codemaxxing 1.0.16 → 1.1.0

package/dist/utils/openai-oauth.js

@@ -0,0 +1,233 @@
+/**
+ * OpenAI Codex OAuth PKCE flow
+ *
+ * Lets users log in with their ChatGPT Plus/Pro subscription (no API key needed).
+ * Uses the same OAuth flow as OpenAI's Codex CLI.
+ */
+import { createServer } from "http";
+import { randomBytes, createHash } from "crypto";
+import { exec } from "child_process";
+import { readFileSync, readdirSync, existsSync } from "fs";
+import { homedir } from "os";
+import { join } from "path";
+import { saveCredential } from "./auth.js";
+// ── Constants ──
+const CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
+const AUTHORIZE_URL = "https://auth.openai.com/oauth/authorize";
+const TOKEN_URL = "https://auth.openai.com/oauth/token";
+const REDIRECT_URI = "http://localhost:1455/auth/callback";
+const SCOPE = "openid profile email offline_access";
+// ── PKCE helpers ──
+function base64url(buf) {
+    return buf.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+function generatePKCE() {
+    const verifier = base64url(randomBytes(32));
+    const challenge = base64url(createHash("sha256").update(verifier).digest());
+    return { verifier, challenge };
+}
+// ── JWT decode (no verification — just extract payload) ──
+function decodeJwtPayload(token) {
+    const parts = token.split(".");
+    if (parts.length < 2)
+        return {};
+    const payload = parts[1].replace(/-/g, "+").replace(/_/g, "/");
+    return JSON.parse(Buffer.from(payload, "base64").toString("utf-8"));
+}
+// ── Browser opener ──
+function openBrowser(url) {
+    const cmd = process.platform === "darwin"
+        ? `open "${url}"`
+        : process.platform === "win32"
+            ? `start "" "${url}"`
+            : `xdg-open "${url}"`;
+    exec(cmd);
+}
+// ── Detect existing OpenClaw auth-profiles ──
+export function detectOpenAICodexOAuth() {
+    const openclawBase = join(homedir(), ".openclaw", "agents");
+    if (!existsSync(openclawBase))
+        return null;
+    try {
+        const agents = readdirSync(openclawBase);
+        for (const agent of agents) {
+            const profilePath = join(openclawBase, agent, "agent", "auth-profiles.json");
+            if (!existsSync(profilePath))
+                continue;
+            try {
+                const data = JSON.parse(readFileSync(profilePath, "utf-8"));
+                // auth-profiles.json has { profiles: { "openai-codex:default": { ... }, ... } }
+                const profileEntries = data?.profiles ? Object.values(data.profiles) : (Array.isArray(data) ? data : Object.values(data));
+                for (const profile of profileEntries) {
+                    if (profile?.provider === "openai-codex" && profile.access) {
+                        const p = profile;
+                        return {
+                            access: p.access,
+                            refresh: p.refresh ?? "",
+                            expires: p.expires ?? 0,
+                            accountId: p.accountId ?? "",
+                        };
+                    }
+                }
+            }
+            catch {
+                continue;
+            }
+        }
+    }
+    catch {
+        // ignore
+    }
+    return null;
+}
+// ── Token refresh ──
+export async function refreshOpenAICodexToken(refreshToken) {
+    const res = await fetch(TOKEN_URL, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+            grant_type: "refresh_token",
+            client_id: CLIENT_ID,
+            refresh_token: refreshToken,
+        }).toString(),
+    });
+    if (!res.ok) {
+        const errText = await res.text();
+        throw new Error(`Token refresh failed (${res.status}): ${errText}`);
+    }
+    const data = (await res.json());
+    return {
+        access: data.access_token,
+        refresh: data.refresh_token ?? refreshToken,
+        expires: Date.now() + data.expires_in * 1000,
+    };
+}
+// ── Main OAuth login flow ──
+export async function loginOpenAICodexOAuth(onStatus) {
+    const { verifier, challenge } = generatePKCE();
+    const state = randomBytes(16).toString("hex");
+    return new Promise((resolve, reject) => {
+        const server = createServer(async (req, res) => {
+            const url = new URL(req.url ?? "/", "http://localhost");
+            if (url.pathname !== "/auth/callback") {
+                res.writeHead(404);
+                res.end("Not found");
+                return;
+            }
+            const code = url.searchParams.get("code");
+            const returnedState = url.searchParams.get("state");
+            if (!code) {
+                res.writeHead(400, { "Content-Type": "text/html" });
+                res.end("<h1>Error: No authorization code received</h1><p>Please try again.</p>");
+                server.close();
+                reject(new Error("No authorization code received"));
