codemaxxing 1.0.17 → 1.1.1

package/README.md

@@ -10,6 +10,8 @@
 
 Open-source terminal coding agent. Connect **any** LLM — local or remote — and start building. Like Claude Code, but you bring your own model.
 
+**🆕 v1.1.0:** Use GPT-5.4 with your ChatGPT Plus subscription — no API key needed. Just `/login` → OpenAI → OAuth. Same access as Codex CLI.
+
 ## Why?
 
 Every coding agent locks you into their API. Codemaxxing doesn't. Run it with LM Studio, Ollama, OpenRouter, OpenAI, Anthropic, or any OpenAI-compatible endpoint. Your machine, your model, your rules.
@@ -92,7 +94,24 @@ If no LLM is available, Codemaxxing can guide you through:
 - downloading the model
 - connecting automatically
 
-### Option C — cloud provider
+### Option C — ChatGPT Plus (GPT-5.4, easiest cloud option)
+
+If you have a ChatGPT Plus subscription, get instant access to GPT-5.4 with zero API costs:
+
+```bash
+codemaxxing login
+# → Pick "OpenAI"
+# → Pick "OpenAI (ChatGPT)" 
+# → Browser opens, log in with your ChatGPT account
+# → Done — you now have GPT-5.4, GPT-5, o3, o4-mini
+
+codemaxxing
+# → /model → pick gpt-5.4
+```
+
+No API key required. Uses your ChatGPT subscription limits instead.
+
+### Option D — other cloud providers
 
 Authenticate first:
 
@@ -106,14 +125,6 @@ Then run:
 codemaxxing
 ```
 
-## First-run sanity check
-
-Once it launches, a quick smoke test is:
-- type `/`
-- open `/theme`
-- open `/skills`
-- paste a multiline block and confirm it becomes a paste badge
-- send one normal prompt
 
 ---
 
@@ -198,10 +209,9 @@ Downloadable skill packs that teach the agent domain expertise. Ships with 21 bu
 /skills on/off X     # Toggle per session
 ```
 
-Project-level config: add `.codemaxxing/skills.json` to scope skills per project.
 
 ### 📋 CODEMAXXING.md — Project Rules
-Drop a `CODEMAXXING.md` in your project root for project-specific instructions. Auto-loaded every session. Also supports `.cursorrules` for Cursor migrants.
+Drop a `CODEMAXXING.md` in your project root for project-specific instructions. It gets loaded automatically for that project.
 
 ### 🔧 Auto-Lint
 Automatically runs your linter after every file edit and feeds errors back to the model for auto-fix. Detects eslint, biome, ruff, clippy, golangci-lint, and more.
@@ -211,7 +221,7 @@ Automatically runs your linter after every file edit and feeds errors back to th
 Scans your codebase and builds a map of functions, classes, and types. The model knows what exists where without reading every file.
 
 ### 📦 Context Compression
-When conversation history exceeds 80k tokens, older messages are automatically summarized to free up context. Configurable via `contextCompressionThreshold`.
+When conversation history gets too large, older messages are automatically summarized to free up context.
 
 ### 💰 Cost Tracking
 Per-session token usage and estimated cost in the status bar. Pricing for 20+ common models. Saved to session history.
@@ -239,11 +249,10 @@ Conversations auto-save to SQLite. Pick up where you left off:
 - `/resume` — interactive session picker
 
 ### 🔌 MCP Support (Model Context Protocol)
-Connect to external tools via the industry-standard MCP protocol. Databases, GitHub, Slack, browsers — anything with an MCP server.
-- Compatible with `.cursor/mcp.json` and `opencode.json` configs
+Connect to external tools via the MCP standard: databases, GitHub, Slack, browsers, and more.
 - `/mcp` — show connected servers
 - `/mcp add github npx -y @modelcontextprotocol/server-github` — add a server
-- `/mcp tools` — list all available MCP tools
+- `/mcp tools` — list available MCP tools
 
 ### 🖥️ Zero-Setup Local LLM
 First time with no LLM? Codemaxxing walks you through it:
@@ -394,7 +403,6 @@ Drop a `CODEMAXXING.md` file in your project root to give the model extra contex
 - **MCP:** [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk)
 - **Sessions:** [better-sqlite3](https://github.com/WiseLibs/better-sqlite3)
 - **Local LLM:** Ollama integration (auto-install, pull, manage)
-- **Tests:** Vitest — 42 tests across 9 test files covering commands, tools, config, paste handling, and agent behavior
 - **Zero cloud dependencies** — everything runs locally unless you choose a remote provider
 
