codex-rotating-proxy 0.1.0 → 0.1.2

package/README.md

@@ -115,28 +115,30 @@ codex-proxy config --cooldown 30       # cooldown minutes
 
 ## Using with opencode
 
-Add the proxy as your OpenAI provider base URL in `~/.config/opencode/opencode.json`:
+The built-in `openai` provider ignores `baseURL` overrides for Codex models. Instead, register the proxy as a custom provider using `@ai-sdk/openai-compatible` in `~/.config/opencode/opencode.json`:
 
 ```json
 {
   "$schema": "https://opencode.ai/config.json",
+  "model": "rotating-openai/gpt-5.3-codex",
   "provider": {
-    "openai": {
+    "rotating-openai": {
+      "npm": "@ai-sdk/openai-compatible",
+      "name": "Rotating OpenAI",
       "options": {
         "baseURL": "http://localhost:4000/v1"
+      },
+      "models": {
+        "gpt-5.3-codex": {
+          "name": "GPT-5.3 Codex"
+        }
       }
     }
   }
 }
 ```
 
-Then set your model as usual — the proxy forwards whatever model the client requests:
-
-```json
-{
-  "model": "openai/gpt-4o"
-}
-```
+You can add any OpenAI model to the `models` map — the proxy forwards whatever model the client requests.
 
 Start both:
 
@@ -162,7 +164,8 @@ Set the base URL to `http://localhost:4000/v1`. Set the API key to any non-empty
 - **Sticky routing** — stays on one account until it hits a rate limit, then rotates to the next
 - **Auto-rotation** — detects HTTP 429, 402, and quota-related 403 responses
 - **Token refresh** — OAuth tokens are automatically refreshed on 401; no manual re-login needed
-- **Streaming** — full SSE streaming support for chat completions
+- **Chat Completions compatibility** — automatically translates `/v1/chat/completions` requests to the Responses API, so tools that only speak Chat Completions work with Codex models
+- **Streaming** — full SSE streaming support for both chat completions and responses API
 - **Hot reload** — logging in while the proxy is running adds the new account immediately
 - **Zero dependencies** — just Node.js
 

