codexui-android 0.1.91 → 0.1.93

package/dist-cli/index.js

@@ -1,16 +1,15 @@
 #!/usr/bin/env node
-import "./chunk-PUR7OUAG.js";
 
 // src/cli/index.ts
 import { createServer as createServer2 } from "http";
-import { chmodSync, createWriteStream, existsSync as existsSync4, mkdirSync } from "fs";
+import { chmodSync as chmodSync2, createWriteStream, existsSync as existsSync5, mkdirSync } from "fs";
 import { readFile as readFile5, stat as stat7, writeFile as writeFile6 } from "fs/promises";
-import { homedir as homedir5, networkInterfaces } from "os";
-import { isAbsolute as isAbsolute4, join as join8, resolve as resolve3 } from "path";
+import { homedir as homedir6, networkInterfaces } from "os";
+import { isAbsolute as isAbsolute4, join as join9, resolve as resolve3 } from "path";
 import { spawn as spawn5 } from "child_process";
 import { createInterface as createInterface2 } from "readline/promises";
 import { fileURLToPath as fileURLToPath2 } from "url";
-import { dirname as dirname4 } from "path";
+import { dirname as dirname5 } from "path";
 import { get as httpsGet } from "https";
 import { Command } from "commander";
 import qrcode from "qrcode-terminal";
@@ -217,27 +216,25 @@ function parseApprovalPolicy(value) {
 
 // src/server/httpServer.ts
 import { fileURLToPath } from "url";
-import { dirname as dirname3, extname as extname3, isAbsolute as isAbsolute3, join as join7 } from "path";
-import { existsSync as existsSync3 } from "fs";
+import { dirname as dirname4, extname as extname3, isAbsolute as isAbsolute3, join as join8 } from "path";
+import { existsSync as existsSync4 } from "fs";
 import { writeFile as writeFile5, stat as stat6 } from "fs/promises";
 import express from "express";
 
 // src/server/codexAppServerBridge.ts
-import * as Sentry4 from "@sentry/node";
 import { spawn as spawn4 } from "child_process";
 import { createHash as createHash2, randomBytes } from "crypto";
-import { mkdtemp as mkdtemp3, readFile as readFile3, rm as rm4, mkdir as mkdir4, stat as stat4 } from "fs/promises";
-import { createReadStream, readFileSync } from "fs";
-import { request as httpRequest } from "http";
-import { request as httpsRequest } from "https";
-import { homedir as homedir4 } from "os";
+import { mkdtemp as mkdtemp3, readFile as readFile3, readdir as readdir2, rm as rm4, mkdir as mkdir4, stat as stat4 } from "fs/promises";
+import { createReadStream, readFileSync as readFileSync2 } from "fs";
+import { request as httpRequest2 } from "http";
+import { request as httpsRequest2 } from "https";
+import { homedir as homedir5 } from "os";
 import { tmpdir as tmpdir4 } from "os";
-import { basename as basename3, isAbsolute as isAbsolute2, join as join5, resolve as resolve2 } from "path";
+import { basename as basename4, isAbsolute as isAbsolute2, join as join6, resolve as resolve2 } from "path";
 import { createInterface } from "readline";
 import { writeFile as writeFile4 } from "fs/promises";
 
 // src/server/accountRoutes.ts
-import * as Sentry from "@sentry/node";
 import { spawn } from "child_process";
 import { createHash } from "crypto";
 import { mkdtemp, mkdir, readFile, rm, stat, writeFile } from "fs/promises";
@@ -480,22 +477,6 @@ async function validateSwitchedAccount(appServer) {
     quotaSnapshot: pickCodexRateLimitSnapshot(quotaPayload)
   };
 }
-async function validateSwitchedAccountWithTimeout(appServer) {
-  let timeoutHandle = null;
-  try {
-    return await Promise.race([
-      validateSwitchedAccount(appServer),
-      new Promise((_, reject) => {
-        timeoutHandle = setTimeout(() => {
-          reject(new Error(`Account switch validation timed out after ${ACCOUNT_INSPECTION_TIMEOUT_MS}ms`));
-        }, ACCOUNT_INSPECTION_TIMEOUT_MS);
-        timeoutHandle.unref?.();
-      })
-    ]);
-  } finally {
-    if (timeoutHandle) clearTimeout(timeoutHandle);
-  }
-}
 async function restoreActiveAuth(raw) {
   const path = getActiveAuthPath();
   if (raw === null) {
@@ -786,327 +767,319 @@ async function importAccountFromAuthPath(path) {
 }
 async function handleAccountRoutes(req, res, url, context) {
   const { appServer } = context;
-  try {
-    if (req.method === "GET" && url.pathname === "/codex-api/accounts") {
-      const state = await scheduleAccountsBackgroundRefresh();
-      setJson(res, 200, {
-        data: {
-          activeAccountId: state.activeAccountId,
-          accounts: sortAccounts(state.accounts, state.activeAccountId).map((entry) => toPublicAccountEntry(entry, state.activeAccountId))
-        }
-      });
-      return true;
-    }
-    if (req.method === "GET" && url.pathname === "/codex-api/accounts/active") {
-      const state = await readStoredAccountsState();
-      const active = state.activeAccountId ? state.accounts.find((entry) => entry.accountId === state.activeAccountId) ?? null : null;
-      setJson(res, 200, {
-        data: active ? toPublicAccountEntry(active, state.activeAccountId) : null
-      });
-      return true;
-    }
-    if (req.method === "POST" && url.pathname === "/codex-api/accounts/refresh") {
+  if (req.method === "GET" && url.pathname === "/codex-api/accounts") {
+    const state = await scheduleAccountsBackgroundRefresh();
+    setJson(res, 200, {
+      data: {
+        activeAccountId: state.activeAccountId,
+        accounts: sortAccounts(state.accounts, state.activeAccountId).map((entry) => toPublicAccountEntry(entry, state.activeAccountId))
+      }
+    });
+    return true;
+  }
+  if (req.method === "GET" && url.pathname === "/codex-api/accounts/active") {
+    const state = await readStoredAccountsState();
+    const active = state.activeAccountId ? state.accounts.find((entry) => entry.accountId === state.activeAccountId) ?? null : null;
+    setJson(res, 200, {
+      data: active ? toPublicAccountEntry(active, state.activeAccountId) : null
+    });
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/accounts/refresh") {
+    try {
+      const imported = await importAccountFromAuthPath(getActiveAuthPath());
       try {
-        const imported = await importAccountFromAuthPath(getActiveAuthPath());
-        try {
-          appServer.dispose();
-          const inspection = await validateSwitchedAccountWithTimeout(appServer);
-          const state = await readStoredAccountsState();
-          const importedAccountId = imported.importedAccountId;
-          const target = state.accounts.find((entry) => entry.accountId === importedAccountId) ?? null;
-          if (!target) {
-            throw new Error("account_not_found");
-          }
-          const nextEntry = {
-            ...target,
-            email: inspection.metadata.email ?? target.email,
-            planType: inspection.metadata.planType ?? target.planType,
-            lastActivatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
-            quotaSnapshot: inspection.quotaSnapshot ?? target.quotaSnapshot,
-            quotaUpdatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
-            quotaStatus: "ready",
-            quotaError: null,
-            unavailableReason: null
-          };
-          const nextState = withUpsertedAccount({
-            activeAccountId: importedAccountId,
-            accounts: state.accounts
-          }, nextEntry);
-          await writeStoredAccountsState({
-            activeAccountId: importedAccountId,
-            accounts: nextState.accounts
-          });
-          const backgroundState = await scheduleAccountsBackgroundRefresh({
-            force: true,
-            prioritizeAccountId: importedAccountId,
-            accountIds: nextState.accounts.filter((entry) => entry.accountId !== importedAccountId).map((entry) => entry.accountId)
-          });
-          setJson(res, 200, {
-            data: {
-              activeAccountId: importedAccountId,
-              importedAccountId,
-              accounts: sortAccounts(backgroundState.accounts, importedAccountId).map((entry) => toPublicAccountEntry(entry, importedAccountId))
-            }
-          });
-        } catch (error) {
-          setJson(res, 502, {
-            error: "account_refresh_failed",
-            message: getErrorMessage(error, "Failed to refresh account")
-          });
+        appServer.dispose();
+        const inspection = await validateSwitchedAccount(appServer);
+        const state = await readStoredAccountsState();
+        const importedAccountId = imported.importedAccountId;
+        const target = state.accounts.find((entry) => entry.accountId === importedAccountId) ?? null;
+        if (!target) {
+          throw new Error("account_not_found");
         }
+        const nextEntry = {
+          ...target,
+          email: inspection.metadata.email ?? target.email,
+          planType: inspection.metadata.planType ?? target.planType,
+          lastActivatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
+          quotaSnapshot: inspection.quotaSnapshot ?? target.quotaSnapshot,
+          quotaUpdatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
+          quotaStatus: "ready",
+          quotaError: null,
+          unavailableReason: null
+        };
+        const nextState = withUpsertedAccount({
+          activeAccountId: importedAccountId,
+          accounts: state.accounts
+        }, nextEntry);
+        await writeStoredAccountsState({
+          activeAccountId: importedAccountId,
+          accounts: nextState.accounts
+        });
+        const backgroundState = await scheduleAccountsBackgroundRefresh({
+          force: true,
+          prioritizeAccountId: importedAccountId,
+          accountIds: nextState.accounts.filter((entry) => entry.accountId !== importedAccountId).map((entry) => entry.accountId)
+        });
+        setJson(res, 200, {
+          data: {
+            activeAccountId: importedAccountId,
+            importedAccountId,
+            accounts: sortAccounts(backgroundState.accounts, importedAccountId).map((entry) => toPublicAccountEntry(entry, importedAccountId))
+          }
+        });
       } catch (error) {
-        const message = getErrorMessage(error, "Failed to refresh account");
-        if (message === "missing_account_id") {
-          setJson(res, 400, { error: "missing_account_id", message: "Current auth.json is missing tokens.account_id." });
-          return true;
-        }
-        setJson(res, 400, { error: "invalid_auth_json", message: "Failed to parse the current auth.json file." });
+        setJson(res, 502, {
+          error: "account_refresh_failed",
+          message: getErrorMessage(error, "Failed to refresh account")
+        });
       }
-      return true;
+    } catch (error) {
+      const message = getErrorMessage(error, "Failed to refresh account");
+      if (message === "missing_account_id") {
+        setJson(res, 400, { error: "missing_account_id", message: "Current auth.json is missing tokens.account_id." });
+        return true;
+      }
+      setJson(res, 400, { error: "invalid_auth_json", message: "Failed to parse the current auth.json file." });
     }
-    if (req.method === "POST" && url.pathname === "/codex-api/accounts/switch") {
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/accounts/switch") {
+    try {
+      if (appServer.listPendingServerRequests().length > 0) {
+        setJson(res, 409, {
+          error: "account_switch_blocked",
+          message: "Finish pending approval requests before switching accounts."
+        });
+        return true;
+      }
+      const rawBody = await new Promise((resolve4, reject) => {
+        let body = "";
+        req.setEncoding("utf8");
+        req.on("data", (chunk) => {
+          body += chunk;
+        });
+        req.on("end", () => resolve4(body));
+        req.on("error", reject);
+      });
+      const payload = asRecord(rawBody.length > 0 ? JSON.parse(rawBody) : {});
+      const accountId = typeof payload?.accountId === "string" ? payload.accountId.trim() : "";
+      if (!accountId) {
+        setJson(res, 400, { error: "account_not_found", message: "Missing accountId." });
+        return true;
+      }
+      const state = await readStoredAccountsState();
+      const target = state.accounts.find((entry) => entry.accountId === accountId) ?? null;
+      if (!target) {
+        setJson(res, 404, { error: "account_not_found", message: "The requested account was not found." });
+        return true;
+      }
+      const snapshotPath = getSnapshotPath(target.storageId);
+      if (!await fileExists(snapshotPath)) {
+        setJson(res, 404, { error: "account_not_found", message: "The requested account snapshot is missing." });
+        return true;
+      }
+      let previousRaw = null;
       try {
-        if (appServer.listPendingServerRequests().length > 0) {
-          setJson(res, 409, {
-            error: "account_switch_blocked",
-            message: "Finish pending approval requests before switching accounts."