 ## Inspired By

package/dist/agent.d.ts

@@ -26,6 +26,8 @@ export declare class CodingAgent {
     private client;
     private anthropicClient;
     private providerType;
+    private currentApiKey;
+    private currentBaseUrl;
     private messages;
     private tools;
     private cwd;
@@ -88,10 +90,19 @@ export declare class CodingAgent {
      * Anthropic-native streaming chat
      */
     private chatAnthropic;
+    /**
+     * OpenAI Responses API chat (for Codex OAuth tokens + GPT-5.4)
+     */
+    private chatOpenAIResponses;
     /**
      * Switch to a different model mid-session
      */
-    switchModel(model: string, baseUrl?: string, apiKey?: string): void;
+    switchModel(model: string, baseUrl?: string, apiKey?: string, providerType?: "openai" | "anthropic"): void;
+    /**
+     * Attempt to refresh an expired Anthropic OAuth token.
+     * Returns true if refresh succeeded and client was rebuilt.
+     */
+    private tryRefreshAnthropicToken;
     getModel(): string;
     setAutoCommit(enabled: boolean): void;
     isGitEnabled(): boolean;

package/dist/agent.js

@@ -7,6 +7,36 @@ import { isGitRepo, autoCommit } from "./utils/git.js";
 import { buildSkillPrompts, getActiveSkillCount } from "./utils/skills.js";
 import { createSession, saveMessage, updateTokenEstimate, updateSessionCost, loadMessages } from "./utils/sessions.js";
 import { loadMCPConfig, connectToServers, disconnectAll, getAllMCPTools, parseMCPToolName, callMCPTool } from "./utils/mcp.js";
+import { refreshAnthropicOAuthToken } from "./utils/anthropic-oauth.js";
+import { getCredential, saveCredential } from "./utils/auth.js";
+import { chatWithResponsesAPI, shouldUseResponsesAPI } from "./utils/responses-api.js";
+// ── Helper: Sanitize unpaired Unicode surrogates (copied from Pi/OpenClaw) ──
+function sanitizeSurrogates(text) {
+    // Removes unpaired Unicode surrogates that cause JSON serialization errors in APIs.
+    // Valid emoji (properly paired surrogates) are preserved.
+    return text.replace(/[\uD800-\uDBFF](?![\uDC00-\uDFFF])|(?<![\uD800-\uDBFF])[\uDC00-\uDFFF]/g, "");
+}
+// ── Helper: Create Anthropic client with proper auth ──
+function createAnthropicClient(apiKey) {
+    // OAuth tokens start with "sk-ant-oat" — need special handling
+    if (apiKey.startsWith("sk-ant-oat")) {
+        return new Anthropic({
+            apiKey: null,
+            authToken: apiKey,
+            dangerouslyAllowBrowser: true,
+            defaultHeaders: {
+                "anthropic-beta": "claude-code-20250219,oauth-2025-04-20",
+                "user-agent": "claude-cli/2.1.75",
+                "x-app": "cli",
+            },
+        });
+    }
+    // Regular API keys
+    return new Anthropic({
+        apiKey,
+        dangerouslyAllowBrowser: true,
+    });
+}
 // Tools that can modify your project — require approval
 const DANGEROUS_TOOLS = new Set(["write_file", "edit_file", "run_command"]);
 // Cost per 1M tokens (input/output) for common models
@@ -21,6 +51,14 @@ const MODEL_COSTS = {
     "o1": { input: 15, output: 60 },
     "o1-mini": { input: 3, output: 12 },
     "o1-pro": { input: 150, output: 600 },
+    "gpt-5.4": { input: 2.5, output: 15 },
+    "gpt-5.4-pro": { input: 30, output: 180 },
+    "gpt-5": { input: 1.25, output: 10 },
+    "gpt-5-mini": { input: 0.3, output: 1.25 },
+    "gpt-5.3-codex": { input: 1.25, output: 10 },
+    "gpt-4.1": { input: 2, output: 8 },
+    "gpt-4.1-mini": { input: 0.4, output: 1.6 },
+    "gpt-4.1-nano": { input: 0.1, output: 0.4 },
     "o3": { input: 10, output: 40 },
     "o3-mini": { input: 1.1, output: 4.4 },
     "o4-mini": { input: 1.1, output: 4.4 },
@@ -113,6 +151,8 @@ export class CodingAgent {
     client;
     anthropicClient = null;
     providerType;
+    currentApiKey = null;
+    currentBaseUrl = "";
     messages = [];
     tools = FILE_TOOLS;
     cwd;
@@ -138,14 +178,13 @@ export class CodingAgent {
     constructor(options) {
         this.options = options;
         this.providerType = options.provider.type || "openai";
+        this.currentBaseUrl = options.provider.baseUrl || "https://api.openai.com/v1";
         this.client = new OpenAI({
-            baseURL: options.provider.baseUrl,
+            baseURL: this.currentBaseUrl,
             apiKey: options.provider.apiKey,
         });
         if (this.providerType === "anthropic") {
-            this.anthropicClient = new Anthropic({
-                apiKey: options.provider.apiKey,
-            });
+            this.anthropicClient = createAnthropicClient(options.provider.apiKey);
         }
         this.cwd = options.cwd;
         this.maxTokens = options.maxTokens;
@@ -153,7 +192,7 @@ export class CodingAgent {
         this.model = options.provider.model;
         // Default model for Anthropic
         if (this.providerType === "anthropic" && (this.model === "auto" || !this.model)) {
-            this.model = "claude-sonnet-4-20250514";
+            this.model = "claude-sonnet-4-6";
         }
         this.gitEnabled = isGitRepo(this.cwd);
         this.compressionThreshold = options.contextCompressionThreshold ?? 80000;