+                return;
+            }
+            if (returnedState !== state) {
+                res.writeHead(400, { "Content-Type": "text/html" });
+                res.end("<h1>Error: State mismatch</h1><p>Please try again.</p>");
+                server.close();
+                reject(new Error("OAuth state mismatch"));
+                return;
+            }
+            onStatus?.("Exchanging code for tokens...");
+            try {
+                const tokenRes = await fetch(TOKEN_URL, {
+                    method: "POST",
+                    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                    body: new URLSearchParams({
+                        grant_type: "authorization_code",
+                        client_id: CLIENT_ID,
+                        code,
+                        code_verifier: verifier,
+                        redirect_uri: REDIRECT_URI,
+                    }).toString(),
+                });
+                if (!tokenRes.ok) {
+                    const errText = await tokenRes.text();
+                    throw new Error(`Token exchange failed (${tokenRes.status}): ${errText}`);
+                }
+                const tokenData = (await tokenRes.json());
+                // Extract accountId from JWT
+                let accountId = "";
+                try {
+                    const payload = decodeJwtPayload(tokenData.access_token);
+                    const authClaim = payload["https://api.openai.com/auth"];
+                    if (authClaim?.chatgpt_account_id) {
+                        accountId = authClaim.chatgpt_account_id;
+                    }
+                }
+                catch {
+                    // non-fatal — accountId is optional
+                }
+                res.writeHead(200, { "Content-Type": "text/html" });
+                res.end(`
+          <html>
+            <body style="font-family: monospace; background: #1a1a2e; color: #0ff; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0;">
+              <div style="text-align: center;">
+                <h1>Authenticated!</h1>
+                <p>You can close this tab and return to Codemaxxing.</p>
+              </div>
+            </body>
+          </html>
+        `);
+                server.close();
+                const expiresAt = Date.now() + tokenData.expires_in * 1000;
+                const cred = {
+                    provider: "openai",
+                    method: "oauth",
+                    apiKey: tokenData.access_token,
+                    baseUrl: "https://chatgpt.com/backend-api",
+                    label: "OpenAI (ChatGPT subscription)",
+                    refreshToken: tokenData.refresh_token,
+                    oauthExpires: expiresAt,
+                    createdAt: new Date().toISOString(),
+                };
+                saveCredential(cred);
+                resolve(cred);
+            }
+            catch (err) {
+                res.writeHead(500, { "Content-Type": "text/html" });
+                res.end(`<h1>Error</h1><p>${err.message}</p>`);
+                server.close();
+                reject(err);
+            }
+        });
+        server.listen(1455, "127.0.0.1", () => {
+            const params = new URLSearchParams({
+                response_type: "code",
+                client_id: CLIENT_ID,
+                redirect_uri: REDIRECT_URI,
+                scope: SCOPE,
+                code_challenge: challenge,
+                code_challenge_method: "S256",
+                state,
+                id_token_add_organizations: "true",
+                codex_cli_simplified_flow: "true",
+                originator: "codemaxxing",
+            });
+            const authUrl = `${AUTHORIZE_URL}?${params.toString()}`;
+            onStatus?.("Opening browser for ChatGPT login...");
+            try {
+                openBrowser(authUrl);
+            }
+            catch {
+                onStatus?.(`Could not open browser. Please visit:\n${authUrl}`);
+            }
+            onStatus?.("Waiting for authorization...");
+            // Timeout after 60 seconds
+            setTimeout(() => {
+                server.close();
+                reject(new Error("OAuth timed out after 60 seconds"));
+            }, 60 * 1000);
+        });
+        server.on("error", (err) => {
+            if (err.code === "EADDRINUSE") {
+                reject(new Error("Port 1455 is already in use. Close other auth flows and try again."));
+            }
+            else {
+                reject(err);
+            }
+        });
+    });
+}

package/dist/utils/responses-api.d.ts

@@ -0,0 +1,40 @@
+/**
+ * OpenAI Codex Responses API handler
+ *
+ * Uses the ChatGPT backend endpoint (https://chatgpt.com/backend-api/codex/responses)
+ * which is what Codex CLI, OpenClaw, and other tools use with ChatGPT Plus OAuth tokens.