-          });
-          return true;
-        }
-        const rawBody = await new Promise((resolve4, reject) => {
-          let body = "";
-          req.setEncoding("utf8");
-          req.on("data", (chunk) => {
-            body += chunk;
-          });
-          req.on("end", () => resolve4(body));
-          req.on("error", reject);
+        previousRaw = await readFile(getActiveAuthPath(), "utf8");
+      } catch {
+        previousRaw = null;
+      }
+      const targetRaw = await readFile(snapshotPath, "utf8");
+      await writeFile(getActiveAuthPath(), targetRaw, { encoding: "utf8", mode: 384 });
+      try {
+        appServer.dispose();
+        const inspection = await validateSwitchedAccount(appServer);
+        const nextEntry = {
+          ...target,
+          email: inspection.metadata.email ?? target.email,
+          planType: inspection.metadata.planType ?? target.planType,
+          lastActivatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
+          quotaSnapshot: inspection.quotaSnapshot ?? target.quotaSnapshot,
+          quotaUpdatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
+          quotaStatus: "ready",
+          quotaError: null,
+          unavailableReason: null
+        };
+        const nextState = withUpsertedAccount({
+          activeAccountId: accountId,
+          accounts: state.accounts
+        }, nextEntry);
+        await writeStoredAccountsState({
+          activeAccountId: accountId,
+          accounts: nextState.accounts
         });
-        const payload = asRecord(rawBody.length > 0 ? JSON.parse(rawBody) : {});
-        const accountId = typeof payload?.accountId === "string" ? payload.accountId.trim() : "";
-        if (!accountId) {
-          setJson(res, 400, { error: "account_not_found", message: "Missing accountId." });
-          return true;
-        }
-        const state = await readStoredAccountsState();
-        const target = state.accounts.find((entry) => entry.accountId === accountId) ?? null;
-        if (!target) {
-          setJson(res, 404, { error: "account_not_found", message: "The requested account was not found." });
-          return true;
-        }
-        const snapshotPath = getSnapshotPath(target.storageId);
-        if (!await fileExists(snapshotPath)) {
-          setJson(res, 404, { error: "account_not_found", message: "The requested account snapshot is missing." });
-          return true;
-        }
-        let previousRaw = null;
-        try {
-          previousRaw = await readFile(getActiveAuthPath(), "utf8");
-        } catch {
-          previousRaw = null;
-        }
-        const targetRaw = await readFile(snapshotPath, "utf8");
-        await writeFile(getActiveAuthPath(), targetRaw, { encoding: "utf8", mode: 384 });
-        try {
-          appServer.dispose();
-          const inspection = await validateSwitchedAccountWithTimeout(appServer);
-          const nextEntry = {
-            ...target,
-            email: inspection.metadata.email ?? target.email,
-            planType: inspection.metadata.planType ?? target.planType,
-            lastActivatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
-            quotaSnapshot: inspection.quotaSnapshot ?? target.quotaSnapshot,
-            quotaUpdatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
-            quotaStatus: "ready",
-            quotaError: null,
-            unavailableReason: null
-          };
-          const nextState = withUpsertedAccount({
-            activeAccountId: accountId,
-            accounts: state.accounts
-          }, nextEntry);
-          await writeStoredAccountsState({
+        void scheduleAccountsBackgroundRefresh({
+          force: true,
+          prioritizeAccountId: accountId,
+          accountIds: nextState.accounts.filter((entry) => entry.accountId !== accountId).map((entry) => entry.accountId)
+        });
+        setJson(res, 200, {
+          ok: true,
+          data: {
             activeAccountId: accountId,
-            accounts: nextState.accounts
-          });
-          void scheduleAccountsBackgroundRefresh({
-            force: true,
-            prioritizeAccountId: accountId,
-            accountIds: nextState.accounts.filter((entry) => entry.accountId !== accountId).map((entry) => entry.accountId)
-          });
-          setJson(res, 200, {
-            ok: true,
-            data: {
-              activeAccountId: accountId,
-              account: toPublicAccountEntry(nextEntry, accountId)
-            }
-          });
-        } catch (error) {
-          await restoreActiveAuth(previousRaw);
-          appServer.dispose();
-          await replaceStoredAccount({
-            ...target,
-            quotaUpdatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
-            quotaStatus: "error",
-            quotaError: getErrorMessage(error, "Failed to switch account"),
-            unavailableReason: detectAccountUnavailableReason(error)
-          }, state.activeAccountId);
-          setJson(res, 502, {
-            error: "account_switch_failed",
-            message: getErrorMessage(error, "Failed to switch account")
-          });
-        }
+            account: toPublicAccountEntry(nextEntry, accountId)
+          }
+        });
       } catch (error) {
-        setJson(res, 400, {
-          error: "invalid_auth_json",
+        await restoreActiveAuth(previousRaw);
+        appServer.dispose();
+        await replaceStoredAccount({
+          ...target,
+          quotaUpdatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
+          quotaStatus: "error",
+          quotaError: getErrorMessage(error, "Failed to switch account"),
+          unavailableReason: detectAccountUnavailableReason(error)
+        }, state.activeAccountId);
+        setJson(res, 502, {
+          error: "account_switch_failed",
           message: getErrorMessage(error, "Failed to switch account")
         });
       }
-      return true;
+    } catch (error) {
+      setJson(res, 400, {
+        error: "invalid_auth_json",
+        message: getErrorMessage(error, "Failed to switch account")
+      });
     }
-    if (req.method === "POST" && url.pathname === "/codex-api/accounts/remove") {
-      try {
-        const rawBody = await new Promise((resolve4, reject) => {
-          let body = "";
-          req.setEncoding("utf8");
-          req.on("data", (chunk) => {
-            body += chunk;
-          });
-          req.on("end", () => resolve4(body));
-          req.on("error", reject);
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/accounts/remove") {
+    try {
+      const rawBody = await new Promise((resolve4, reject) => {
+        let body = "";
+        req.setEncoding("utf8");
+        req.on("data", (chunk) => {
+          body += chunk;
         });
-        const payload = asRecord(rawBody.length > 0 ? JSON.parse(rawBody) : {});
-        const accountId = typeof payload?.accountId === "string" ? payload.accountId.trim() : "";
-        if (!accountId) {
-          setJson(res, 400, { error: "account_not_found", message: "Missing accountId." });
-          return true;
-        }
-        const state = await readStoredAccountsState();
-        const target = state.accounts.find((entry) => entry.accountId === accountId) ?? null;
-        if (!target) {
-          setJson(res, 404, { error: "account_not_found", message: "The requested account was not found." });
-          return true;
-        }
-        const remainingAccounts = state.accounts.filter((entry) => entry.accountId !== accountId);
-        if (state.activeAccountId !== accountId) {
-          await removeSnapshot(target.storageId);
-          await writeStoredAccountsState({
+        req.on("end", () => resolve4(body));
+        req.on("error", reject);
+      });
+      const payload = asRecord(rawBody.length > 0 ? JSON.parse(rawBody) : {});
+      const accountId = typeof payload?.accountId === "string" ? payload.accountId.trim() : "";
+      if (!accountId) {
+        setJson(res, 400, { error: "account_not_found", message: "Missing accountId." });
+        return true;
+      }
+      const state = await readStoredAccountsState();
+      const target = state.accounts.find((entry) => entry.accountId === accountId) ?? null;
+      if (!target) {
+        setJson(res, 404, { error: "account_not_found", message: "The requested account was not found." });
+        return true;
+      }
+      const remainingAccounts = state.accounts.filter((entry) => entry.accountId !== accountId);
+      if (state.activeAccountId !== accountId) {
+        await removeSnapshot(target.storageId);
+        await writeStoredAccountsState({
+          activeAccountId: state.activeAccountId,
+          accounts: remainingAccounts
+        });
+        setJson(res, 200, {
+          ok: true,
+          data: {
             activeAccountId: state.activeAccountId,
-            accounts: remainingAccounts
-          });
-          setJson(res, 200, {
-            ok: true,
-            data: {
-              activeAccountId: state.activeAccountId,
-              accounts: sortAccounts(remainingAccounts, state.activeAccountId).map((entry) => toPublicAccountEntry(entry, state.activeAccountId))
-            }
-          });
-          return true;
-        }
-        if (appServer.listPendingServerRequests().length > 0) {
-          setJson(res, 409, {
-            error: "account_remove_blocked",
-            message: "Finish pending approval requests before removing the active account."
-          });
-          return true;
-        }
-        let previousRaw = null;
-        try {
-          previousRaw = await readFile(getActiveAuthPath(), "utf8");
-        } catch {
-          previousRaw = null;
-        }
-        const replacement = await pickReplacementActiveAccount(remainingAccounts);
-        if (!replacement) {
-          await restoreActiveAuth(null);
-          appServer.dispose();
-          await removeSnapshot(target.storageId);
-          await writeStoredAccountsState({
+            accounts: sortAccounts(remainingAccounts, state.activeAccountId).map((entry) => toPublicAccountEntry(entry, state.activeAccountId))
+          }
+        });
+        return true;
+      }
+      if (appServer.listPendingServerRequests().length > 0) {
+        setJson(res, 409, {
+          error: "account_remove_blocked",
+          message: "Finish pending approval requests before removing the active account."
+        });
+        return true;
+      }
+      let previousRaw = null;
+      try {
+        previousRaw = await readFile(getActiveAuthPath(), "utf8");
+      } catch {
+        previousRaw = null;
+      }
+      const replacement = await pickReplacementActiveAccount(remainingAccounts);
+      if (!replacement) {
+        await restoreActiveAuth(null);
+        appServer.dispose();
+        await removeSnapshot(target.storageId);
+        await writeStoredAccountsState({
+          activeAccountId: null,
+          accounts: remainingAccounts
+        });
+        void scheduleAccountsBackgroundRefresh({
+          force: true,
+          accountIds: remainingAccounts.map((entry) => entry.accountId)
+        });
+        setJson(res, 200, {
+          ok: true,
+          data: {
             activeAccountId: null,
-            accounts: remainingAccounts
-          });
-          void scheduleAccountsBackgroundRefresh({
-            force: true,
-            accountIds: remainingAccounts.map((entry) => entry.accountId)
-          });
-          setJson(res, 200, {
-            ok: true,
-            data: {
-              activeAccountId: null,
-              accounts: sortAccounts(remainingAccounts, null).map((entry) => toPublicAccountEntry(entry, null))
-            }
-          });
-          return true;
-        }
-        const replacementSnapshotPath = getSnapshotPath(replacement.storageId);
-        if (!await fileExists(replacementSnapshotPath)) {
-          setJson(res, 404, {
-            error: "account_not_found",
-            message: "The replacement account snapshot is missing."
-          });
-          return true;
-        }
-        const replacementRaw = await readFile(replacementSnapshotPath, "utf8");
-        await writeFile(getActiveAuthPath(), replacementRaw, { encoding: "utf8", mode: 384 });
-        try {
-          appServer.dispose();
-          const inspection = await validateSwitchedAccountWithTimeout(appServer);
-          const activatedReplacement = {
-            ...replacement,
-            email: inspection.metadata.email ?? replacement.email,
-            planType: inspection.metadata.planType ?? replacement.planType,
-            lastActivatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
-            quotaSnapshot: inspection.quotaSnapshot ?? replacement.quotaSnapshot,
-            quotaUpdatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
-            quotaStatus: "ready",
-            quotaError: null,
-            unavailableReason: null
-          };
-          const nextAccounts = remainingAccounts.map((entry) => entry.accountId === activatedReplacement.accountId ? activatedReplacement : entry);
-          await removeSnapshot(target.storageId);
-          await writeStoredAccountsState({
+            accounts: sortAccounts(remainingAccounts, null).map((entry) => toPublicAccountEntry(entry, null))
+          }
+        });
+        return true;
+      }
+      const replacementSnapshotPath = getSnapshotPath(replacement.storageId);
+      if (!await fileExists(replacementSnapshotPath)) {
+        setJson(res, 404, {
+          error: "account_not_found",
+          message: "The replacement account snapshot is missing."