package/dist/cli.js

@@ -0,0 +1,273 @@
+#!/usr/bin/env node
+import { spawn } from "node:child_process";
+import { openSync } from "node:fs";
+import { dirname, join } from "node:path";
+import { fileURLToPath } from "node:url";
+import { getAccounts, getSettings, updateSettings, removeAccount, readPid, isRunning, removePid, ensureDataDir, LOG_FILE, } from "./config.js";
+import { loginFlow } from "./login.js";
+import { startProxy } from "./server.js";
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const VERSION = "0.1.0";
+// ── Parse args ──────────────────────────────────────────────────
+const args = process.argv.slice(2);
+const command = args[0];
+const flags = new Set(args.slice(1));
+const getFlag = (short, long) => {
+    for (let i = 1; i < args.length; i++) {
+        if (args[i] === short || args[i] === long)
+            return args[i + 1];
+    }
+    return undefined;
+};
+const positional = args.slice(1).filter((a) => !a.startsWith("-"));
+// ── Colors ──────────────────────────────────────────────────────
+const dim = (s) => `\x1b[2m${s}\x1b[0m`;
+const cyan = (s) => `\x1b[36m${s}\x1b[0m`;
+const green = (s) => `\x1b[32m${s}\x1b[0m`;
+const red = (s) => `\x1b[31m${s}\x1b[0m`;
+const yellow = (s) => `\x1b[33m${s}\x1b[0m`;
+const bold = (s) => `\x1b[1m${s}\x1b[0m`;
+// ── Commands ────────────────────────────────────────────────────
+async function main() {
+    ensureDataDir();
+    switch (command) {
+        case "start":
+            return cmdStart();
+        case "stop":
+            return cmdStop();
+        case "status":
+            return cmdStatus();
+        case "login":
+            return cmdLogin();
+        case "logout":
+        case "remove":
+            return cmdLogout();
+        case "accounts":
+        case "list":
+            return cmdAccounts();
+        case "config":
+            return cmdConfig();
+        case "-v":
+        case "--version":
+            console.log(VERSION);
+            return;
+        case "-h":
+        case "--help":
+        case "help":
+        case undefined:
+            return cmdHelp();
+        default:
+            console.log(red(`Unknown command: ${command}`));
+            console.log(`Run ${cyan("codex-proxy --help")} for usage.`);
+            process.exit(1);
+    }
+}
+// ── start ───────────────────────────────────────────────────────
+function cmdStart() {
+    const pid = readPid();
+    if (pid && isRunning(pid)) {
+        console.log(yellow(`Proxy already running (PID ${pid}).`));
+        console.log(`Run ${cyan("codex-proxy stop")} first, or ${cyan("codex-proxy status")} to check.`);
+        return;
+    }
+    // Apply flag overrides
+    const port = getFlag("-p", "--port");
+    const upstream = getFlag("-u", "--upstream");
+    if (port)
+        updateSettings({ port: parseInt(port) });
+    if (upstream)
+        updateSettings({ upstream });
+    const isDaemon = flags.has("-d") || flags.has("--daemon");
+    if (isDaemon) {
+        const logFd = openSync(LOG_FILE, "a");
+        const child = spawn(process.execPath, [join(__dirname, "server.js")], {
+            detached: true,
+            stdio: ["ignore", logFd, logFd],
+            env: { ...process.env, CODEX_PROXY_DAEMON: "1" },
+        });
+        child.unref();
+        const settings = getSettings();
+        console.log(green(`✓`) + ` Proxy started in background (PID ${child.pid})`);
+        console.log(`  ${dim("port")}      ${settings.port}`);
+        console.log(`  ${dim("log")}       ${LOG_FILE}`);
+        console.log(`  ${dim("stop")}      codex-proxy stop`);
+        return;
+    }
+    // Foreground
+    startProxy();
+}
+// ── stop ────────────────────────────────────────────────────────
+async function cmdStop() {
+    const pid = readPid();
+    if (!pid || !isRunning(pid)) {
+        console.log(dim("Proxy is not running."));
+        removePid();
+        return;
+    }
+    process.kill(pid, "SIGTERM");
+    for (let i = 0; i < 30; i++) {
+        if (!isRunning(pid))
+            break;
+        await sleep(100);
+    }
+    removePid();
+    console.log(green("✓") + ` Proxy stopped (PID ${pid})`);
+}
+// ── status ──────────────────────────────────────────────────────
+async function cmdStatus() {
+    const pid = readPid();
+    const running = pid !== null && isRunning(pid);
+    if (!running) {
+        console.log(`  ${bold("Proxy")}  ${dim("stopped")}`);
+        if (pid)
+            removePid();
+    }
+    else {
+        console.log(`  ${bold("Proxy")}  ${green("running")} ${dim(`(PID ${pid})`)}`);
+        try {
+            const settings = getSettings();
+            const res = await fetch(`http://localhost:${settings.port}/_status`);
+            const data = (await res.json());
+            console.log();
+            printAccountTable(data.accounts);
+        }
+        catch {
+            console.log(dim("  Could not reach proxy for live status."));
+        }
+    }
+    if (!running) {
+        const accounts = getAccounts();