@@ -237,18 +276,34 @@ export class CodingAgent {
         if (this.providerType === "anthropic" && this.anthropicClient) {
             return this.chatAnthropic(userMessage);
         }
+        // Route to Responses API for models that need it (GPT-5.x, Codex, etc)
+        if (this.providerType === "openai" && shouldUseResponsesAPI(this.model)) {
+            return this.chatOpenAIResponses(userMessage);
+        }
         let iterations = 0;
         const MAX_ITERATIONS = 20;
         while (iterations < MAX_ITERATIONS) {
             iterations++;
-            const stream = await this.client.chat.completions.create({
-                model: this.model,
-                messages: this.messages,
-                tools: this.tools,
-                max_tokens: this.maxTokens,
-                stream: true,
-                stream_options: { include_usage: true },
-            });
+            let stream;
+            try {
+                stream = await this.client.chat.completions.create({
+                    model: this.model,
+                    messages: this.messages,
+                    tools: this.tools,
+                    max_tokens: this.maxTokens,
+                    stream: true,
+                    stream_options: { include_usage: true },
+                });
+            }
+            catch (err) {
+                // Better error for OpenAI Codex OAuth scope limitations
+                if (err.status === 401 && err.message?.includes("Missing scopes")) {
+                    throw new Error(`Model "${this.model}" is not available via Chat Completions with your OAuth token. ` +
+                        `Try a GPT-5.x model (which uses the Responses API automatically), ` +
+                        `or use an API key for full model access (/login openai → api-key).`);
+                }
+                throw err;
+            }
             // Accumulate the streamed response
             let contentText = "";
             let thinkingText = "";
@@ -493,30 +548,65 @@ export class CodingAgent {
      * Anthropic-native streaming chat
      */
     async chatAnthropic(_userMessage) {
-        const client = this.anthropicClient;
         let iterations = 0;
         const MAX_ITERATIONS = 20;
         while (iterations < MAX_ITERATIONS) {
             iterations++;
             const anthropicMessages = this.getAnthropicMessages();
             const anthropicTools = this.getAnthropicTools();
-            const stream = client.messages.stream({
-                model: this.model,
-                max_tokens: this.maxTokens,
-                system: this.systemPrompt,
-                messages: anthropicMessages,
-                tools: anthropicTools,
-            });
+            // For OAuth tokens, system prompt must be a structured array with Claude Code identity
+            // Check both the current provider key and what was passed to switchModel
+            const currentApiKey = this.currentApiKey ?? this.options.provider.apiKey;
+            const isOAuthToken = currentApiKey?.includes("sk-ant-oat");
+            let systemPrompt = this.systemPrompt;
+            if (isOAuthToken) {
+                systemPrompt = [
+                    {
+                        type: "text",
+                        text: "You are Claude Code, Anthropic's official CLI for Claude.",
+                    },
+                    {
+                        type: "text",
+                        text: sanitizeSurrogates(this.systemPrompt),
+                    },
+                ];
+            }
+            else {
+                systemPrompt = sanitizeSurrogates(this.systemPrompt);
+            }
+            let stream;
+            let finalMessage;
             let contentText = "";
             const toolCalls = [];
-            let currentToolId = "";
-            let currentToolName = "";
-            let currentToolInput = "";
-            stream.on("text", (text) => {
-                contentText += text;
-                this.options.onToken?.(text);
-            });
-            const finalMessage = await stream.finalMessage();
+            try {
+                stream = this.anthropicClient.messages.stream({
+                    model: this.model,
+                    max_tokens: this.maxTokens,
+                    system: systemPrompt,
+                    messages: anthropicMessages,
+                    tools: anthropicTools,
+                });
+                stream.on("text", (text) => {
+                    contentText += text;
+                    this.options.onToken?.(text);
+                });
+                finalMessage = await stream.finalMessage();
+            }
+            catch (err) {
+                // Handle 401 Unauthorized — try refreshing OAuth token
+                const isOAuth = (this.currentApiKey ?? this.options.provider.apiKey)?.startsWith("sk-ant-oat");
+                if (err.status === 401 && isOAuth) {
+                    const refreshed = await this.tryRefreshAnthropicToken();
+                    if (refreshed) {