+        });
+        return true;
+      }
+      const replacementRaw = await readFile(replacementSnapshotPath, "utf8");
+      await writeFile(getActiveAuthPath(), replacementRaw, { encoding: "utf8", mode: 384 });
+      try {
+        appServer.dispose();
+        const inspection = await validateSwitchedAccount(appServer);
+        const activatedReplacement = {
+          ...replacement,
+          email: inspection.metadata.email ?? replacement.email,
+          planType: inspection.metadata.planType ?? replacement.planType,
+          lastActivatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
+          quotaSnapshot: inspection.quotaSnapshot ?? replacement.quotaSnapshot,
+          quotaUpdatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
+          quotaStatus: "ready",
+          quotaError: null,
+          unavailableReason: null
+        };
+        const nextAccounts = remainingAccounts.map((entry) => entry.accountId === activatedReplacement.accountId ? activatedReplacement : entry);
+        await removeSnapshot(target.storageId);
+        await writeStoredAccountsState({
+          activeAccountId: activatedReplacement.accountId,
+          accounts: nextAccounts
+        });
+        void scheduleAccountsBackgroundRefresh({
+          force: true,
+          prioritizeAccountId: activatedReplacement.accountId,
+          accountIds: nextAccounts.filter((entry) => entry.accountId !== activatedReplacement.accountId).map((entry) => entry.accountId)
+        });
+        setJson(res, 200, {
+          ok: true,
+          data: {
             activeAccountId: activatedReplacement.accountId,
-            accounts: nextAccounts
-          });
-          void scheduleAccountsBackgroundRefresh({
-            force: true,
-            prioritizeAccountId: activatedReplacement.accountId,
-            accountIds: nextAccounts.filter((entry) => entry.accountId !== activatedReplacement.accountId).map((entry) => entry.accountId)
-          });
-          setJson(res, 200, {
-            ok: true,
-            data: {
-              activeAccountId: activatedReplacement.accountId,
-              accounts: sortAccounts(nextAccounts, activatedReplacement.accountId).map((entry) => toPublicAccountEntry(entry, activatedReplacement.accountId))
-            }
-          });
-        } catch (error) {
-          await restoreActiveAuth(previousRaw);
-          appServer.dispose();
-          await replaceStoredAccount({
-            ...replacement,
-            quotaUpdatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
-            quotaStatus: "error",
-            quotaError: getErrorMessage(error, "Failed to switch account"),
-            unavailableReason: detectAccountUnavailableReason(error)
-          }, state.activeAccountId);
-          setJson(res, 502, {
-            error: "account_remove_failed",
-            message: getErrorMessage(error, "Failed to remove account")
-          });
-        }
+            accounts: sortAccounts(nextAccounts, activatedReplacement.accountId).map((entry) => toPublicAccountEntry(entry, activatedReplacement.accountId))
+          }
+        });
       } catch (error) {
-        setJson(res, 400, {
-          error: "invalid_auth_json",
+        await restoreActiveAuth(previousRaw);
+        appServer.dispose();
+        await replaceStoredAccount({
+          ...replacement,
+          quotaUpdatedAtIso: (/* @__PURE__ */ new Date()).toISOString(),
+          quotaStatus: "error",
+          quotaError: getErrorMessage(error, "Failed to switch account"),
+          unavailableReason: detectAccountUnavailableReason(error)
+        }, state.activeAccountId);
+        setJson(res, 502, {
+          error: "account_remove_failed",
           message: getErrorMessage(error, "Failed to remove account")
         });
       }
-      return true;
-    }
-  } catch (error) {
-    Sentry.captureException(error);
-    if (!res.headersSent) {
-      setJson(res, 500, { error: "Internal account error" });
+    } catch (error) {
+      setJson(res, 400, {
+        error: "invalid_auth_json",
+        message: getErrorMessage(error, "Failed to remove account")
+      });
     }
     return true;
   }
@@ -1114,7 +1087,6 @@ async function handleAccountRoutes(req, res, url, context) {
 }
 
 // src/server/reviewGit.ts
-import * as Sentry2 from "@sentry/node";
 import { spawn as spawn2 } from "child_process";
 import { mkdir as mkdir2, rm as rm2, stat as stat2, writeFile as writeFile2 } from "fs/promises";
 import { tmpdir as tmpdir2 } from "os";
@@ -1726,55 +1698,47 @@ async function applyReviewAction(payload) {
   return await buildReviewSnapshot(normalizedCwd, scope, workspaceView);
 }
 async function handleReviewRoutes(req, res, url, context) {
-  try {
-    if (req.method === "GET" && url.pathname === "/codex-api/review/snapshot") {
-      const cwd = url.searchParams.get("cwd")?.trim() ?? "";
-      const scope = url.searchParams.get("scope") === "baseBranch" ? "baseBranch" : "workspace";
-      const workspaceView = url.searchParams.get("workspaceView") === "staged" ? "staged" : "unstaged";
-      const baseBranch = url.searchParams.get("baseBranch")?.trim() ?? "";
-      if (!cwd) {
-        setJson2(res, 400, { error: "Missing cwd" });
-        return true;
-      }
-      try {
-        setJson2(res, 200, {
-          data: await buildReviewSnapshot(cwd, scope, workspaceView, baseBranch)
-        });
-      } catch (error) {
-        setJson2(res, 500, { error: getErrorMessage2(error, "Failed to load review snapshot") });
-      }
+  if (req.method === "GET" && url.pathname === "/codex-api/review/snapshot") {
+    const cwd = url.searchParams.get("cwd")?.trim() ?? "";
+    const scope = url.searchParams.get("scope") === "baseBranch" ? "baseBranch" : "workspace";
+    const workspaceView = url.searchParams.get("workspaceView") === "staged" ? "staged" : "unstaged";
+    const baseBranch = url.searchParams.get("baseBranch")?.trim() ?? "";
+    if (!cwd) {
+      setJson2(res, 400, { error: "Missing cwd" });
       return true;
     }
-    if (req.method === "POST" && url.pathname === "/codex-api/review/action") {
-      try {
-        const payload = await context.readJsonBody(req);
-        setJson2(res, 200, {
-          data: await applyReviewAction(payload)
-        });
-      } catch (error) {
-        setJson2(res, 500, { error: getErrorMessage2(error, "Failed to apply review action") });
-      }
-      return true;
+    try {
+      setJson2(res, 200, {
+        data: await buildReviewSnapshot(cwd, scope, workspaceView, baseBranch)
+      });
+    } catch (error) {
+      setJson2(res, 500, { error: getErrorMessage2(error, "Failed to load review snapshot") });
     }
-    if (req.method === "POST" && url.pathname === "/codex-api/review/git/init") {
-      const payload = asRecord2(await context.readJsonBody(req));
-      const cwd = readString2(payload?.cwd);
-      if (!cwd) {
-        setJson2(res, 400, { error: "Missing cwd" });
-        return true;
-      }
-      try {
-        await initializeGitRepository(cwd);
-        setJson2(res, 200, { ok: true });
-      } catch (error) {
-        setJson2(res, 500, { error: getErrorMessage2(error, "Failed to initialize Git") });
-      }
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/review/action") {
+    try {
+      const payload = await context.readJsonBody(req);
+      setJson2(res, 200, {
+        data: await applyReviewAction(payload)
+      });
+    } catch (error) {
+      setJson2(res, 500, { error: getErrorMessage2(error, "Failed to apply review action") });
+    }
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/review/git/init") {
+    const payload = asRecord2(await context.readJsonBody(req));
+    const cwd = readString2(payload?.cwd);
+    if (!cwd) {
+      setJson2(res, 400, { error: "Missing cwd" });
       return true;
     }
-  } catch (error) {
-    Sentry2.captureException(error);
-    if (!res.headersSent) {
-      setJson2(res, 500, { error: "Internal review error" });
+    try {
+      await initializeGitRepository(cwd);
+      setJson2(res, 200, { ok: true });
+    } catch (error) {
+      setJson2(res, 500, { error: getErrorMessage2(error, "Failed to initialize Git") });
     }
     return true;
   }
@@ -1782,7 +1746,6 @@ async function handleReviewRoutes(req, res, url, context) {
 }
 
 // src/server/skillsRoutes.ts
-import * as Sentry3 from "@sentry/node";
 import { spawn as spawn3 } from "child_process";
 import { mkdtemp as mkdtemp2, readFile as readFile2, readdir, rm as rm3, mkdir as mkdir3, stat as stat3, lstat, readlink, symlink } from "fs/promises";
 import { existsSync as existsSync2 } from "fs";
@@ -2773,365 +2736,357 @@ async function searchSkillsHub(allEntries, query, limit, sort, installedMap) {
 }
 async function handleSkillsRoutes(req, res, url, context) {
   const { appServer, readJsonBody: readJsonBody2 } = context;
-  try {
-    if (req.method === "GET" && url.pathname === "/codex-api/skills-hub") {
+  if (req.method === "GET" && url.pathname === "/codex-api/skills-hub") {
+    try {
+      const q = url.searchParams.get("q") || "";
+      const limit = Math.min(Math.max(parseInt(url.searchParams.get("limit") || "50", 10) || 50, 1), 200);
+      const sort = url.searchParams.get("sort") || "date";
+      const allEntries = await fetchSkillsTree();
+      const installedMap = await scanInstalledSkillsFromDisk();
       try {
-        const q = url.searchParams.get("q") || "";
-        const limit = Math.min(Math.max(parseInt(url.searchParams.get("limit") || "50", 10) || 50, 1), 200);
-        const sort = url.searchParams.get("sort") || "date";
-        const allEntries = await fetchSkillsTree();
-        const installedMap = await scanInstalledSkillsFromDisk();
-        try {
-          const result = await appServer.rpc("skills/list", {});
-          for (const entry of result.data ?? []) {
-            for (const skill of entry.skills ?? []) {
-              if (skill.name) {
-                installedMap.set(skill.name, { name: skill.name, path: skill.path ?? "", enabled: skill.enabled !== false });
-              }
+        const result = await appServer.rpc("skills/list", {});
+        for (const entry of result.data ?? []) {
+          for (const skill of entry.skills ?? []) {
+            if (skill.name) {
+              installedMap.set(skill.name, { name: skill.name, path: skill.path ?? "", enabled: skill.enabled !== false });
             }
           }
-        } catch {
-        }
-        const installedHubEntries = allEntries.filter((e) => installedMap.has(e.name));
-        await fetchMetaBatch(installedHubEntries);
-        const installed = [];
-        for (const [, info] of installedMap) {
-          const hubEntry = allEntries.find((e) => e.name === info.name);
-          const base = hubEntry ? buildHubEntry(hubEntry) : {
-            name: info.name,
-            owner: "local",
-            description: "",
-            displayName: "",
-            publishedAt: 0,
-            avatarUrl: "",
-            url: "",
-            installed: false
-          };
-          installed.push({ ...base, installed: true, path: info.path, enabled: info.enabled });
         }
-        const results = await searchSkillsHub(allEntries, q, limit, sort, installedMap);
-        setJson3(res, 200, { data: results, installed, total: allEntries.length });
-      } catch (error) {
-        setJson3(res, 502, { error: getErrorMessage3(error, "Failed to fetch skills hub") });
+      } catch {
       }
-      return true;
+      const installedHubEntries = allEntries.filter((e) => installedMap.has(e.name));
+      await fetchMetaBatch(installedHubEntries);
+      const installed = [];
+      for (const [, info] of installedMap) {
+        const hubEntry = allEntries.find((e) => e.name === info.name);
+        const base = hubEntry ? buildHubEntry(hubEntry) : {
+          name: info.name,
+          owner: "local",
+          description: "",
+          displayName: "",
+          publishedAt: 0,
+          avatarUrl: "",
+          url: "",
+          installed: false
+        };
+        installed.push({ ...base, installed: true, path: info.path, enabled: info.enabled });
+      }
+      const results = await searchSkillsHub(allEntries, q, limit, sort, installedMap);
+      setJson3(res, 200, { data: results, installed, total: allEntries.length });
+    } catch (error) {
+      setJson3(res, 502, { error: getErrorMessage3(error, "Failed to fetch skills hub") });
     }
-    if (req.method === "GET" && url.pathname === "/codex-api/skills-sync/status") {
-      const state = await readSkillsSyncState();
-      setJson3(res, 200, {
-        data: {
-          loggedIn: Boolean(state.githubToken),
-          githubUsername: state.githubUsername ?? "",
-          repoOwner: state.repoOwner ?? "",
-          repoName: state.repoName ?? "",
-          configured: Boolean(state.githubToken && state.repoOwner && state.repoName),
-          telemetry: {
-            lastPullCommitSha: state.lastPullCommitSha ?? "",
-            lastPushCommitSha: state.lastPushCommitSha ?? "",
-            lastSyncAttemptCount: state.lastSyncAttemptCount ?? 0,
-            lastSyncError: state.lastSyncError ?? "",
-            lastSyncAtIso: state.lastSyncAtIso ?? ""
-          },
-          startup: {
-            inProgress: startupSyncStatus.inProgress,
-            mode: startupSyncStatus.mode,
-            branch: startupSyncStatus.branch,
-            lastAction: startupSyncStatus.lastAction,
