?? 20_000;
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+        return await fetchImplementation(url, {
+            ...init,
+            signal: init.signal ?? controller.signal,
+        });
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+};
+const parseErrorPayload = async (response) => {
+    let code = 'codex_refresh_failed';
+    let message = `Codex token refresh failed with status ${response.status}.`;
+    let reloginRequired = false;
+    try {
+        const payload = (await response.json());
+        const error = payload?.error;
+        if (error && typeof error === 'object') {
+            const nestedCode = error.code ?? error.type;
+            if (typeof nestedCode === 'string' && nestedCode.trim()) {
+                code = nestedCode.trim();
+            }
+            if (typeof error.message === 'string' && error.message.trim()) {
+                message = `Codex token refresh failed: ${error.message.trim()}`;
+            }
+        }
+        else if (typeof error === 'string' && error.trim()) {
+            code = error.trim();
+            const description = payload.error_description ?? payload.message;
+            if (typeof description === 'string' && description.trim()) {
+                message = `Codex token refresh failed: ${description.trim()}`;
+            }
+        }
+    }
+    catch {
+        /* keep generic message */
+    }
+    if (['invalid_grant', 'invalid_token', 'invalid_request'].includes(code)) {
+        reloginRequired = true;
+    }
+    if (code === 'refresh_token_reused') {
+        message =
+            'Codex refresh token was already consumed by another client. Run `browser-use auth codex login --force` to create a fresh browser-use session.';
+        reloginRequired = true;
+    }
+    if ((response.status === 401 || response.status === 403) &&
+        !reloginRequired) {
+        reloginRequired = true;
+    }
+    return { code, message, reloginRequired };
+};
+export const refreshCodexOAuth = async (accessToken, refreshToken, options = {}) => {
+    void accessToken;
+    const cleanRefreshToken = requireTokenString(refreshToken, 'codex_auth_missing_refresh_token', 'Codex auth is missing refresh_token. Run `browser-use auth codex login` to re-authenticate.');
+    const response = await fetchWithTimeout(options.tokenUrl ?? CODEX_OAUTH_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            Accept: 'application/json',
+            'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: new URLSearchParams({
+            grant_type: 'refresh_token',
+            refresh_token: cleanRefreshToken,
+            client_id: options.clientId ?? CODEX_OAUTH_CLIENT_ID,
+        }),
+    }, options);
+    if (!response.ok) {
+        const parsed = await parseErrorPayload(response);
+        throw new CodexAuthError(parsed.message, parsed.code, parsed.reloginRequired);
+    }
+    let payload;
+    try {
+        payload = await response.json();
+    }
+    catch (error) {
+        throw new CodexAuthError('Codex token refresh returned invalid JSON.', 'codex_refresh_invalid_json', true);
+    }
+    const refreshedAccessToken = requireTokenString(payload?.access_token, 'codex_refresh_missing_access_token', 'Codex token refresh response was missing access_token.');
+    const nextRefreshToken = typeof payload?.refresh_token === 'string' && payload.refresh_token.trim()
+        ? payload.refresh_token.trim()
+        : cleanRefreshToken;
+    return {
+        access_token: refreshedAccessToken,
+        refresh_token: nextRefreshToken,
+        last_refresh: nowIso(),
+    };
+};
+const resolveCodexBaseURL = (baseURL) => (baseURL ?? process.env.BROWSER_USE_CODEX_BASE_URL ?? '')
+    .trim()
+    .replace(/\/+$/, '') || DEFAULT_CODEX_BASE_URL;
+export const resolveCodexRuntimeCredentials = async (options = {}) => {
+    const authStorePath = getCodexAuthStorePath(options);
+    const refreshIfExpiring = options.refreshIfExpiring ?? true;
+    const refreshSkewSeconds = options.refreshSkewSeconds ?? CODEX_ACCESS_TOKEN_REFRESH_SKEW_SECONDS;
+    const lockTimeoutMs = options.lockTimeoutMs ?? DEFAULT_LOCK_TIMEOUT_MS;
+    let record = await readCodexTokens(options);
+    let tokens = { ...record.tokens };
+    let shouldRefresh = Boolean(options.forceRefresh);
+    if (!shouldRefresh && refreshIfExpiring) {
+        shouldRefresh = codexAccessTokenIsExpiring(tokens.access_token, refreshSkewSeconds);
+    }
+    if (shouldRefresh) {
+        await withAuthStoreLock(authStorePath, async () => {
+            record = await readCodexTokens({ authStorePath });
+            tokens = { ...record.tokens };
+            let stillShouldRefresh = Boolean(options.forceRefresh);
+            if (!stillShouldRefresh && refreshIfExpiring) {
+                stillShouldRefresh = codexAccessTokenIsExpiring(tokens.access_token, refreshSkewSeconds);
+            }
+            if (!stillShouldRefresh) {
+                return;
+            }
+            const refreshed = await refreshCodexOAuth(tokens.access_token, tokens.refresh_token, options);
+            tokens = {
+                ...tokens,