+ *
+ * This endpoint supports the Responses API format but is separate from api.openai.com.
+ * Standard API keys use api.openai.com/v1/responses; Codex OAuth tokens use this.
+ */
+export interface ResponsesAPIOptions {
+    baseUrl: string;
+    apiKey: string;
+    model: string;
+    maxTokens: number;
+    systemPrompt: string;
+    messages: any[];
+    tools: any[];
+    onToken?: (token: string) => void;
+    onToolCall?: (name: string, args: Record<string, unknown>) => void;
+}
+interface ToolCall {
+    id: string;
+    name: string;
+    input: Record<string, unknown>;
+}
+/**
+ * Execute a chat request using the Codex Responses API endpoint
+ * Streams text + handles tool calls
+ */
+export declare function chatWithResponsesAPI(options: ResponsesAPIOptions): Promise<{
+    contentText: string;
+    toolCalls: ToolCall[];
+    promptTokens: number;
+    completionTokens: number;
+}>;
+/**
+ * Determine if a model should use the Responses API
+ */
+export declare function shouldUseResponsesAPI(model: string): boolean;
+export {};

package/dist/utils/responses-api.js

@@ -0,0 +1,264 @@
+/**
+ * OpenAI Codex Responses API handler
+ *
+ * Uses the ChatGPT backend endpoint (https://chatgpt.com/backend-api/codex/responses)
+ * which is what Codex CLI, OpenClaw, and other tools use with ChatGPT Plus OAuth tokens.
+ *
+ * This endpoint supports the Responses API format but is separate from api.openai.com.
+ * Standard API keys use api.openai.com/v1/responses; Codex OAuth tokens use this.
+ */
+/**
+ * Execute a chat request using the Codex Responses API endpoint
+ * Streams text + handles tool calls
+ */
+export async function chatWithResponsesAPI(options) {
+    const { baseUrl, apiKey, model, maxTokens, systemPrompt, messages, tools, onToken, onToolCall, } = options;
+    // Build input items from message history
+    const inputItems = [];
+    for (const msg of messages) {
+        if (msg.role === "system")
+            continue;
+        if (msg.role === "user") {
+            inputItems.push({
+                type: "message",
+                role: "user",
+                content: typeof msg.content === "string" ? msg.content : JSON.stringify(msg.content) || "",
+            });
+        }
+        else if (msg.role === "assistant") {
+            if (msg.tool_calls?.length > 0) {
+                if (msg.content) {
+                    inputItems.push({
+                        type: "message",
+                        role: "assistant",
+                        content: typeof msg.content === "string" ? msg.content : JSON.stringify(msg.content),
+                    });
+                }
+                for (const tc of msg.tool_calls) {
+                    inputItems.push({
+                        type: "function_call",
+                        id: tc.id,
+                        name: tc.function?.name || tc.name || "",
+                        arguments: typeof tc.function?.arguments === "string"
+                            ? tc.function.arguments
+                            : JSON.stringify(tc.function?.arguments || tc.input || {}),
+                    });
+                }
+            }
+            else {
+                inputItems.push({
+                    type: "message",
+                    role: "assistant",
+                    content: typeof msg.content === "string" ? msg.content : JSON.stringify(msg.content) || "",
+                });
+            }
+        }
+        else if (msg.role === "tool") {
+            inputItems.push({
+                type: "function_call_output",
+                call_id: msg.tool_call_id || "",
+                output: typeof msg.content === "string" ? msg.content : JSON.stringify(msg.content) || "",
+            });
+        }
+    }
+    // Build tools in Responses API format
+    const responseTools = tools
+        .filter((t) => t.type === "function")
+        .map((t) => ({
+        type: "function",
+        name: t.function?.name || "",