-            lastRunAtIso: startupSyncStatus.lastRunAtIso,
-            lastSuccessAtIso: startupSyncStatus.lastSuccessAtIso,
-            lastError: startupSyncStatus.lastError
-          }
+    return true;
+  }
+  if (req.method === "GET" && url.pathname === "/codex-api/skills-sync/status") {
+    const state = await readSkillsSyncState();
+    setJson3(res, 200, {
+      data: {
+        loggedIn: Boolean(state.githubToken),
+        githubUsername: state.githubUsername ?? "",
+        repoOwner: state.repoOwner ?? "",
+        repoName: state.repoName ?? "",
+        configured: Boolean(state.githubToken && state.repoOwner && state.repoName),
+        telemetry: {
+          lastPullCommitSha: state.lastPullCommitSha ?? "",
+          lastPushCommitSha: state.lastPushCommitSha ?? "",
+          lastSyncAttemptCount: state.lastSyncAttemptCount ?? 0,
+          lastSyncError: state.lastSyncError ?? "",
+          lastSyncAtIso: state.lastSyncAtIso ?? ""
+        },
+        startup: {
+          inProgress: startupSyncStatus.inProgress,
+          mode: startupSyncStatus.mode,
+          branch: startupSyncStatus.branch,
+          lastAction: startupSyncStatus.lastAction,
+          lastRunAtIso: startupSyncStatus.lastRunAtIso,
+          lastSuccessAtIso: startupSyncStatus.lastSuccessAtIso,
+          lastError: startupSyncStatus.lastError
         }
-      });
-      return true;
-    }
-    if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/github/start-login") {
-      try {
-        const started = await startGithubDeviceLogin();
-        setJson3(res, 200, { data: started });
-      } catch (error) {
-        setJson3(res, 502, { error: getErrorMessage3(error, "Failed to start GitHub login") });
       }
-      return true;
-    }
-    if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/github/token-login") {
-      try {
-        const payload = asRecord3(await readJsonBody2(req));
-        const token = typeof payload?.token === "string" ? payload.token.trim() : "";
-        if (!token) {
-          setJson3(res, 400, { error: "Missing GitHub token" });
-          return true;
-        }
-        const username = await resolveGithubUsername(token);
-        await finalizeGithubLoginAndSync(token, username, appServer);
-        setJson3(res, 200, { ok: true, data: { githubUsername: username } });
-      } catch (error) {
-        setJson3(res, 502, { error: getErrorMessage3(error, "Failed to login with GitHub token") });
-      }
-      return true;
+    });
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/github/start-login") {
+    try {
+      const started = await startGithubDeviceLogin();
+      setJson3(res, 200, { data: started });
+    } catch (error) {
+      setJson3(res, 502, { error: getErrorMessage3(error, "Failed to start GitHub login") });
     }
-    if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/github/logout") {
-      try {
-        const state = await readSkillsSyncState();
-        await writeSkillsSyncState({
-          ...state,
-          githubToken: void 0,
-          githubUsername: void 0,
-          repoOwner: void 0,
-          repoName: void 0
-        });
-        setJson3(res, 200, { ok: true });
-      } catch (error) {
-        setJson3(res, 500, { error: getErrorMessage3(error, "Failed to logout GitHub") });
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/github/token-login") {
+    try {
+      const payload = asRecord3(await readJsonBody2(req));
+      const token = typeof payload?.token === "string" ? payload.token.trim() : "";
+      if (!token) {
+        setJson3(res, 400, { error: "Missing GitHub token" });
+        return true;
       }
-      return true;
+      const username = await resolveGithubUsername(token);
+      await finalizeGithubLoginAndSync(token, username, appServer);
+      setJson3(res, 200, { ok: true, data: { githubUsername: username } });
+    } catch (error) {
+      setJson3(res, 502, { error: getErrorMessage3(error, "Failed to login with GitHub token") });
     }
-    if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/github/complete-login") {
-      try {
-        const payload = asRecord3(await readJsonBody2(req));
-        const deviceCode = typeof payload?.deviceCode === "string" ? payload.deviceCode : "";
-        if (!deviceCode) {
-          setJson3(res, 400, { error: "Missing deviceCode" });
-          return true;
-        }
-        const result = await completeGithubDeviceLogin(deviceCode);
-        if (!result.token) {
-          setJson3(res, 200, { ok: false, pending: result.error === "authorization_pending", error: result.error || "login_failed" });
-          return true;
-        }
-        const token = result.token;
-        const username = await resolveGithubUsername(token);
-        await finalizeGithubLoginAndSync(token, username, appServer);
-        setJson3(res, 200, { ok: true, data: { githubUsername: username } });
-      } catch (error) {
-        setJson3(res, 502, { error: getErrorMessage3(error, "Failed to complete GitHub login") });
-      }
-      return true;
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/github/logout") {
+    try {
+      const state = await readSkillsSyncState();
+      await writeSkillsSyncState({
+        ...state,
+        githubToken: void 0,
+        githubUsername: void 0,
+        repoOwner: void 0,
+        repoName: void 0
+      });
+      setJson3(res, 200, { ok: true });
+    } catch (error) {
+      setJson3(res, 500, { error: getErrorMessage3(error, "Failed to logout GitHub") });
     }
-    if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/push") {
-      try {
-        const state = await readSkillsSyncState();
-        if (!state.githubToken || !state.repoOwner || !state.repoName) {
-          setJson3(res, 400, { error: "Skills sync is not configured yet" });
-          return true;
-        }
-        if (isUpstreamSkillsRepo(state.repoOwner, state.repoName)) {
-          setJson3(res, 400, { error: "Refusing to push to upstream repository" });
-          return true;
-        }
-        const local = await collectLocalSyncedSkills(appServer);
-        const installedMap = await scanInstalledSkillsFromDisk();
-        await writeRemoteSkillsManifest(state.githubToken, state.repoOwner, state.repoName, local);
-        await syncInstalledSkillsFolderToRepo(state.githubToken, state.repoOwner, state.repoName, installedMap);
-        setJson3(res, 200, { ok: true, data: { synced: local.length } });
-      } catch (error) {
-        setJson3(res, 502, { error: getErrorMessage3(error, "Failed to push synced skills") });
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/github/complete-login") {
+    try {
+      const payload = asRecord3(await readJsonBody2(req));
+      const deviceCode = typeof payload?.deviceCode === "string" ? payload.deviceCode : "";
+      if (!deviceCode) {
+        setJson3(res, 400, { error: "Missing deviceCode" });
+        return true;
       }
-      return true;
+      const result = await completeGithubDeviceLogin(deviceCode);
+      if (!result.token) {
+        setJson3(res, 200, { ok: false, pending: result.error === "authorization_pending", error: result.error || "login_failed" });
+        return true;
+      }
+      const token = result.token;
+      const username = await resolveGithubUsername(token);
+      await finalizeGithubLoginAndSync(token, username, appServer);
+      setJson3(res, 200, { ok: true, data: { githubUsername: username } });
+    } catch (error) {
+      setJson3(res, 502, { error: getErrorMessage3(error, "Failed to complete GitHub login") });
     }
-    if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/startup-sync") {
-      try {
-        await runSkillsSyncStartup(appServer);
-        setJson3(res, 200, { ok: true });
-      } catch (error) {
-        setJson3(res, 502, { error: getErrorMessage3(error, "Failed to run startup sync") });
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/push") {
+    try {
+      const state = await readSkillsSyncState();
+      if (!state.githubToken || !state.repoOwner || !state.repoName) {
+        setJson3(res, 400, { error: "Skills sync is not configured yet" });
+        return true;
       }
-      return true;
+      if (isUpstreamSkillsRepo(state.repoOwner, state.repoName)) {
+        setJson3(res, 400, { error: "Refusing to push to upstream repository" });
+        return true;
+      }
+      const local = await collectLocalSyncedSkills(appServer);
+      const installedMap = await scanInstalledSkillsFromDisk();
+      await writeRemoteSkillsManifest(state.githubToken, state.repoOwner, state.repoName, local);
+      await syncInstalledSkillsFolderToRepo(state.githubToken, state.repoOwner, state.repoName, installedMap);
+      setJson3(res, 200, { ok: true, data: { synced: local.length } });
+    } catch (error) {
+      setJson3(res, 502, { error: getErrorMessage3(error, "Failed to push synced skills") });
     }
-    if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/pull") {
-      try {
-        const state = await readSkillsSyncState();
-        if (!state.githubToken || !state.repoOwner || !state.repoName) {
-          await bootstrapSkillsFromUpstreamIntoLocal();
-          try {
-            await appServer.rpc("skills/list", { forceReload: true });
-          } catch {
-          }
-          setJson3(res, 200, { ok: true, data: { synced: 0, source: "upstream" } });
-          return true;
-        }
-        const remote = await readRemoteSkillsManifest(state.githubToken, state.repoOwner, state.repoName);
-        const tree = await fetchSkillsTree();
-        const uniqueOwnerByName = /* @__PURE__ */ new Map();
-        const ambiguousNames = /* @__PURE__ */ new Set();
-        for (const entry of tree) {
-          if (ambiguousNames.has(entry.name)) continue;
-          const existingOwner = uniqueOwnerByName.get(entry.name);
-          if (!existingOwner) {
-            uniqueOwnerByName.set(entry.name, entry.owner);
-            continue;
-          }
-          if (existingOwner !== entry.owner) {
-            uniqueOwnerByName.delete(entry.name);
-            ambiguousNames.add(entry.name);
-          }
-        }
-        const localDir = await detectUserSkillsDir(appServer);
-        await pullInstalledSkillsFolderFromRepo(state.githubToken, state.repoOwner, state.repoName);
-        const localSkills = await scanInstalledSkillsFromDisk();
-        const missingAfterPull = [];
-        for (const skill of remote) {
-          const owner = skill.owner || uniqueOwnerByName.get(skill.name) || "";
-          if (!owner) continue;
-          if (!localSkills.has(skill.name)) {
-            missingAfterPull.push(`${owner}/${skill.name}`);
-            continue;
-          }
-          const skillPath = join4(localDir, skill.name);
-          await appServer.rpc("skills/config/write", { path: skillPath, enabled: skill.enabled });
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/startup-sync") {
+    try {
+      await runSkillsSyncStartup(appServer);
+      setJson3(res, 200, { ok: true });
+    } catch (error) {
+      setJson3(res, 502, { error: getErrorMessage3(error, "Failed to run startup sync") });
+    }
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/skills-sync/pull") {
+    try {
+      const state = await readSkillsSyncState();
+      if (!state.githubToken || !state.repoOwner || !state.repoName) {
+        await bootstrapSkillsFromUpstreamIntoLocal();
+        try {
+          await appServer.rpc("skills/list", { forceReload: true });
+        } catch {
         }
-        if (missingAfterPull.length > 0) {
-          throw new Error(`Missing skill folders after pull: ${missingAfterPull.join(", ")}`);
+        setJson3(res, 200, { ok: true, data: { synced: 0, source: "upstream" } });
+        return true;
+      }
+      const remote = await readRemoteSkillsManifest(state.githubToken, state.repoOwner, state.repoName);
+      const tree = await fetchSkillsTree();
+      const uniqueOwnerByName = /* @__PURE__ */ new Map();
+      const ambiguousNames = /* @__PURE__ */ new Set();
+      for (const entry of tree) {
+        if (ambiguousNames.has(entry.name)) continue;
+        const existingOwner = uniqueOwnerByName.get(entry.name);
+        if (!existingOwner) {
+          uniqueOwnerByName.set(entry.name, entry.owner);
+          continue;
         }
-        const remoteNames = new Set(remote.map((row) => row.name));
-        for (const [name, localInfo] of localSkills.entries()) {
-          if (!remoteNames.has(name)) {
-            await rm3(localInfo.path.replace(/\/SKILL\.md$/, ""), { recursive: true, force: true });
-          }
+        if (existingOwner !== entry.owner) {
+          uniqueOwnerByName.delete(entry.name);
+          ambiguousNames.add(entry.name);
         }
-        const nextOwners = {};
-        for (const item of remote) {
-          const owner = item.owner || uniqueOwnerByName.get(item.name) || "";
-          if (owner) nextOwners[item.name] = owner;
+      }
+      const localDir = await detectUserSkillsDir(appServer);
+      await pullInstalledSkillsFolderFromRepo(state.githubToken, state.repoOwner, state.repoName);
+      const localSkills = await scanInstalledSkillsFromDisk();
+      const missingAfterPull = [];
+      for (const skill of remote) {
+        const owner = skill.owner || uniqueOwnerByName.get(skill.name) || "";
+        if (!owner) continue;
+        if (!localSkills.has(skill.name)) {