+                access_token: refreshed.access_token,
+                refresh_token: refreshed.refresh_token,
+            };
+            const store = await readStore(authStorePath);
+            const providers = store.providers ?? {};
+            providers[CODEX_PROVIDER] = {
+                ...(providers[CODEX_PROVIDER] ?? {}),
+                tokens,
+                last_refresh: refreshed.last_refresh,
+                auth_mode: 'chatgpt',
+                source: providers[CODEX_PROVIDER]?.source ?? 'browser-use-auth-store',
+            };
+            await writeStore(authStorePath, {
+                ...store,
+                version: AUTH_STORE_VERSION,
+                active_provider: CODEX_PROVIDER,
+                providers,
+            });
+            record = {
+                ...record,
+                tokens,
+                last_refresh: refreshed.last_refresh,
+            };
+        }, lockTimeoutMs);
+    }
+    return {
+        provider: CODEX_PROVIDER,
+        base_url: resolveCodexBaseURL(options.baseURL),
+        api_key: tokens.access_token,
+        source: record.source ?? 'browser-use-auth-store',
+        last_refresh: record.last_refresh,
+        auth_mode: 'chatgpt',
+    };
+};
+export const getCodexAuthStatus = async (options = {}) => {
+    const authStorePath = getCodexAuthStorePath(options);
+    try {
+        const record = await readCodexTokens(options);
+        return {
+            authenticated: true,
+            auth_store_path: authStorePath,
+            provider: CODEX_PROVIDER,
+            base_url: resolveCodexBaseURL(options.baseURL),
+            source: record.source,
+            last_refresh: record.last_refresh,
+            access_token_expiring: codexAccessTokenIsExpiring(record.tokens.access_token),
+        };
+    }
+    catch (error) {
+        if (error instanceof CodexAuthError) {
+            return {
+                authenticated: false,
+                auth_store_path: authStorePath,
+                provider: CODEX_PROVIDER,
+                base_url: resolveCodexBaseURL(options.baseURL),
+                source: null,
+                last_refresh: null,
+                access_token_expiring: null,
+                error: {
+                    code: error.code,
+                    message: error.message,
+                    relogin_required: error.relogin_required,
+                },
+            };
+        }
+        throw error;
+    }
+};
+export const saveImportedCodexCliTokens = async (options = {}) => {
+    const tokens = await importCodexCliTokens({
+        codexHome: options.codexHome,
+        authPath: options.codexAuthPath,
+    });
+    if (!tokens) {
+        return false;
+    }
+    await saveCodexTokens(tokens, {
+        ...options,
+        source: 'codex-cli-import',
+        lockTimeoutMs: options.lockTimeoutMs,
+    });
+    return true;
+};
+export const loginCodexDeviceCode = async (options = {}) => {
+    const issuer = (options.issuer ?? CODEX_DEVICE_AUTH_BASE_URL).replace(/\/+$/, '');
+    const clientId = options.clientId ?? CODEX_OAUTH_CLIENT_ID;
+    const output = options.stdout ?? process.stdout;
+    const sleepImpl = options.sleep ?? sleep;
+    const now = options.now ?? Date.now;
+    const maxWaitMs = options.maxWaitMs ?? 15 * 60 * 1000;
+    const userCodeResponse = await fetchWithTimeout(`${issuer}/api/accounts/deviceauth/usercode`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ client_id: clientId }),
+    }, options);
+    if (!userCodeResponse.ok) {
+        throw new CodexAuthError(`Device code request returned status ${userCodeResponse.status}.`, 'device_code_request_error');
+    }
+    const deviceData = (await userCodeResponse.json());
+    const userCode = deviceData?.user_code;
+    const deviceAuthId = deviceData?.device_auth_id;
+    const parsedPollInterval = Number.parseInt(String(deviceData?.interval ?? '5'), 10);
+    const pollIntervalMs = Number.isFinite(parsedPollInterval) && parsedPollInterval > 0
+        ? Math.max(3_000, parsedPollInterval * 1000)
+        : 5_000;
+    if (typeof userCode !== 'string' ||
+        !userCode.trim() ||
+        typeof deviceAuthId !== 'string' ||
+        !deviceAuthId.trim()) {
+        throw new CodexAuthError('Device code response missing required fields.', 'device_code_incomplete');
+    }
+    output.write('To continue, follow these steps:\n\n');
+    output.write(`  1. Open this URL in your browser:\n     ${issuer}/codex/device\n\n`);
+    output.write(`  2. Enter this code:\n     ${userCode}\n\n`);
+    output.write('Waiting for sign-in... (press Ctrl+C to cancel)\n');
+    const start = now();
+    let authorizationCode = null;
+    let codeVerifier = null;
+    while (now() - start < maxWaitMs) {
+        await sleepImpl(pollIntervalMs);
+        const pollResponse = await fetchWithTimeout(`${issuer}/api/accounts/deviceauth/token`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                device_auth_id: deviceAuthId,
+                user_code: userCode,
+            }),
+        }, options);
+        if (pollResponse.ok) {