+        description: t.function?.description || "",
+        parameters: t.function?.parameters || { type: "object", properties: {} },
+    }));
+    // Determine the endpoint URL
+    // OAuth tokens (JWTs, not sk- keys) must use ChatGPT backend
+    const isOAuthToken = !apiKey.startsWith("sk-") && !apiKey.startsWith("sess-");
+    let effectiveBaseUrl = baseUrl;
+    if (isOAuthToken && !baseUrl.includes("chatgpt.com")) {
+        effectiveBaseUrl = "https://chatgpt.com/backend-api";
+    }
+    let endpoint;
+    if (effectiveBaseUrl.includes("chatgpt.com/backend-api")) {
+        endpoint = effectiveBaseUrl.replace(/\/$/, "") + "/codex/responses";
+    }
+    else {
+        endpoint = effectiveBaseUrl.replace(/\/$/, "") + "/responses";
+    }
+    // Build request body
+    const body = {
+        model,
+        instructions: systemPrompt,
+        input: inputItems.length > 0 ? inputItems : "",
+        stream: true,
+        store: false,
+    };
+    if (responseTools.length > 0) {
+        body.tools = responseTools;
+    }
+    // Make the streaming request
+    const response = await fetch(endpoint, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            "Authorization": `Bearer ${apiKey}`,
+            "User-Agent": "codemaxxing/1.0",
+        },
+        body: JSON.stringify(body),
+    });
+    if (!response.ok) {
+        const errText = await response.text();
+        throw new Error(`Responses API error (${response.status}): ${errText}`);
+    }
+    // Parse SSE stream
+    let contentText = "";
+    let promptTokens = 0;
+    let completionTokens = 0;
+    const toolCalls = [];
+    let currentToolCallId = "";
+    let currentToolCallName = "";
+    let toolArgumentsBuffer = "";
+    const reader = response.body?.getReader();
+    if (!reader)
+        throw new Error("No response body");
+    const decoder = new TextDecoder();
+    let buffer = "";
+    while (true) {
+        const { done, value } = await reader.read();
+        if (done)
+            break;
+        buffer += decoder.decode(value, { stream: true });
+        // Process complete SSE events
+        const lines = buffer.split("\n");
+        buffer = lines.pop() || ""; // Keep incomplete line in buffer
+        for (const line of lines) {
+            if (!line.startsWith("data: "))
+                continue;
+            const data = line.slice(6).trim();
+            if (data === "[DONE]")
+                continue;
+            let event;
+            try {
+                event = JSON.parse(data);
+            }
+            catch {
+                continue;
+            }
+            const eventType = event.type;
+            // Text content delta
+            if (eventType === "response.output_text.delta") {
+                const delta = event.delta;
+                if (delta) {
+                    contentText += delta;
+                    onToken?.(delta);
+                }
+            }
+            // Also handle the simpler delta format
+            if (eventType === "response.text_delta") {
+                const delta = event.delta;
+                if (delta) {
+                    contentText += delta;
+                    onToken?.(delta);
+                }
+            }
+            // Function call item added
+            if (eventType === "response.output_item.added") {
+                const item = event.item;
+                if (item?.type === "function_call") {
+                    currentToolCallId = item.id || item.call_id || `tool_${Date.now()}`;
+                    currentToolCallName = item.name || "";
+                    toolArgumentsBuffer = "";
+                }
+            }
+            // Function call arguments streaming
+            if (eventType === "response.function_call_arguments.delta") {
+                const delta = event.delta;
+                if (delta) {
+                    toolArgumentsBuffer += delta;
+                }
+            }
+            // Function call arguments done