+          missingAfterPull.push(`${owner}/${skill.name}`);
+          continue;
         }
-        const pulledHead = await runCommandWithOutput("git", ["rev-parse", "HEAD"], { cwd: getSkillsInstallDir() }).catch(() => "");
-        await writeSkillsSyncState({
-          ...state,
-          installedOwners: nextOwners,
-          lastPullCommitSha: pulledHead.trim(),
-          lastSyncAttemptCount: 1,
-          lastSyncError: "",
-          lastSyncAtIso: (/* @__PURE__ */ new Date()).toISOString()
-        });
-        try {
-          await appServer.rpc("skills/list", { forceReload: true });
-        } catch {
+        const skillPath = join4(localDir, skill.name);
+        await appServer.rpc("skills/config/write", { path: skillPath, enabled: skill.enabled });
+      }
+      if (missingAfterPull.length > 0) {
+        throw new Error(`Missing skill folders after pull: ${missingAfterPull.join(", ")}`);
+      }
+      const remoteNames = new Set(remote.map((row) => row.name));
+      for (const [name, localInfo] of localSkills.entries()) {
+        if (!remoteNames.has(name)) {
+          await rm3(localInfo.path.replace(/\/SKILL\.md$/, ""), { recursive: true, force: true });
         }
-        setJson3(res, 200, { ok: true, data: { synced: remote.length } });
-      } catch (error) {
-        setJson3(res, 502, { error: getErrorMessage3(error, "Failed to pull synced skills") });
       }
-      return true;
-    }
-    if (req.method === "GET" && url.pathname === "/codex-api/skills-hub/readme") {
+      const nextOwners = {};
+      for (const item of remote) {
+        const owner = item.owner || uniqueOwnerByName.get(item.name) || "";
+        if (owner) nextOwners[item.name] = owner;
+      }
+      const pulledHead = await runCommandWithOutput("git", ["rev-parse", "HEAD"], { cwd: getSkillsInstallDir() }).catch(() => "");
+      await writeSkillsSyncState({
+        ...state,
+        installedOwners: nextOwners,
+        lastPullCommitSha: pulledHead.trim(),
+        lastSyncAttemptCount: 1,
+        lastSyncError: "",
+        lastSyncAtIso: (/* @__PURE__ */ new Date()).toISOString()
+      });
       try {
-        const owner = url.searchParams.get("owner") || "";
-        const name = url.searchParams.get("name") || "";
-        const installed = url.searchParams.get("installed") === "true";
-        const skillPath = url.searchParams.get("path") || "";
-        if (!owner || !name) {
-          setJson3(res, 400, { error: "Missing owner or name" });
+        await appServer.rpc("skills/list", { forceReload: true });
+      } catch {
+      }
+      setJson3(res, 200, { ok: true, data: { synced: remote.length } });
+    } catch (error) {
+      setJson3(res, 502, { error: getErrorMessage3(error, "Failed to pull synced skills") });
+    }
+    return true;
+  }
+  if (req.method === "GET" && url.pathname === "/codex-api/skills-hub/readme") {
+    try {
+      const owner = url.searchParams.get("owner") || "";
+      const name = url.searchParams.get("name") || "";
+      const installed = url.searchParams.get("installed") === "true";
+      const skillPath = url.searchParams.get("path") || "";
+      if (!owner || !name) {
+        setJson3(res, 400, { error: "Missing owner or name" });
+        return true;
+      }
+      if (installed) {
+        const installedMap = await scanInstalledSkillsFromDisk();
+        const installedInfo = installedMap.get(name);
+        const localSkillPath = installedInfo?.path || (skillPath ? skillPath.endsWith("/SKILL.md") ? skillPath : `${skillPath}/SKILL.md` : "");
+        if (localSkillPath) {
+          const content2 = await readFile2(localSkillPath, "utf8");
+          const description2 = extractSkillDescriptionFromMarkdown(content2);
+          setJson3(res, 200, { content: content2, description: description2, source: "local" });
           return true;
         }
-        if (installed) {
-          const installedMap = await scanInstalledSkillsFromDisk();
-          const installedInfo = installedMap.get(name);
-          const localSkillPath = installedInfo?.path || (skillPath ? skillPath.endsWith("/SKILL.md") ? skillPath : `${skillPath}/SKILL.md` : "");
-          if (localSkillPath) {
-            const content2 = await readFile2(localSkillPath, "utf8");
-            const description2 = extractSkillDescriptionFromMarkdown(content2);
-            setJson3(res, 200, { content: content2, description: description2, source: "local" });
-            return true;
-          }
-        }
-        const rawUrl = `https://raw.githubusercontent.com/${HUB_SKILLS_OWNER}/${HUB_SKILLS_REPO}/main/skills/${owner}/${name}/SKILL.md`;
-        const resp = await fetch(rawUrl);
-        if (!resp.ok) throw new Error(`Failed to fetch SKILL.md: ${resp.status}`);
-        const content = await resp.text();
-        const description = extractSkillDescriptionFromMarkdown(content);
-        setJson3(res, 200, { content, description, source: "remote" });
-      } catch (error) {
-        setJson3(res, 502, { error: getErrorMessage3(error, "Failed to fetch SKILL.md") });
       }
-      return true;
+      const rawUrl = `https://raw.githubusercontent.com/${HUB_SKILLS_OWNER}/${HUB_SKILLS_REPO}/main/skills/${owner}/${name}/SKILL.md`;
+      const resp = await fetch(rawUrl);
+      if (!resp.ok) throw new Error(`Failed to fetch SKILL.md: ${resp.status}`);
+      const content = await resp.text();
+      const description = extractSkillDescriptionFromMarkdown(content);
+      setJson3(res, 200, { content, description, source: "remote" });
+    } catch (error) {
+      setJson3(res, 502, { error: getErrorMessage3(error, "Failed to fetch SKILL.md") });
     }
-    if (req.method === "POST" && url.pathname === "/codex-api/skills-hub/install") {
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/skills-hub/install") {
+    try {
+      const payload = asRecord3(await readJsonBody2(req));
+      const owner = typeof payload?.owner === "string" ? payload.owner : "";
+      const name = typeof payload?.name === "string" ? payload.name : "";
+      if (!owner || !name) {
+        setJson3(res, 400, { error: "Missing owner or name" });
+        return true;
+      }
+      const installerScript = resolveSkillInstallerScriptPath(getCodexHomeDir2());
+      if (!installerScript) {
+        throw new Error("Skill installer script not found");
+      }
+      const pythonCommand = resolvePythonCommand();
+      if (!pythonCommand) {
+        throw new Error("Python 3 is required to install skills");
+      }
+      const installDest = await withTimeout(
+        detectUserSkillsDir(appServer),
+        1e4,
+        "detectUserSkillsDir"
+      ).catch(() => getSkillsInstallDir());
+      const skillDir = join4(installDest, name);
+      if (existsSync2(skillDir)) {
+        await rm3(skillDir, { recursive: true, force: true });
+      }
+      await runCommand2(pythonCommand.command, [
+        ...pythonCommand.args,
+        installerScript,
+        "--repo",
+        `${HUB_SKILLS_OWNER}/${HUB_SKILLS_REPO}`,
+        "--path",
+        `skills/${owner}/${name}`,
+        "--dest",
+        installDest,
+        "--method",
+        "git"
+      ], { timeoutMs: 9e4 });
       try {
-        const payload = asRecord3(await readJsonBody2(req));
-        const owner = typeof payload?.owner === "string" ? payload.owner : "";
-        const name = typeof payload?.name === "string" ? payload.name : "";
-        if (!owner || !name) {
-          setJson3(res, 400, { error: "Missing owner or name" });
-          return true;
-        }
-        const installerScript = resolveSkillInstallerScriptPath(getCodexHomeDir2());
-        if (!installerScript) {
-          throw new Error("Skill installer script not found");
-        }
-        const pythonCommand = resolvePythonCommand();
-        if (!pythonCommand) {
-          throw new Error("Python 3 is required to install skills");
-        }
-        const installDest = await withTimeout(
-          detectUserSkillsDir(appServer),
-          1e4,
-          "detectUserSkillsDir"
-        ).catch(() => getSkillsInstallDir());
-        const skillDir = join4(installDest, name);
-        if (existsSync2(skillDir)) {
-          await rm3(skillDir, { recursive: true, force: true });
-        }
-        await runCommand2(pythonCommand.command, [
-          ...pythonCommand.args,
-          installerScript,
-          "--repo",
-          `${HUB_SKILLS_OWNER}/${HUB_SKILLS_REPO}`,
-          "--path",
-          `skills/${owner}/${name}`,
-          "--dest",
-          installDest,
-          "--method",
-          "git"
-        ], { timeoutMs: 9e4 });
-        try {
-          await withTimeout(ensureInstalledSkillIsValid(appServer, skillDir), 1e4, "ensureInstalledSkillIsValid");
-        } catch {
-        }
+        await withTimeout(ensureInstalledSkillIsValid(appServer, skillDir), 1e4, "ensureInstalledSkillIsValid");
+      } catch {
+      }
+      const syncState = await readSkillsSyncState();
+      const nextOwners = { ...syncState.installedOwners ?? {}, [name]: owner };
+      await writeSkillsSyncState({ ...syncState, installedOwners: nextOwners });
+      autoPushSyncedSkills(appServer).catch(() => {
+      });
+      setJson3(res, 200, { ok: true, path: skillDir });
+    } catch (error) {
+      setJson3(res, 502, { error: getErrorMessage3(error, "Failed to install skill") });
+    }
+    return true;
+  }
+  if (req.method === "POST" && url.pathname === "/codex-api/skills-hub/uninstall") {
+    try {
+      const payload = asRecord3(await readJsonBody2(req));
+      const name = typeof payload?.name === "string" ? payload.name : "";
+      const path = typeof payload?.path === "string" ? payload.path : "";
+      const normalizedPath = path.endsWith("/SKILL.md") ? path.slice(0, -"/SKILL.md".length) : path;
+      const target = normalizedPath || (name ? join4(getSkillsInstallDir(), name) : "");
+      if (!target) {
+        setJson3(res, 400, { error: "Missing name or path" });
+        return true;
+      }
+      await rm3(target, { recursive: true, force: true });
+      if (name) {
         const syncState = await readSkillsSyncState();
-        const nextOwners = { ...syncState.installedOwners ?? {}, [name]: owner };
+        const nextOwners = { ...syncState.installedOwners ?? {} };
+        delete nextOwners[name];
         await writeSkillsSyncState({ ...syncState, installedOwners: nextOwners });
-        autoPushSyncedSkills(appServer).catch(() => {
-        });
-        setJson3(res, 200, { ok: true, path: skillDir });
-      } catch (error) {
-        setJson3(res, 502, { error: getErrorMessage3(error, "Failed to install skill") });
       }
-      return true;
-    }
-    if (req.method === "POST" && url.pathname === "/codex-api/skills-hub/uninstall") {
+      autoPushSyncedSkills(appServer).catch(() => {
+      });
       try {
-        const payload = asRecord3(await readJsonBody2(req));
-        const name = typeof payload?.name === "string" ? payload.name : "";
-        const path = typeof payload?.path === "string" ? payload.path : "";
-        const normalizedPath = path.endsWith("/SKILL.md") ? path.slice(0, -"/SKILL.md".length) : path;
-        const target = normalizedPath || (name ? join4(getSkillsInstallDir(), name) : "");
-        if (!target) {
-          setJson3(res, 400, { error: "Missing name or path" });
-          return true;
-        }
-        await rm3(target, { recursive: true, force: true });
-        if (name) {
-          const syncState = await readSkillsSyncState();
-          const nextOwners = { ...syncState.installedOwners ?? {} };
-          delete nextOwners[name];
-          await writeSkillsSyncState({ ...syncState, installedOwners: nextOwners });
-        }
-        autoPushSyncedSkills(appServer).catch(() => {
-        });
-        try {
-          await withTimeout(appServer.rpc("skills/list", { forceReload: true }), 1e4, "skills/list reload");
-        } catch {
-        }
-        setJson3(res, 200, { ok: true, deletedPath: target });
-      } catch (error) {
-        setJson3(res, 502, { error: getErrorMessage3(error, "Failed to uninstall skill") });
+        await withTimeout(appServer.rpc("skills/list", { forceReload: true }), 1e4, "skills/list reload");
+      } catch {
       }
-      return true;
-    }
-  } catch (error) {
-    Sentry3.captureException(error);
-    if (!res.headersSent) {
-      setJson3(res, 500, { error: "Internal skills error" });
+      setJson3(res, 200, { ok: true, deletedPath: target });
+    } catch (error) {
+      setJson3(res, 502, { error: getErrorMessage3(error, "Failed to uninstall skill") });
     }
     return true;
   }
@@ -3140,6 +3095,18 @@ async function handleSkillsRoutes(req, res, url, context) {
 
 // src/server/telegramThreadBridge.ts
 import { basename } from "path";
+var TELEGRAM_MESSAGE_MAX_LENGTH = 3500;
+var TELEGRAM_BOT_COMMANDS = [
+  { command: "start", description: "Show quick start and thread picker" },
+  { command: "threads", description: "List recent threads to connect" },
+  { command: "newthread", description: "Create and connect a new thread" },
+  { command: "thread", description: "Connect existing thread: /thread <id>" },
+  { command: "current", description: "Show currently connected thread" },
+  { command: "history", description: "Show recent history for current thread" },
+  { command: "status", description: "Show bridge and mapping status" },
+  { command: "whoami", description: "Show your Telegram IDs" },