+            const payload = (await pollResponse.json());
+            authorizationCode =
+                typeof payload?.authorization_code === 'string'
+                    ? payload.authorization_code
+                    : null;
+            codeVerifier =
+                typeof payload?.code_verifier === 'string'
+                    ? payload.code_verifier
+                    : null;
+            break;
+        }
+        if (pollResponse.status === 403 || pollResponse.status === 404) {
+            continue;
+        }
+        throw new CodexAuthError(`Device auth polling returned status ${pollResponse.status}.`, 'device_code_poll_error');
+    }
+    if (!authorizationCode || !codeVerifier) {
+        throw new CodexAuthError('Login timed out before authorization completed.', 'device_code_timeout', true);
+    }
+    const tokenResponse = await fetchWithTimeout(options.issuer ? `${issuer}/oauth/token` : CODEX_OAUTH_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: new URLSearchParams({
+            grant_type: 'authorization_code',
+            code: authorizationCode,
+            redirect_uri: `${issuer}/deviceauth/callback`,
+            client_id: clientId,
+            code_verifier: codeVerifier,
+        }),
+    }, options);
+    if (!tokenResponse.ok) {
+        throw new CodexAuthError(`Token exchange returned status ${tokenResponse.status}.`, 'token_exchange_error', tokenResponse.status === 401 || tokenResponse.status === 403);
+    }
+    const tokenPayload = (await tokenResponse.json());
+    const accessToken = requireTokenString(tokenPayload?.access_token, 'token_exchange_no_access_token', 'Token exchange did not return an access_token.');
+    const refreshToken = requireTokenString(tokenPayload?.refresh_token, 'token_exchange_no_refresh_token', 'Token exchange did not return a refresh_token.');
+    return {
+        tokens: {
+            ...tokenPayload,
+            access_token: accessToken,
+            refresh_token: refreshToken,
+        },
+        base_url: resolveCodexBaseURL(),
+        last_refresh: nowIso(),
+        auth_mode: 'chatgpt',
+        source: 'device-code',
+    };
+};
+export const loginAndSaveCodexDeviceCode = async (options = {}) => {
+    const credentials = await loginCodexDeviceCode(options);
+    await saveCodexTokens(credentials.tokens, {
+        ...options,
+        lastRefresh: credentials.last_refresh,
+        source: credentials.source,
+        lockTimeoutMs: options.lockTimeoutMs,
+    });
+    return credentials;
+};

package/dist/llm/codex/chat.d.ts ADDED Viewed

@@ -0,0 +1,70 @@
+import type { BaseChatModel, ChatInvokeOptions } from '../base.js';
+import type { Message } from '../messages.js';
+import { ChatInvokeCompletion } from '../views.js';
+export interface ChatCodexOptions {
+    model?: string;
+    apiKey?: string | null;
+    baseURL?: string | null;
+    timeout?: number | null;
+    maxRetries?: number;
+    defaultHeaders?: Record<string, string> | null;
+    defaultQuery?: Record<string, string | undefined> | null;
+    fetchImplementation?: typeof fetch;
+    fetchOptions?: RequestInit | null;
+    reasoningEffort?: 'low' | 'medium' | 'high';
+    maxCompletionTokens?: number | null;
+    topP?: number | null;
+    seed?: number | null;
+    serviceTier?: 'auto' | 'default' | 'flex' | 'priority' | 'scale' | null;
+    include?: string[] | null;
+    addSchemaToSystemPrompt?: boolean;
+    dontForceStructuredOutput?: boolean;
+    removeMinItemsFromSchema?: boolean;
+    removeDefaultsFromSchema?: boolean;
+    configDir?: string | null;
+    authStorePath?: string | null;
+    refreshSkewSeconds?: number;
+}
+export declare class ChatCodex implements BaseChatModel {
+    model: string;
+    provider: string;
+    private apiKey;
+    private baseURL;
+    private timeout;
+    private maxRetries;
+    private defaultHeaders;
+    private defaultQuery;
+    private fetchImplementation;
+    private fetchOptions;
+    private reasoningEffort;
+    private maxCompletionTokens;
+    private topP;
+    private seed;
+    private serviceTier;
+    private include;
+    private addSchemaToSystemPrompt;
+    private dontForceStructuredOutput;
+    private removeMinItemsFromSchema;
+    private removeDefaultsFromSchema;
+    private configDir;
+    private authStorePath;
+    private refreshSkewSeconds;
+    constructor(options?: ChatCodexOptions);
+    get name(): string;
+    get model_name(): string;
+    private resolveClientConfig;
+    private createClient;
+    private getResponsesUsage;
+    private getResponseOutputText;
+    private collectResponse;
+    private getInputText;
+    private getModelParamsForResponses;
+    private buildCodexBackendInput;
+    private getZodSchemaCandidate;
+    private buildRequest;
+    ainvoke(messages: Message[], output_format?: undefined, options?: ChatInvokeOptions): Promise<ChatInvokeCompletion<string>>;
+    ainvoke<T>(messages: Message[], output_format: {
+        parse: (input: string) => T;
+    } | undefined, options?: ChatInvokeOptions): Promise<ChatInvokeCompletion<T>>;
+    private invokeResponses;
+}