+        if (accounts.length === 0) {
+            console.log(`\n  No accounts. Run ${cyan("codex-proxy login")} to add one.`);
+        }
+        else {
+            console.log(`\n  ${bold("Accounts")}  ${accounts.length} configured`);
+            for (const a of accounts) {
+                console.log(`    ${a.name}  ${dim(maskToken(a.token))}`);
+            }
+        }
+    }
+}
+// ── login ───────────────────────────────────────────────────────
+function cmdLogin() {
+    return loginFlow(positional[0]);
+}
+// ── logout ──────────────────────────────────────────────────────
+function cmdLogout() {
+    const name = positional[0];
+    if (!name) {
+        console.log(red("Usage: codex-proxy logout <account-name>"));
+        return;
+    }
+    if (removeAccount(name)) {
+        console.log(green("✓") + ` Removed "${name}"`);
+    }
+    else {
+        console.log(red(`Account "${name}" not found.`));
+    }
+}
+// ── accounts ────────────────────────────────────────────────────
+function cmdAccounts() {
+    const accounts = getAccounts();
+    if (accounts.length === 0) {
+        console.log(dim("No accounts. Run codex-proxy login to add one."));
+        return;
+    }
+    console.log();
+    for (const a of accounts) {
+        const ago = timeAgo(new Date(a.addedAt));
+        console.log(`  ${bold(a.name.padEnd(16))} ${dim(maskToken(a.token))}  ${dim(ago)}`);
+    }
+    console.log();
+}
+// ── config ──────────────────────────────────────────────────────
+function cmdConfig() {
+    const s = getSettings();
+    console.log();
+    console.log(`  ${dim("port")}       ${s.port}`);
+    console.log(`  ${dim("upstream")}   ${s.upstream}`);
+    console.log(`  ${dim("cooldown")}   ${s.cooldownMinutes}m`);
+    console.log();
+    console.log(dim(`  Edit: codex-proxy config --port 5000`));
+    // Handle inline config changes
+    const port = getFlag("-p", "--port") ?? getFlag("--port", "--port");
+    const upstream = getFlag("-u", "--upstream") ?? getFlag("--upstream", "--upstream");
+    const cooldown = getFlag("-c", "--cooldown") ?? getFlag("--cooldown", "--cooldown");
+    const changes = {};
+    if (port)
+        changes.port = parseInt(port);
+    if (upstream)
+        changes.upstream = upstream;
+    if (cooldown)
+        changes.cooldownMinutes = parseInt(cooldown);
+    if (Object.keys(changes).length > 0) {
+        updateSettings(changes);
+        console.log(green("\n  ✓ Updated"));
+    }
+}
+// ── help ────────────────────────────────────────────────────────
+function cmdHelp() {
+    console.log(`
+  ${bold("codex-proxy")} ${dim(`v${VERSION}`)} — OpenAI API proxy with account rotation
+
+  ${bold("Usage")}
+    codex-proxy <command> [options]
+
+  ${bold("Commands")}
+    ${cyan("login")}  [name]         Add an account via browser
+    ${cyan("logout")} <name>         Remove an account
+    ${cyan("accounts")}               List all connected accounts
+    ${cyan("start")}                  Start the proxy server
+    ${cyan("stop")}                   Stop the proxy server
+    ${cyan("status")}                 Show proxy and account status
+    ${cyan("config")}                 Show or update configuration
+
+  ${bold("Options")}  ${dim("(for start)")}
+    -p, --port <n>           Port number ${dim("(default: 4000)")}
+    -u, --upstream <url>     Upstream API URL ${dim("(default: https://api.openai.com)")}
+    -d, --daemon             Run in background
+
+  ${bold("Quick start")}
+    ${dim("$")} codex-proxy login
+    ${dim("$")} codex-proxy login work
+    ${dim("$")} codex-proxy start
+
+  ${bold("Configure your tool")}
+    Point your OpenAI-compatible tool to ${cyan("http://localhost:4000/v1")}
+`);
+}
+// ── Helpers ─────────────────────────────────────────────────────
+function maskToken(token) {
+    if (token.length <= 8)
+        return "••••••••";
+    return token.slice(0, 4) + "••••" + token.slice(-4);
+}
+function timeAgo(date) {
+    const sec = Math.floor((Date.now() - date.getTime()) / 1000);
+    if (sec < 60)
+        return "just now";
+    if (sec < 3600)
+        return `${Math.floor(sec / 60)}m ago`;
+    if (sec < 86400)
+        return `${Math.floor(sec / 3600)}h ago`;
+    return `${Math.floor(sec / 86400)}d ago`;
+}
+function printAccountTable(accounts) {
+    for (const a of accounts) {
+        const indicator = a.status === "ready" ? green("●") : yellow("◑");
+        const status = a.status === "ready"
+            ? a.active
+                ? green("active")
+                : dim("standby")
+            : yellow(`cooldown ${a.cooldownRemaining}`);
+        const stats = dim(`${String(a.totalRequests).padStart(4)} req  ${String(a.errors).padStart(2)} err`);
+        console.log(`  ${indicator} ${bold(a.name.padEnd(16))} ${status.padEnd(30)} ${stats}`);
+    }
+}
+function sleep(ms) {
+    return new Promise((r) => setTimeout(r, ms));
+}
+main().catch((err) => {
+    console.error(red(err.message));
+    process.exit(1);
+});