+  { command: "help", description: "Show available commands" }
+];
 function asRecord4(value) {
   return value !== null && typeof value === "object" && !Array.isArray(value) ? value : null;
 }
@@ -3174,6 +3141,73 @@ function normalizeTelegramAllowlist(values) {
   }).filter((value) => Number.isFinite(value)))).slice(0, 100);
   return { allowAllUsers, allowedUserIds };
 }
+function escapeHtml(value) {
+  return value.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;");
+}
+function renderMarkdownInlineToTelegramHtml(value) {
+  let rendered = escapeHtml(value);
+  rendered = rendered.replace(/\[([^\]\n]+)\]\((https?:\/\/[^\s)]+)\)/g, '<a href="$2">$1</a>');
+  rendered = rendered.replace(/`([^`\n]+)`/g, "<code>$1</code>");
+  rendered = rendered.replace(/\*\*([^*\n][^*\n]*?)\*\*/g, "<b>$1</b>");
+  rendered = rendered.replace(/__([^_\n][^_\n]*?)__/g, "<b>$1</b>");
+  rendered = rendered.replace(/\*([^*\n][^*\n]*?)\*/g, "<i>$1</i>");
+  rendered = rendered.replace(/_([^_\n][^_\n]*?)_/g, "<i>$1</i>");
+  rendered = rendered.replace(/^(#{1,6})\s+(.+)$/gm, (_match, _hashes, content) => `<b>${content}</b>`);
+  return rendered;
+}
+function renderMarkdownToTelegramHtml(markdown) {
+  const normalized = markdown.replace(/\r\n/g, "\n");
+  const fencedCodeRegex = /```([a-zA-Z0-9_-]+)?\n([\s\S]*?)```/g;
+  let cursor = 0;
+  const parts = [];
+  let match = fencedCodeRegex.exec(normalized);
+  while (match) {
+    const [fullMatch, lang, code] = match;
+    const matchIndex = match.index;
+    const before = normalized.slice(cursor, matchIndex);
+    if (before) {
+      parts.push(renderMarkdownInlineToTelegramHtml(before));
+    }
+    const escapedCode = escapeHtml((code ?? "").replace(/\n+$/g, ""));
+    const escapedLang = typeof lang === "string" ? escapeHtml(lang) : "";
+    if (escapedLang) {
+      parts.push(`<pre><code class="language-${escapedLang}">${escapedCode}</code></pre>`);
+    } else {
+      parts.push(`<pre>${escapedCode}</pre>`);
+    }
+    cursor = matchIndex + fullMatch.length;
+    match = fencedCodeRegex.exec(normalized);
+  }
+  const tail = normalized.slice(cursor);
+  if (tail) {
+    parts.push(renderMarkdownInlineToTelegramHtml(tail));
+  }
+  return parts.join("");
+}
+function splitTelegramText(text, maxLength = TELEGRAM_MESSAGE_MAX_LENGTH) {
+  const normalized = text.replace(/\r\n/g, "\n").trim();
+  if (!normalized) return [];
+  if (normalized.length <= maxLength) return [normalized];
+  const chunks = [];
+  let remaining = normalized;
+  while (remaining.length > maxLength) {
+    let splitIndex = remaining.lastIndexOf("\n\n", maxLength);
+    if (splitIndex < Math.floor(maxLength * 0.5)) {
+      splitIndex = remaining.lastIndexOf("\n", maxLength);
+    }
+    if (splitIndex < Math.floor(maxLength * 0.5)) {
+      splitIndex = remaining.lastIndexOf(" ", maxLength);
+    }
+    if (splitIndex <= 0) {
+      splitIndex = maxLength;
+    }
+    const chunk = remaining.slice(0, splitIndex).trim();
+    if (chunk) chunks.push(chunk);
+    remaining = remaining.slice(splitIndex).trim();
+  }
+  if (remaining) chunks.push(remaining);
+  return chunks;
+}
 var TelegramThreadBridge = class {
   constructor(appServer, options = {}) {
     this.allowAllUsers = false;
@@ -3196,6 +3230,8 @@ var TelegramThreadBridge = class {
   start() {
     if (!this.token || this.active) return;
     this.active = true;
+    void this.syncBotCommands().catch(() => {
+    });
     void this.notifyOnlineForKnownChats().catch(() => {
     });
     this.pollingTask = this.pollLoop();
@@ -3251,6 +3287,8 @@ var TelegramThreadBridge = class {
       throw new Error("Telegram bot token is required");
     }
     this.token = normalizedToken;
+    void this.syncBotCommands().catch(() => {
+    });
   }
   getStatus() {
     return {
@@ -3293,17 +3331,49 @@ var TelegramThreadBridge = class {
     this.onChatSeen?.(Math.trunc(chatId));
   }
   async sendTelegramMessage(chatId, text, options = {}) {
-    const message = text.trim();
-    if (!message) return;
-    const payload = { chat_id: chatId, text: message };
+    const chunks = splitTelegramText(text);
+    if (chunks.length === 0) return;
+    for (let index = 0; index < chunks.length; index += 1) {
+      const chunk = chunks[index];
+      const replyMarkup = index === 0 ? options.replyMarkup : void 0;
+      const htmlChunk = renderMarkdownToTelegramHtml(chunk);
+      try {
+        await this.sendMessageRequest(chatId, htmlChunk, { replyMarkup, parseMode: "HTML" });
+      } catch {
+        await this.sendMessageRequest(chatId, chunk, { replyMarkup });
+      }
+    }
+  }
+  async sendMessageRequest(chatId, text, options = {}) {
+    const payload = { chat_id: chatId, text };
     if (options.replyMarkup) {
       payload.reply_markup = options.replyMarkup;
     }
-    await fetch(this.apiUrl("sendMessage"), {
+    if (options.parseMode) {
+      payload.parse_mode = options.parseMode;
+    }
+    await this.callTelegramApi("sendMessage", payload);
+  }
+  async syncBotCommands() {
+    if (!this.token) return;
+    await this.callTelegramApi("setMyCommands", {
+      commands: TELEGRAM_BOT_COMMANDS
+    });
+  }
+  async callTelegramApi(method, payload) {
+    const response = await fetch(this.apiUrl(method), {
       method: "POST",
       headers: { "Content-Type": "application/json" },
       body: JSON.stringify(payload)
     });
+    const parsed = asRecord4(await response.json());
+    const ok = parsed?.ok === true;
+    if (!response.ok || !ok) {
+      const description = typeof parsed?.description === "string" ? parsed.description : "";
+      const statusPart = `${String(response.status)} ${response.statusText}`.trim();
+      throw new Error(description || statusPart || `Telegram API ${method} failed`);
+    }
+    return parsed ?? {};
   }
   async sendOnlineMessage(chatId) {
     await this.sendTelegramMessage(chatId, "Codex thread bridge went online.");
@@ -3330,6 +3400,11 @@ var TelegramThreadBridge = class {
     }
     this.markChatSeen(chatId);
     if (text === "/start") {
+      await this.sendTelegramMessage(chatId, this.helpMessage());
+      await this.sendThreadPicker(chatId);
+      return;
+    }
+    if (text === "/threads") {
       await this.sendThreadPicker(chatId);
       return;
     }
@@ -3345,6 +3420,59 @@ var TelegramThreadBridge = class {
       await this.sendTelegramMessage(chatId, `Mapped to thread: ${threadId2}`);
       return;
     }
+    if (text === "/current") {
+      const threadId2 = this.threadIdByChatId.get(chatId);
+      await this.sendTelegramMessage(chatId, threadId2 ? `Current thread: \`${threadId2}\`` : "No thread is connected for this chat yet. Use /threads, /newthread, or /thread <id>.");
+      return;
+    }
+    if (text === "/history") {
+      const threadId2 = this.threadIdByChatId.get(chatId);
+      if (!threadId2) {
+        await this.sendTelegramMessage(chatId, "No thread is connected for this chat yet. Use /threads or /newthread first.");
+        return;
+      }
+      const history = await this.readThreadHistorySummary(threadId2);
+      await this.sendTelegramMessage(chatId, history);
+      return;
+    }
+    if (text === "/status") {
+      const status = this.getStatus();
+      const mappedThreadId = this.threadIdByChatId.get(chatId) ?? "none";
+      await this.sendTelegramMessage(
+        chatId,
+        [
+          "**Bridge status**",
+          `configured: ${String(status.configured)}`,
+          `active: ${String(status.active)}`,
+          `mapped chats: ${String(status.mappedChats)}`,
+          `mapped threads: ${String(status.mappedThreads)}`,
+          `allowed users: ${String(status.allowedUsers)}`,
+          `allow all users: ${String(status.allowAllUsers)}`,
+          `chat ${String(chatId)} thread: \`${mappedThreadId}\``,
+          status.lastError ? `last error: ${status.lastError}` : ""
+        ].filter(Boolean).join("\n")
+      );
+      return;
+    }
+    if (text === "/whoami") {
+      const normalizedSenderId = typeof senderId === "number" && Number.isFinite(senderId) ? String(Math.trunc(senderId)) : "unknown";
+      const normalizedChatId = String(Math.trunc(chatId));
+      await this.sendTelegramMessage(
+        chatId,
+        [
+          "**Identity**",
+          `telegram user id: \`${normalizedSenderId}\``,
+          `chat id: \`${normalizedChatId}\``,
+          `authorized: ${String(this.isAllowedSender(senderId))}`,
+          this.allowAllUsers ? "allowlist mode: `*`" : "allowlist mode: explicit ids"
+        ].join("\n")
+      );
+      return;
+    }
+    if (text === "/help") {
+      await this.sendTelegramMessage(chatId, this.helpMessage());
+      return;
+    }
     const threadId = await this.ensureThreadForChat(chatId);
     try {
       await this.appServer.rpc("turn/start", {
@@ -3410,14 +3538,14 @@ Add this ID to the bot allowlist before using the bridge.`;
     }
     return "Unauthorized sender";
   }
+  helpMessage() {
+    const rows = TELEGRAM_BOT_COMMANDS.map((command) => `/${command.command} - ${command.description}`);
+    return ["**Available commands**", ...rows].join("\n");
+  }
   async answerCallbackQuery(callbackQueryId, text) {
-    await fetch(this.apiUrl("answerCallbackQuery"), {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        callback_query_id: callbackQueryId,
-        text
-      })
+    await this.callTelegramApi("answerCallbackQuery", {
+      callback_query_id: callbackQueryId,
+      text
     });
   }
   async sendThreadPicker(chatId) {
@@ -3703,22 +3831,57 @@ async function getFreeModels() {
 var FREE_MODE_DEFAULT_MODEL = "openrouter/free";
 var FREE_MODE_STATE_FILE = "webui-free-mode.json";
 var CUSTOM_PROVIDER_ID = "custom-endpoint";
-function getFreeModeConfigArgs(state) {
-  if (!state.enabled || !state.apiKey) return [];
+var OPENCODE_ZEN_PROVIDER_ID = "opencode-zen";
+var OPENCODE_ZEN_BASE_URL = "https://opencode.ai/zen/v1";
+function getFreeModeEnvVars(state) {
+  if (!state.enabled) return {};
+  if (state.provider === "opencode-zen" && state.apiKey) {
+    return { OPENCODE_ZEN_API_KEY: state.apiKey };
+  }
+  if (state.provider === "custom" && state.customBaseUrl && state.apiKey) {
+    return { CUSTOM_ENDPOINT_API_KEY: state.apiKey };
+  }
+  return {};
+}
+function getFreeModeConfigArgs(state, serverPort) {
+  if (!state.enabled) return [];
+  if (state.provider === "opencode-zen") {
+    const baseUrl2 = serverPort ? `http://127.0.0.1:${serverPort}/codex-api/zen-proxy/v1` : OPENCODE_ZEN_BASE_URL;
+    const wireApi = serverPort ? "responses" : state.wireApi || "chat";
+    const authArgs = serverPort ? ["-c", `model_providers.${OPENCODE_ZEN_PROVIDER_ID}.experimental_bearer_token="zen-proxy-token"`] : ["-c", `model_providers.${OPENCODE_ZEN_PROVIDER_ID}.env_key="OPENCODE_ZEN_API_KEY"`];
+    return [
+      "-c",
+      `model_provider="${OPENCODE_ZEN_PROVIDER_ID}"`,
+      "-c",
+      `model_providers.${OPENCODE_ZEN_PROVIDER_ID}.name="OpenCode Zen"`,
+      "-c",
+      `model_providers.${OPENCODE_ZEN_PROVIDER_ID}.base_url="${baseUrl2}"`,
+      "-c",
+      `model_providers.${OPENCODE_ZEN_PROVIDER_ID}.wire_api="${wireApi}"`,
+      ...authArgs
+    ];
+  }
   if (state.provider === "custom" && state.customBaseUrl) {
+    const baseUrl2 = serverPort ? `http://127.0.0.1:${serverPort}/codex-api/custom-proxy/v1` : state.customBaseUrl;
+    const wireApi = serverPort ? "responses" : state.wireApi || "responses";
+    const authArgs = serverPort ? ["-c", `model_providers.${CUSTOM_PROVIDER_ID}.experimental_bearer_token="custom-proxy-token"`] : ["-c", `model_providers.${CUSTOM_PROVIDER_ID}.env_key="CUSTOM_ENDPOINT_API_KEY"`];
+    const modelArgs = state.model?.trim() ? ["-c", `model="${state.model.trim()}"`] : [];
     return [
+      ...modelArgs,
       "-c",
       `model_provider="${CUSTOM_PROVIDER_ID}"`,
       "-c",
       `model_providers.${CUSTOM_PROVIDER_ID}.name="Custom Endpoint"`,
       "-c",
-      `model_providers.${CUSTOM_PROVIDER_ID}.base_url="${state.customBaseUrl}"`,
+      `model_providers.${CUSTOM_PROVIDER_ID}.base_url="${baseUrl2}"`,
       "-c",
-      `model_providers.${CUSTOM_PROVIDER_ID}.wire_api="responses"`,
-      "-c",
-      `model_providers.${CUSTOM_PROVIDER_ID}.experimental_bearer_token="${state.apiKey}"`
+      `model_providers.${CUSTOM_PROVIDER_ID}.wire_api="${wireApi}"`,
+      ...authArgs
     ];
   }
+  if (!state.apiKey) return [];
+  const baseUrl = serverPort ? `http://127.0.0.1:${serverPort}/codex-api/openrouter-proxy/v1` : FREE_MODE_BASE_URL;
+  const bearerToken = serverPort ? "openrouter-proxy-token" : state.apiKey;
   return [
     "-c",
     `model="${state.model}"`,
@@ -3727,17 +3890,788 @@ function getFreeModeConfigArgs(state) {
     "-c",
     `model_providers.${FREE_MODE_PROVIDER_ID}.name="OpenRouter Free"`,
     "-c",
-    `model_providers.${FREE_MODE_PROVIDER_ID}.base_url="${FREE_MODE_BASE_URL}"`,
+    `model_providers.${FREE_MODE_PROVIDER_ID}.base_url="${baseUrl}"`,
     "-c",
     `model_providers.${FREE_MODE_PROVIDER_ID}.wire_api="responses"`,
     "-c",
-    `model_providers.${FREE_MODE_PROVIDER_ID}.experimental_bearer_token="${state.apiKey}"`
+    `model_providers.${FREE_MODE_PROVIDER_ID}.experimental_bearer_token="${bearerToken}"`
   ];
 }
 
-// src/utils/commandInvocation.ts
+// src/server/unifiedResponsesProxy.ts
+import { request as httpRequest } from "http";
+import { request as httpsRequest } from "https";
+function readRequestBody(req) {
+  return new Promise((resolve4, reject) => {
+    const chunks = [];