+            if (eventType === "response.function_call_arguments.done") {
+                try {
+                    const args = JSON.parse(event.arguments || toolArgumentsBuffer);
+                    toolCalls.push({
+                        id: currentToolCallId,
+                        name: currentToolCallName,
+                        input: args,
+                    });
+                    onToolCall?.(currentToolCallName, args);
+                }
+                catch {
+                    // Try buffer if event.arguments isn't set
+                    try {
+                        const args = JSON.parse(toolArgumentsBuffer);
+                        toolCalls.push({
+                            id: currentToolCallId,
+                            name: currentToolCallName,
+                            input: args,
+                        });
+                        onToolCall?.(currentToolCallName, args);
+                    }
+                    catch {
+                        // Skip malformed tool call
+                    }
+                }
+                toolArgumentsBuffer = "";
+            }
+            // Output item done (alternative tool call completion)
+            if (eventType === "response.output_item.done") {
+                const item = event.item;
+                if (item?.type === "function_call" && item.arguments) {
+                    // Check if we already captured this from arguments.done
+                    const alreadyCaptured = toolCalls.some(tc => tc.id === (item.id || item.call_id));
+                    if (!alreadyCaptured) {
+                        try {
+                            const args = JSON.parse(item.arguments);
+                            toolCalls.push({
+                                id: item.id || item.call_id || currentToolCallId,
+                                name: item.name || currentToolCallName,
+                                input: args,
+                            });
+                            onToolCall?.(item.name || currentToolCallName, args);
+                        }
+                        catch {
+                            // Skip
+                        }
+                    }
+                }
+            }
+            // Response completed — extract usage
+            if (eventType === "response.completed") {
+                const resp = event.response;
+                const usage = resp?.usage || event.usage;
+                if (usage) {
+                    promptTokens = usage.input_tokens || usage.prompt_tokens || 0;
+                    completionTokens = usage.output_tokens || usage.completion_tokens || 0;
+                }
+            }
+        }
+    }
+    return {
+        contentText,
+        toolCalls,
+        promptTokens,
+        completionTokens,
+    };
+}
+/**
+ * Determine if a model should use the Responses API
+ */
+export function shouldUseResponsesAPI(model) {
+    const lower = model.toLowerCase();
+    // GPT-5.x and Codex models need Responses API for OAuth tokens
+    if (lower.startsWith("gpt-5"))
+        return true;
+    if (lower.includes("codex"))
+        return true;
+    // o-series reasoning models also work with Responses API
+    if (lower === "o3" || lower === "o3-mini" || lower === "o4-mini")
+        return true;
+    // gpt-4.1 works on both but Responses API is better for OAuth
+    if (lower.startsWith("gpt-4.1"))
+        return true;
+    return false;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codemaxxing",
-  "version": "1.0.16",
+  "version": "1.1.0",
   "description": "Open-source terminal coding agent. Connect any LLM. Max your code.",
   "main": "dist/index.js",
   "bin": {
@@ -27,7 +27,7 @@
   "author": "Marcos Vallejo",
   "license": "MIT",
   "dependencies": {
-    "@anthropic-ai/sdk": "^0.78.0",
+    "@anthropic-ai/sdk": "^0.79.0",
     "@modelcontextprotocol/sdk": "^1.27.1",
     "@types/react": "^19.2.14",
     "better-sqlite3": "^12.6.2",