package/dist/config.js

@@ -0,0 +1,90 @@
+import { mkdirSync, readFileSync, writeFileSync, unlinkSync } from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+// ── Paths ───────────────────────────────────────────────────────
+export const DATA_DIR = join(homedir(), ".codex-proxy");
+const ACCOUNTS_FILE = join(DATA_DIR, "accounts.json");
+const SETTINGS_FILE = join(DATA_DIR, "settings.json");
+export const PID_FILE = join(DATA_DIR, "proxy.pid");
+export const LOG_FILE = join(DATA_DIR, "proxy.log");
+const DEFAULTS = {
+    port: 4000,
+    upstream: "https://api.openai.com",
+    cooldownMinutes: 60,
+};
+// ── Helpers ─────────────────────────────────────────────────────
+export function ensureDataDir() {
+    mkdirSync(DATA_DIR, { recursive: true });
+}
+function readJson(path, fallback) {
+    try {
+        return JSON.parse(readFileSync(path, "utf-8"));
+    }
+    catch {
+        return fallback;
+    }
+}
+function writeJson(path, data) {
+    ensureDataDir();
+    writeFileSync(path, JSON.stringify(data, null, 2) + "\n");
+}
+// ── Accounts ────────────────────────────────────────────────────
+export function getAccounts() {
+    return readJson(ACCOUNTS_FILE, { accounts: [] })
+        .accounts;
+}
+export function addAccount(account) {
+    const accounts = getAccounts();
+    const idx = accounts.findIndex((a) => a.name === account.name);
+    if (idx >= 0)
+        accounts[idx] = account;
+    else
+        accounts.push(account);
+    writeJson(ACCOUNTS_FILE, { accounts });
+}
+export function removeAccount(name) {
+    const accounts = getAccounts();
+    const filtered = accounts.filter((a) => a.name !== name);
+    if (filtered.length === accounts.length)
+        return false;
+    writeJson(ACCOUNTS_FILE, { accounts: filtered });
+    return true;
+}
+// ── Settings ────────────────────────────────────────────────────
+export function getSettings() {
+    return {
+        ...DEFAULTS,
+        ...readJson(SETTINGS_FILE, {}),
+    };
+}
+export function updateSettings(partial) {
+    writeJson(SETTINGS_FILE, { ...getSettings(), ...partial });
+}
+// ── PID ─────────────────────────────────────────────────────────
+export function readPid() {
+    try {
+        return parseInt(readFileSync(PID_FILE, "utf-8").trim());
+    }
+    catch {
+        return null;
+    }
+}
+export function writePid(pid) {
+    ensureDataDir();
+    writeFileSync(PID_FILE, String(pid));
+}
+export function removePid() {
+    try {
+        unlinkSync(PID_FILE);
+    }
+    catch { }
+}
+export function isRunning(pid) {
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}