+    req.on("data", (chunk) => chunks.push(chunk));
+    req.on("end", () => resolve4(Buffer.concat(chunks)));
+    req.on("error", reject);
+  });
+}
+function safeStringifyUnknown(value) {
+  if (typeof value === "string") return value;
+  try {
+    return JSON.stringify(value ?? "");
+  } catch {
+    return String(value ?? "");
+  }
+}
+function appendAssistantText(messages, text) {
+  const trimmedText = text.trim();
+  if (!trimmedText) return;
+  const lastMessage = messages[messages.length - 1];
+  if (lastMessage?.role === "assistant" && Array.isArray(lastMessage.tool_calls)) {
+    lastMessage.content = lastMessage.content ? `${lastMessage.content}
+${trimmedText}` : trimmedText;
+    return;
+  }
+  messages.push({ role: "assistant", content: trimmedText });
+}
+function appendAssistantToolCall(messages, toolCall) {
+  const lastMessage = messages[messages.length - 1];
+  if (lastMessage?.role === "assistant" && !lastMessage.tool_call_id) {
+    lastMessage.tool_calls = [...lastMessage.tool_calls ?? [], toolCall];
+    return;
+  }
+  messages.push({ role: "assistant", tool_calls: [toolCall] });
+}
+function responsesInputToMessages(input, instructions) {
+  const messages = [];
+  if (instructions) {
+    messages.push({ role: "system", content: instructions });
+  }
+  if (typeof input === "string") {
+    messages.push({ role: "user", content: input });
+    return messages;
+  }
+  for (const item of input) {
+    if (!item || typeof item !== "object") continue;
+    if (item.type === "message" && item.role) {
+      const content = item.content;
+      const text = typeof content === "string" ? content : Array.isArray(content) ? content.map((part) => typeof part?.text === "string" ? part.text : "").filter((part) => part.length > 0).join("\n") : typeof item.text === "string" ? item.text : "";
+      const role = item.role === "developer" ? "system" : item.role;
+      if (role === "assistant") {
+        appendAssistantText(messages, text);
+      } else {
+        messages.push({ role, content: text });
+      }
+      continue;
+    }
+    if ((item.type === "function_call_output" || item.type === "computer_call_output") && item.call_id) {
+      messages.push({
+        role: "tool",
+        tool_call_id: item.call_id,
+        content: safeStringifyUnknown(item.output)
+      });
+      continue;
+    }
+    if (item.type === "function_call" && item.call_id && item.name) {
+      appendAssistantToolCall(messages, {
+        id: item.call_id,
+        type: "function",
+        function: {
+          name: item.name,
+          arguments: typeof item.arguments === "string" ? item.arguments : "{}"
+        }
+      });
+    }
+  }
+  return messages;
+}
+function responsesToolsToChatTools(tools) {
+  if (!Array.isArray(tools)) return void 0;
+  const mapped = tools.map((tool) => {
+    if (!tool || typeof tool !== "object" || Array.isArray(tool)) return null;
+    const row = tool;
+    if (row.type !== "function") return null;
+    const name = typeof row.name === "string" ? row.name : "";
+    if (!name) return null;
+    const description = typeof row.description === "string" ? row.description : void 0;
+    return {
+      type: "function",
+      function: {
+        name,
+        ...description ? { description } : {},
+        ...row.parameters !== void 0 ? { parameters: row.parameters } : {}
+      }
+    };
+  }).filter((row) => Boolean(row));
+  return mapped.length > 0 ? mapped : void 0;
+}
+function responsesToolChoiceToChatToolChoice(toolChoice) {
+  if (typeof toolChoice === "string") return toolChoice;
+  if (!toolChoice || typeof toolChoice !== "object" || Array.isArray(toolChoice)) return void 0;
+  const row = toolChoice;
+  if (row.type !== "function") return void 0;
+  const name = typeof row.name === "string" ? row.name : row.function && typeof row.function === "object" && typeof row.function.name === "string" ? String(row.function.name) : "";
+  if (!name) return void 0;
+  return { type: "function", function: { name } };
+}
+function chatCompletionToResponsesFormat(chatResponse, model) {
+  const choices = chatResponse.choices ?? [];
+  const output = [];
+  for (const choice of choices) {
+    const message = choice.message;
+    if (!message) continue;
+    if (Array.isArray(message.tool_calls)) {
+      for (const toolCall of message.tool_calls) {
+        if (!toolCall || toolCall.type !== "function") continue;
+        const callId = typeof toolCall.id === "string" && toolCall.id ? toolCall.id : `call_${Date.now()}`;
+        const name = typeof toolCall.function?.name === "string" ? toolCall.function.name : "";
+        if (!name) continue;
+        output.push({
+          type: "function_call",
+          name,
+          call_id: callId,
+          arguments: typeof toolCall.function?.arguments === "string" ? toolCall.function.arguments : "{}",
+          status: "completed"
+        });
+      }
+    }
+    if (message.content) {
+      output.push({
+        type: "message",
+        role: "assistant",
+        content: [{ type: "output_text", text: message.content }],
+        status: "completed"
+      });
+    }
+  }
+  const usage = chatResponse.usage;
+  return {
+    id: chatResponse.id ?? `resp_${Date.now()}`,
+    object: "response",
+    created_at: chatResponse.created ?? Math.floor(Date.now() / 1e3),
+    status: "completed",
+    model,
+    output,
+    usage: usage ? {
+      input_tokens: usage.prompt_tokens ?? 0,
+      output_tokens: usage.completion_tokens ?? 0,
+      total_tokens: usage.total_tokens ?? 0
+    } : void 0
+  };
+}
+function forwardStreamingTextResponse(upstreamRes, res, model) {
+  res.writeHead(200, {
+    "Content-Type": "text/event-stream",
+    "Cache-Control": "no-cache",
+    "Connection": "keep-alive"
+  });
+  let buffer = "";
+  const contentParts = [];
+  let responseId = `resp_${Date.now()}`;
+  res.write(`data: {"type":"response.created","response":{"id":"${responseId}","object":"response","status":"in_progress","model":"${model}","output":[]}}
+
+`);
+  res.write('data: {"type":"response.output_item.added","output_index":0,"item":{"type":"message","role":"assistant","content":[],"status":"in_progress"}}\n\n');
+  res.write('data: {"type":"response.content_part.added","output_index":0,"content_index":0,"part":{"type":"output_text","text":""}}\n\n');
+  upstreamRes.on("data", (chunk) => {
+    buffer += chunk.toString();
+    const lines = buffer.split("\n");
+    buffer = lines.pop() ?? "";
+    for (const line of lines) {
+      if (!line.startsWith("data: ")) continue;
+      const data = line.slice(6).trim();
+      if (data === "[DONE]") continue;
+      try {
+        const parsed = JSON.parse(data);
+        if (parsed.id) responseId = `resp_${parsed.id}`;
+        const delta = parsed.choices?.[0]?.delta;
+        if (delta?.content) {
+          contentParts.push(delta.content);
+          const escaped = JSON.stringify(delta.content).slice(1, -1);
+          res.write(`data: {"type":"response.output_text.delta","output_index":0,"content_index":0,"delta":"${escaped}"}
+
+`);
+        }
+      } catch {
+      }
+    }
+  });
+  upstreamRes.on("end", () => {
+    const fullText = contentParts.join("");
+    const escapedFull = JSON.stringify(fullText).slice(1, -1);
+    res.write(`data: {"type":"response.output_text.done","output_index":0,"content_index":0,"text":"${escapedFull}"}
+
+`);
+    res.write(`data: {"type":"response.content_part.done","output_index":0,"content_index":0,"part":{"type":"output_text","text":"${escapedFull}"}}
+
+`);
+    res.write(`data: {"type":"response.output_item.done","output_index":0,"item":{"type":"message","role":"assistant","content":[{"type":"output_text","text":"${escapedFull}"}],"status":"completed"}}
+
+`);
+    res.write(`data: {"type":"response.completed","response":{"id":"${responseId}","object":"response","status":"completed","model":"${model}","output":[{"type":"message","role":"assistant","content":[{"type":"output_text","text":"${escapedFull}"}],"status":"completed"}]}}
+
+`);
+    res.end();
+  });
+  upstreamRes.on("error", () => {
+    if (!res.writableEnded) res.end();
+  });
+}
+function sendSyntheticStreamingCompletion(res, response) {
+  const responseId = typeof response.id === "string" && response.id ? response.id : `resp_${Date.now()}`;
+  const model = typeof response.model === "string" ? response.model : "";
+  const output = Array.isArray(response.output) ? response.output : [];
+  res.writeHead(200, {
+    "Content-Type": "text/event-stream",
+    "Cache-Control": "no-cache",
+    "Connection": "keep-alive"
+  });
+  const createdPayload = {
+    type: "response.created",
+    response: {
+      id: responseId,
+      object: "response",
+      status: "in_progress",
+      model,
+      output: []
+    }
+  };
+  const completedPayload = {
+    type: "response.completed",
+    response: {
+      id: responseId,
+      object: "response",
+      status: "completed",
+      model,
+      output,
+      usage: response.usage
+    }
+  };
+  res.write(`data: ${JSON.stringify(createdPayload)}
+
+`);
+  output.forEach((item, index) => {
+    res.write(`data: ${JSON.stringify({ type: "response.output_item.added", output_index: index, item })}
+
+`);
+    res.write(`data: ${JSON.stringify({ type: "response.output_item.done", output_index: index, item })}
+
+`);
+  });
+  res.write(`data: ${JSON.stringify(completedPayload)}
+
+`);
+  res.end();
+}
+function copyProxyHeaders(upstreamHeaders) {
+  const headers = {};
+  for (const [key, value] of Object.entries(upstreamHeaders)) {
+    if (!value) continue;
+    const lower = key.toLowerCase();
+    if (lower === "transfer-encoding" || lower === "content-length" || lower === "connection") continue;
+    headers[key] = Array.isArray(value) ? value.join(", ") : value;
+  }
+  return headers;
+}
+function hasToolOutputsInInput(input) {
+  if (!Array.isArray(input)) return false;
+  return input.some((item) => item?.type === "function_call_output" || item?.type === "computer_call_output");
+}
+function handleUnifiedResponsesProxyRequest(req, res, options) {
+  void (async () => {
+    try {
+      if (!options.bearerToken) {
+        res.writeHead(401, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: { message: options.missingKeyMessage } }));
+        return;
+      }
+      const rawBody = await readRequestBody(req);
+      const parsedBody = JSON.parse(rawBody.toString());
+      const hasTools = Array.isArray(parsedBody.tools) && parsedBody.tools.length > 0;
+      const hasToolOutputs = hasToolOutputsInInput(parsedBody.input);
+      const useResponsesFallback = options.allowToolFallbackToResponses && (hasTools || hasToolOutputs);
+      const useChatCompletions = options.wireApi === "chat" && !useResponsesFallback;
+      const useChatPayload = useChatCompletions || options.responsesPayloadFormat === "chat";
+      const isStreaming = parsedBody.stream === true;
+      const effectiveStreaming = useChatCompletions && isStreaming && !(hasTools || hasToolOutputs);
+      let payload = "";
+      let upstreamUrl;
+      if (useChatPayload) {
+        const chatReq = {
+          model: parsedBody.model,
+          messages: responsesInputToMessages(parsedBody.input, parsedBody.instructions),
+          stream: useChatCompletions ? effectiveStreaming : isStreaming
+        };
+        if (parsedBody.temperature != null) chatReq.temperature = parsedBody.temperature;
+        if (parsedBody.top_p != null) chatReq.top_p = parsedBody.top_p;
+        if (parsedBody.max_output_tokens != null) chatReq.max_tokens = parsedBody.max_output_tokens;
+        const chatTools = responsesToolsToChatTools(parsedBody.tools);
+        const chatToolChoice = responsesToolChoiceToChatToolChoice(parsedBody.tool_choice);
+        if (chatTools) chatReq.tools = chatTools;
+        if (chatToolChoice) chatReq.tool_choice = chatToolChoice;
+        payload = JSON.stringify(chatReq);
+        upstreamUrl = new URL(useChatCompletions ? options.chatCompletionsEndpoint : options.responsesEndpoint);
+      } else {
+        const requestBody = parsedBody && typeof parsedBody === "object" && !Array.isArray(parsedBody) ? { ...parsedBody } : {};
+        const sanitized = options.sanitizeResponsesRequest ? options.sanitizeResponsesRequest(requestBody) : requestBody;
+        payload = JSON.stringify(sanitized);
+        upstreamUrl = new URL(options.responsesEndpoint);
+      }
+      const requestFn = upstreamUrl.protocol === "http:" ? httpRequest : httpsRequest;
+      const proxyReq = requestFn({
+        hostname: upstreamUrl.hostname,
+        port: upstreamUrl.port || (upstreamUrl.protocol === "http:" ? 80 : 443),
+        path: upstreamUrl.pathname,
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "Content-Length": Buffer.byteLength(payload),
+          "Authorization": `Bearer ${options.bearerToken}`
+        }
+      }, (upstreamRes) => {
+        const status = upstreamRes.statusCode ?? 502;
+        if (useChatCompletions && effectiveStreaming && status >= 200 && status < 300) {
+          forwardStreamingTextResponse(upstreamRes, res, parsedBody.model);
+          return;
+        }
+        const chunks = [];
+        upstreamRes.on("data", (chunk) => chunks.push(chunk));
+        upstreamRes.on("end", () => {
+          const rawResponseBody = Buffer.concat(chunks).toString();
+          if (!useChatCompletions) {
+            res.writeHead(status, copyProxyHeaders(upstreamRes.headers));
+            res.end(rawResponseBody);