+                        // Token was refreshed — retry this iteration
+                        iterations--;
+                        continue;
+                    }
+                    throw new Error("Anthropic OAuth token expired. Please re-login with /login anthropic");
+                }
+                // Re-throw if we can't handle it
+                throw err;
+            }
             // Track usage
             if (finalMessage.usage) {
                 const promptTokens = finalMessage.usage.input_tokens;
@@ -641,18 +731,193 @@ export class CodingAgent {
         }
         return "Max iterations reached. The agent may be stuck in a loop.";
     }
+    /**
+     * OpenAI Responses API chat (for Codex OAuth tokens + GPT-5.4)
+     */
+    async chatOpenAIResponses(userMessage) {
+        let iterations = 0;
+        const MAX_ITERATIONS = 20;
+        while (iterations < MAX_ITERATIONS) {
+            iterations++;
+            try {
+                const currentKey = this.currentApiKey || this.options.provider.apiKey;
+                const result = await chatWithResponsesAPI({
+                    baseUrl: this.currentBaseUrl,
+                    apiKey: currentKey,
+                    model: this.model,
+                    maxTokens: this.maxTokens,
+                    systemPrompt: this.systemPrompt,
+                    messages: this.messages,
+                    tools: this.tools,
+                    onToken: (token) => this.options.onToken?.(token),
+                    onToolCall: (name, args) => this.options.onToolCall?.(name, args),
+                });
+                const { contentText, toolCalls, promptTokens, completionTokens } = result;
+                // Track usage
+                this.totalPromptTokens += promptTokens;
+                this.totalCompletionTokens += completionTokens;
+                const costs = getModelCost(this.model);
+                this.totalCost = (this.totalPromptTokens / 1_000_000) * costs.input +
+                    (this.totalCompletionTokens / 1_000_000) * costs.output;
+                updateSessionCost(this.sessionId, this.totalPromptTokens, this.totalCompletionTokens, this.totalCost);
+                // Build and save assistant message
+                const assistantMessage = { role: "assistant", content: contentText || null };
+                if (toolCalls.length > 0) {
+                    assistantMessage.tool_calls = toolCalls.map((tc) => ({
+                        id: tc.id,
+                        type: "function",
+                        function: { name: tc.name, arguments: JSON.stringify(tc.input) },
+                    }));
+                }
+                this.messages.push(assistantMessage);
+                saveMessage(this.sessionId, assistantMessage);
+                // If no tool calls, we're done
+                if (toolCalls.length === 0) {
+                    updateTokenEstimate(this.sessionId, this.estimateTokens());
+                    return contentText || "(empty response)";
+                }
+                // Process tool calls (same as Chat Completions flow)
+                for (const toolCall of toolCalls) {
+                    const args = toolCall.input;
+                    // Check approval
+                    if (DANGEROUS_TOOLS.has(toolCall.name) && !this.autoApprove && !this.alwaysApproved.has(toolCall.name)) {
+                        if (this.options.onToolApproval) {
+                            let diff;
+                            if (toolCall.name === "write_file" && args.path && args.content) {
+                                const existing = getExistingContent(String(args.path), this.cwd);
+                                if (existing !== null) {
+                                    diff = generateDiff(existing, String(args.content), String(args.path));
+                                }
+                            }
+                            if (toolCall.name === "edit_file" && args.path && args.oldText !== undefined && args.newText !== undefined) {
+                                const existing = getExistingContent(String(args.path), this.cwd);
+                                if (existing !== null) {
+                                    const oldText = String(args.oldText);
+                                    const newText = String(args.newText);
+                                    const replaceAll = Boolean(args.replaceAll);
+                                    const next = replaceAll ? existing.split(oldText).join(newText) : existing.replace(oldText, newText);
+                                    diff = generateDiff(existing, next, String(args.path));
+                                }
+                            }
+                            const decision = await this.options.onToolApproval(toolCall.name, args, diff);
+                            if (decision === "no") {
+                                const toolMsg = {
+                                    role: "tool",
+                                    tool_call_id: toolCall.id,
+                                    content: "Tool denied by user.",