package/dist/login.js

@@ -0,0 +1,217 @@
+import { createServer } from "node:http";
+import { randomBytes, createHash } from "node:crypto";
+import { exec } from "node:child_process";
+import { addAccount } from "./config.js";
+const CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
+const ISSUER = "https://auth.openai.com";
+const AUTHORIZE_URL = `${ISSUER}/oauth/authorize`;
+const TOKEN_URL = `${ISSUER}/oauth/token`;
+const SCOPES = "openid profile email offline_access";
+const REFRESH_SCOPES = "openid profile email";
+// ── PKCE ────────────────────────────────────────────────────────
+function generatePKCE() {
+    const verifier = randomBytes(64).toString("base64url");
+    const challenge = createHash("sha256").update(verifier).digest("base64url");
+    return { verifier, challenge };
+}
+// ── Login flow ──────────────────────────────────────────────────
+export async function loginFlow(accountName) {
+    const { verifier, challenge } = generatePKCE();
+    const state = randomBytes(32).toString("base64url");
+    return new Promise((resolve, reject) => {
+        let port = 1455;
+        const server = createServer(async (req, res) => {
+            const url = new URL(req.url ?? "/", `http://localhost:${port}`);
+            if (url.pathname !== "/auth/callback") {
+                res.writeHead(404);
+                res.end();
+                return;
+            }
+            const error = url.searchParams.get("error");
+            if (error) {
+                const desc = url.searchParams.get("error_description") ?? error;
+                res.writeHead(200, { "content-type": "text/html; charset=utf-8" });
+                res.end(resultPage(false, desc));
+                finish(reject, server, new Error(desc));
+                return;
+            }
+            if (url.searchParams.get("state") !== state) {
+                res.writeHead(200, { "content-type": "text/html; charset=utf-8" });
+                res.end(resultPage(false, "State mismatch — try again."));
+                finish(reject, server, new Error("state mismatch"));
+                return;
+            }
+            const code = url.searchParams.get("code");
+            try {
+                // Step 1: exchange authorization code for tokens
+                const tokens = await tokenRequest({
+                    grant_type: "authorization_code",
+                    code,
+                    redirect_uri: `http://localhost:${port}/auth/callback`,
+                    client_id: CLIENT_ID,
+                    code_verifier: verifier,
+                });
+                // Step 2: exchange id_token for an OpenAI API key
+                const apiKey = await exchangeForApiKey(tokens.id_token);
+                // Parse JWT for display info + account ID
+                const claims = parseJwt(tokens.id_token);
+                const email = claims.email ?? "unknown";
+                const authClaims = (claims["https://api.openai.com/auth"] ?? {});
+                const accountId = authClaims.chatgpt_account_id;
+                const name = accountName || email.split("@")[0];
+                addAccount({
+                    name,
+                    token: apiKey,
+                    refreshToken: tokens.refresh_token,
+                    accountId,
+                    addedAt: new Date().toISOString(),
+                    lastRefresh: new Date().toISOString(),
+                });
+                res.writeHead(200, { "content-type": "text/html; charset=utf-8" });
+                res.end(resultPage(true, `Connected as "${name}" (${email})`));
+                console.log(`\x1b[32m✓\x1b[0m Connected "${name}" (${email})`);
+                finish(resolve, server);
+            }
+            catch (err) {
+                res.writeHead(200, { "content-type": "text/html; charset=utf-8" });
+                res.end(resultPage(false, err.message));
+                finish(reject, server, err);
+            }
+        });
+        // Use port 1455 — same as official Codex CLI (registered redirect_uri)
+        server.listen(1455, () => {
+            port = 1455;
+            const params = new URLSearchParams({
+                response_type: "code",
+                client_id: CLIENT_ID,
+                redirect_uri: `http://localhost:${port}/auth/callback`,
+                scope: SCOPES,
+                code_challenge: challenge,
+                code_challenge_method: "S256",
+                state,
+            });
+            const authUrl = `${AUTHORIZE_URL}?${params}`;
+            console.log("  Opening browser to sign in with OpenAI...");
+            console.log(`  If it doesn't open, visit:\n  \x1b[36m${authUrl}\x1b[0m\n`);
+            openBrowser(authUrl);
+        });
+        server.on("error", (err) => {
+            if (err.code === "EADDRINUSE") {
+                console.error("\x1b[31mPort 1455 is in use (maybe Codex CLI is running?).\x1b[0m");
+                console.error("Close it and try again.");
+            }
+            reject(err);
+        });
+    });
+}
+// ── Token refresh ───────────────────────────────────────────────
+export async function refreshAccount(account) {
+    if (!account.refreshToken)
+        return null;
+    try {
+        const tokens = await tokenRequest({
+            client_id: CLIENT_ID,
+            grant_type: "refresh_token",
+            refresh_token: account.refreshToken,
+            scope: REFRESH_SCOPES,
+        });
+        const apiKey = await exchangeForApiKey(tokens.id_token);
+        addAccount({
+            ...account,
+            token: apiKey,
+            refreshToken: tokens.refresh_token,
+            lastRefresh: new Date().toISOString(),
+        });
+        return apiKey;
+    }
+    catch {
+        return null;
+    }
+}
+// ── Helpers ─────────────────────────────────────────────────────
+async function tokenRequest(params) {
+    const res = await fetch(TOKEN_URL, {
+        method: "POST",
+        headers: { "content-type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams(params).toString(),
+    });
+    if (!res.ok) {
+        const text = await res.text();
+        throw new Error(`Token request failed (${res.status}): ${text}`);
+    }
+    return res.json();
+}
+async function exchangeForApiKey(idToken) {
+    const res = await tokenRequest({
+        grant_type: "urn:ietf:params:oauth:grant-type:token-exchange",
+        requested_token: "openai-api-key",
+        subject_token: idToken,
+        subject_token_type: "urn:ietf:params:oauth:token-type:id_token",
+        client_id: CLIENT_ID,
+    });
+    return res.access_token;
+}
+function parseJwt(token) {
+    const payload = token.split(".")[1];
+    return JSON.parse(Buffer.from(payload, "base64url").toString());
+}
+function openBrowser(url) {
+    const cmd = process.platform === "darwin"
+        ? `open "${url}"`
+        : process.platform === "win32"
+            ? `start "" "${url}"`
+            : `xdg-open "${url}"`;
+    exec(cmd, () => { });
+}
+function finish(cb, server, err) {
+    setTimeout(() => {
+        server.close();
+        if (err)
+            cb(err);
+        else
+            cb();
+    }, 500);
+}
+// ── Callback result page ────────────────────────────────────────
+function resultPage(success, message) {
+    const icon = success ? "✓" : "✗";
+    const color = success ? "#3fb950" : "#f85149";
+    const title = success ? "Connected!" : "Something went wrong";
+    const sub = success
+        ? "You can close this tab and return to your terminal."
+        : "Check your terminal for details.";
+    return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<title>codex-proxy</title>
+<style>
+  * { box-sizing: border-box; margin: 0; padding: 0; }
+  body {
+    background: #0d1117; color: #c9d1d9;
+    font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif;
+    display: flex; justify-content: center; align-items: center;
+    min-height: 100vh; padding: 1rem;
+  }
+  .card {
+    background: #161b22; border: 1px solid #30363d;
+    border-radius: 12px; padding: 2.5rem;
+    max-width: 420px; width: 100%; text-align: center;
+  }
+  .icon { font-size: 3rem; color: ${color}; margin-bottom: 0.75rem; }
+  h1 { font-size: 1.4rem; margin-bottom: 0.5rem; color: ${color}; }
+  .msg { color: #c9d1d9; margin-bottom: 1rem; font-size: 0.95rem; }
+  .sub { color: #8b949e; font-size: 0.85rem; }
+</style>
+</head>
+<body>
+<div class="card">
+  <div class="icon">${icon}</div>
+  <h1>${title}</h1>
+  <p class="msg">${message}</p>
+  <p class="sub">${sub}</p>
+</div>
+</body>
+</html>`;
+}