+                                };
+                                this.messages.push(toolMsg);
+                                saveMessage(this.sessionId, toolMsg);
+                                continue;
+                            }
+                            if (decision === "always") {
+                                this.alwaysApproved.add(toolCall.name);
+                            }
+                        }
+                    }
+                    // Execute tool
+                    const mcpParsed = parseMCPToolName(toolCall.name);
+                    let result;
+                    if (mcpParsed) {
+                        result = await callMCPTool(mcpParsed.serverName, mcpParsed.toolName, args);
+                    }
+                    else {
+                        result = await executeTool(toolCall.name, args, this.cwd);
+                    }
+                    this.options.onToolResult?.(toolCall.name, result);
+                    // Auto-commit
+                    if (this.gitEnabled && this.autoCommitEnabled && ["write_file", "edit_file"].includes(toolCall.name) && result.startsWith("✅")) {
+                        const path = String(args.path ?? "unknown");
+                        const committed = autoCommit(this.cwd, path, "write");
+                        if (committed) {
+                            this.options.onGitCommit?.(`write ${path}`);
+                        }
+                    }
+                    // Auto-lint
+                    if (this.autoLintEnabled && this.detectedLinter && ["write_file", "edit_file"].includes(toolCall.name) && result.startsWith("✅")) {
+                        const filePath = String(args.path ?? "");
+                        const lintErrors = runLinter(this.detectedLinter, filePath, this.cwd);
+                        if (lintErrors) {
+                            this.options.onLintResult?.(filePath, lintErrors);
+                            const lintMsg = {
+                                role: "tool",
+                                tool_call_id: toolCall.id,
+                                content: result + `\n\nLint errors detected in ${filePath}:\n${lintErrors}\nPlease fix these issues.`,
+                            };
+                            this.messages.push(lintMsg);
+                            saveMessage(this.sessionId, lintMsg);
+                            continue;
+                        }
+                    }
+                    // Save tool result
+                    const toolMsg = {
+                        role: "tool",
+                        tool_call_id: toolCall.id,
+                        content: result,
+                    };
+                    this.messages.push(toolMsg);
+                    saveMessage(this.sessionId, toolMsg);
+                }
+            }
+            catch (err) {
+                throw err;
+            }
+        }
+        return "Max iterations reached. The agent may be stuck in a loop.";
+    }
     /**
      * Switch to a different model mid-session
      */
-    switchModel(model, baseUrl, apiKey) {
+    switchModel(model, baseUrl, apiKey, providerType) {
         this.model = model;
+        if (apiKey)
+            this.currentApiKey = apiKey;
+        if (baseUrl)
+            this.currentBaseUrl = baseUrl;
+        if (providerType) {
+            this.providerType = providerType;
+            if (providerType === "anthropic") {
+                // Always rebuild Anthropic client when switching (token may have changed)
+                const key = apiKey || this.currentApiKey || this.options.provider.apiKey;
+                if (!key)
+                    throw new Error("No API key available for Anthropic");
+                this.anthropicClient = createAnthropicClient(key);
+            }
+            else {
+                this.anthropicClient = null;
+            }
+        }
         if (baseUrl || apiKey) {
             this.client = new OpenAI({
-                baseURL: baseUrl ?? this.options.provider.baseUrl,
+                baseURL: baseUrl ?? this.currentBaseUrl,
                 apiKey: apiKey ?? this.options.provider.apiKey,
             });
         }
     }
+    /**
+     * Attempt to refresh an expired Anthropic OAuth token.
+     * Returns true if refresh succeeded and client was rebuilt.
+     */
+    async tryRefreshAnthropicToken() {
+        const cred = getCredential("anthropic");
+        if (!cred?.refreshToken)
+            return false;
+        try {
+            const refreshed = await refreshAnthropicOAuthToken(cred.refreshToken);
+            // Update stored credential
+            cred.apiKey = refreshed.access;
+            cred.refreshToken = refreshed.refresh;
+            cred.oauthExpires = refreshed.expires;
+            saveCredential(cred);
+            // Rebuild client with new token
+            this.currentApiKey = refreshed.access;
+            this.anthropicClient = createAnthropicClient(refreshed.access);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
     getModel() {
         return this.model;
     }