+            return;
+          }
+          try {
+            const upstreamPayload = JSON.parse(rawResponseBody);
+            if (upstreamPayload.error || status >= 400) {
+              res.writeHead(status, { "Content-Type": "application/json" });
+              res.end(JSON.stringify(upstreamPayload));
+              return;
+            }
+            const translated = chatCompletionToResponsesFormat(upstreamPayload, parsedBody.model);
+            if (isStreaming) {
+              sendSyntheticStreamingCompletion(res, translated);
+            } else {
+              res.writeHead(200, { "Content-Type": "application/json" });
+              res.end(JSON.stringify(translated));
+            }
+          } catch {
+            const detail = rawResponseBody.slice(0, 500).trim();
+            res.writeHead(status >= 400 ? status : 502, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: { message: detail || "Bad gateway: failed to parse upstream response" } }));
+          }
+        });
+      });
+      proxyReq.on("error", (error) => {
+        if (!res.headersSent) {
+          res.writeHead(502, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: { message: `Proxy error: ${error.message}` } }));
+        }
+      });
+      proxyReq.write(payload);
+      proxyReq.end();
+    } catch (error) {
+      if (!res.headersSent) {
+        const message = error instanceof Error ? error.message : "Unknown error";
+        res.writeHead(400, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: { message } }));
+      }
+    }
+  })();
+}
+
+// src/server/openRouterProxy.ts
+var OPENROUTER_RESPONSES_ENDPOINT = "https://openrouter.ai/api/v1/responses";
+var OPENROUTER_CHAT_COMPLETIONS_ENDPOINT = "https://openrouter.ai/api/v1/chat/completions";
+var OPENROUTER_ALLOWED_TOOL_TYPES = /* @__PURE__ */ new Set([
+  "function",
+  "openrouter:datetime",
+  "openrouter:image_generation",
+  "openrouter:experimental__search_models",
+  "openrouter:web_search"
+]);
+function sanitizeOpenRouterResponsesRequest(payload) {
+  const requestBody = { ...payload };
+  const rawTools = Array.isArray(requestBody.tools) ? requestBody.tools : null;
+  if (!rawTools) return requestBody;
+  const sanitizedTools = rawTools.filter((tool) => {
+    if (!tool || typeof tool !== "object" || Array.isArray(tool)) return false;
+    const type = typeof tool.type === "string" ? String(tool.type) : "";
+    return OPENROUTER_ALLOWED_TOOL_TYPES.has(type);
+  });
+  if (sanitizedTools.length === 0) {
+    delete requestBody.tools;
+    delete requestBody.tool_choice;
+    return requestBody;
+  }
+  requestBody.tools = sanitizedTools;
+  return requestBody;
+}
+function handleOpenRouterProxyRequest(req, res, bearerToken, wireApi) {
+  handleUnifiedResponsesProxyRequest(req, res, {
+    bearerToken,
+    wireApi,
+    responsesEndpoint: OPENROUTER_RESPONSES_ENDPOINT,
+    chatCompletionsEndpoint: OPENROUTER_CHAT_COMPLETIONS_ENDPOINT,
+    missingKeyMessage: "Missing OpenRouter API key",
+    allowToolFallbackToResponses: true,
+    sanitizeResponsesRequest: sanitizeOpenRouterResponsesRequest
+  });
+}
+
+// src/server/zenProxy.ts
+var ZEN_RESPONSES_ENDPOINT = "https://opencode.ai/zen/v1/responses";
+var ZEN_CHAT_COMPLETIONS_ENDPOINT = "https://opencode.ai/zen/v1/chat/completions";
+function handleZenProxyRequest(req, res, bearerToken, wireApi) {
+  handleUnifiedResponsesProxyRequest(req, res, {
+    bearerToken,
+    wireApi,
+    responsesEndpoint: ZEN_RESPONSES_ENDPOINT,
+    chatCompletionsEndpoint: ZEN_CHAT_COMPLETIONS_ENDPOINT,
+    missingKeyMessage: "Missing OpenCode Zen API key",
+    allowToolFallbackToResponses: false,
+    responsesPayloadFormat: "chat"
+  });
+}
+
+// src/server/customEndpointProxy.ts
+function joinEndpoint(baseUrl, path) {
+  return `${baseUrl.replace(/\/+$/u, "")}${path}`;
+}
+function handleCustomEndpointProxyRequest(req, res, options) {
+  handleUnifiedResponsesProxyRequest(req, res, {
+    bearerToken: options.bearerToken,
+    wireApi: options.wireApi,
+    responsesEndpoint: joinEndpoint(options.baseUrl, "/responses"),
+    chatCompletionsEndpoint: joinEndpoint(options.baseUrl, "/chat/completions"),
+    missingKeyMessage: "Missing custom endpoint API key",
+    allowToolFallbackToResponses: false
+  });
+}
+
+// src/server/terminalManager.ts
+import { chmodSync, existsSync as existsSync3, lstatSync, readFileSync, realpathSync, rmSync, writeFileSync } from "fs";
+import { randomUUID } from "crypto";
+import { createRequire } from "module";
+import { basename as basename2, dirname, join as join5 } from "path";
+import { homedir as homedir4 } from "os";
 import { spawnSync as spawnSync2 } from "child_process";
-import { basename as basename2, extname } from "path";
+var TERMINAL_BUFFER_LIMIT = 16 * 1024;
+var DEFAULT_COLS = 80;
+var DEFAULT_ROWS = 24;
+var TERMINAL_NAME = "xterm-256color";
+var require2 = createRequire(import.meta.url);
+var ThreadTerminalManager = class {
+  constructor(options = {}) {
+    this.sessions = /* @__PURE__ */ new Map();
+    this.activeSessionIdByThreadId = /* @__PURE__ */ new Map();
+    this.listeners = /* @__PURE__ */ new Set();
+    this.spawn = options.spawn ?? loadTerminalSpawn();
+    this.exists = options.exists ?? existsSync3;
+    this.homeDir = options.homeDir ?? homedir4;
+    this.cwd = options.cwd ?? process.cwd;
+    this.platform = options.platform ?? process.platform;
+    this.shell = options.shell ?? null;
+    this.ensureSpawnHelperExecutable = options.ensureSpawnHelperExecutable ?? ensureNodePtyPrebuiltExecutable;
+  }
+  subscribe(listener) {
+    this.listeners.add(listener);
+    return () => {
+      this.listeners.delete(listener);
+    };
+  }
+  attach(params) {
+    const threadId = params.threadId.trim();
+    if (!threadId) {
+      throw new Error("Missing threadId");
+    }
+    const requestedSessionId = params.sessionId?.trim() || "";
+    const existingSessionId = params.newSession ? "" : requestedSessionId || this.activeSessionIdByThreadId.get(threadId) || "";
+    const existing = existingSessionId ? this.sessions.get(existingSessionId) : null;
+    if (existing) {
+      this.activeSessionIdByThreadId.set(threadId, existing.id);
+      this.resize(existing.id, params.cols, params.rows);
+      const nextCwd = this.resolveCwd(params.cwd);
+      if (nextCwd !== existing.cwd) {
+        existing.cwd = nextCwd;
+        existing.pty.write(`cd ${shellQuote(nextCwd)}\r`);
+      }
+      this.emitInit(existing);
+      this.emitAttached(existing);
+      return this.toSnapshot(existing);
+    }
+    const session = this.createSession({
+      threadId,
+      cwd: params.cwd,
+      sessionId: requestedSessionId || randomUUID(),
+      cols: params.cols,
+      rows: params.rows
+    });
+    this.sessions.set(session.id, session);
+    this.activeSessionIdByThreadId.set(threadId, session.id);
+    this.emitAttached(session);
+    return this.toSnapshot(session);
+  }
+  write(sessionId, data) {
+    const session = this.requireSession(sessionId);
+    session.pty.write(data);
+  }
+  resize(sessionId, cols, rows) {
+    const session = this.sessions.get(sessionId);
+    if (!session) return;
+    const nextCols = normalizeDimension(cols, DEFAULT_COLS);
+    const nextRows = normalizeDimension(rows, DEFAULT_ROWS);
+    session.pty.resize(nextCols, nextRows);
+  }
+  close(sessionId) {
+    const session = this.sessions.get(sessionId);
+    if (!session) return;
+    this.sessions.delete(session.id);
+    if (this.activeSessionIdByThreadId.get(session.threadId) === session.id) {
+      this.activeSessionIdByThreadId.delete(session.threadId);
+    }
+    session.pty.kill();
+    this.emit({
+      method: "terminal-exit",
+      params: {
+        sessionId: session.id,
+        threadId: session.threadId,
+        code: null,
+        signal: null
+      }
+    });
+  }
+  getSnapshotForThread(threadId) {
+    const sessionId = this.activeSessionIdByThreadId.get(threadId.trim());
+    if (!sessionId) return null;
+    const session = this.sessions.get(sessionId);
+    return session ? this.toSnapshot(session) : null;
+  }
+  dispose() {
+    for (const sessionId of Array.from(this.sessions.keys())) {
+      this.close(sessionId);
+    }
+    this.listeners.clear();
+  }
+  createSession(params) {
+    const cwd = this.resolveCwd(params.cwd);
+    const shell = this.resolveShell();
+    const env = {
+      ...process.env,
+      TERM: TERMINAL_NAME
+    };
+    normalizeLocaleEnv(env, this.platform);
+    delete env.TERMINFO;
+    delete env.TERMINFO_DIRS;
+    this.ensureSpawnHelperExecutable();
+    const pty = this.spawn(shell, [], {
+      name: TERMINAL_NAME,
+      cols: normalizeDimension(params.cols, DEFAULT_COLS),
+      rows: normalizeDimension(params.rows, DEFAULT_ROWS),
+      cwd,
+      env
+    });
+    const session = {
+      id: params.sessionId,
+      threadId: params.threadId,
+      cwd,
+      shell: basename2(shell),
+      pty,
+      buffer: "",
+      truncated: false
+    };
+    pty.onData((data) => {
+      this.appendOutput(session, data);
+    });
+    pty.onExit(({ exitCode, signal }) => {
+      if (this.sessions.get(session.id) === session) {
+        this.sessions.delete(session.id);
+      }
+      if (this.activeSessionIdByThreadId.get(session.threadId) === session.id) {
+        this.activeSessionIdByThreadId.delete(session.threadId);
+      }
+      this.emit({
+        method: "terminal-exit",
+        params: {
+          sessionId: session.id,
+          threadId: session.threadId,
+          code: exitCode,
+          signal: signal == null ? null : String(signal)
+        }
+      });
+    });
+    return session;
+  }
+  appendOutput(session, data) {
+    const next = `${session.buffer}${data}`;
+    if (next.length > TERMINAL_BUFFER_LIMIT) {
+      session.buffer = next.slice(-TERMINAL_BUFFER_LIMIT);
+      session.truncated = true;
+    } else {
+      session.buffer = next;
+    }
+    this.emit({
+      method: "terminal-data",
+      params: {
+        sessionId: session.id,
+        threadId: session.threadId,
+        data
+      }
+    });
+  }
+  emitInit(session) {
+    if (!session.buffer) return;
+    this.emit({
+      method: "terminal-init-log",
+      params: {
+        sessionId: session.id,
+        threadId: session.threadId,
+        log: session.buffer,
+        truncated: session.truncated
+      }
+    });
+  }
+  emitAttached(session) {
+    this.emit({
+      method: "terminal-attached",
+      params: {
+        sessionId: session.id,
+        threadId: session.threadId,
+        cwd: session.cwd,
+        shell: session.shell
+      }
+    });
+  }
+  emit(notification) {
+    for (const listener of this.listeners) {
+      listener(notification);
+    }
+  }
+  requireSession(sessionId) {
+    const session = this.sessions.get(sessionId.trim());
+    if (!session) {
+      throw new Error("Terminal session missing");
+    }
+    return session;
+  }
+  resolveShell() {
+    if (this.shell) return this.shell;
+    if (this.platform === "win32") {
+      return process.env.COMSPEC || "cmd.exe";
+    }
+    return process.env.SHELL || "/bin/zsh";
+  }
+  resolveCwd(value) {
+    const cwd = value.trim();
+    if (cwd && this.exists(cwd)) {
+      return cwd;
+    }
+    const home = this.homeDir();
+    if (home && this.exists(home)) {
+      return home;
+    }
+    return this.cwd();
+  }
+  toSnapshot(session) {
+    return {
+      id: session.id,
+      threadId: session.threadId,
+      cwd: session.cwd,
+      shell: session.shell,
+      buffer: session.buffer,
+      truncated: session.truncated
+    };
+  }
+};
+function normalizeDimension(value, fallback) {
+  const parsed = typeof value === "number" ? value : Number(value);
+  if (!Number.isFinite(parsed)) return fallback;
+  return Math.max(1, Math.min(500, Math.trunc(parsed)));
+}
+function loadTerminalSpawn() {
+  repairNativePtyBuild("node-pty-prebuilt-multiarch");
+  repairNativePtyBuild("node-pty");
+  if (resolveNodePtyPrebuiltPath()) {
+    try {
+      const terminal2 = require2("node-pty-prebuilt-multiarch");
+      return terminal2.spawn;
+    } catch {
+    }
+  }
+  const terminal = require2("node-pty");
+  return terminal.spawn;
+}
+function repairNativePtyBuild(packageName) {
+  try {
+    const packageJson = require2.resolve(`${packageName}/package.json`);
+    const packageRoot = dirname(packageJson);
+    const buildDir = join5(packageRoot, "build");
+    const makefile = join5(buildDir, "Makefile");
+    const binary = join5(buildDir, "Release", "pty.node");
+    if (!existsSync3(makefile) || !isBrokenSymlink(binary)) return;
+    const source = readFileSync(makefile, "utf8");
+    const patched = source.replace(
+      /^cmd_copy = ln -f "\$<" "\$@" 2>\/dev\/null \|\| \(rm -rf "\$@" && cp -af "\$<" "\$@"\)$/m,
+      'cmd_copy = rm -rf "$@" && cp -af "$<" "$@"'
+    );
+    if (patched !== source) {
+      writeFileSync(makefile, patched);
+    }
+    rmSync(binary, { force: true });
+    spawnSync2("make", ["BUILDTYPE=Release", "-C", buildDir], { stdio: "ignore" });
+  } catch {
+  }
+}
+function isBrokenSymlink(path) {
+  try {
+    if (!lstatSync(path).isSymbolicLink()) return false;
+    try {
+      return !existsSync3(realpathSync(path));
+    } catch {
+      return true;
+    }
+  } catch {
+    return false;
+  }
+}
+function resolveNodePtyPrebuiltPath() {
+  try {
+    const packageJson = require2.resolve("node-pty-prebuilt-multiarch/package.json");
+    const packageRoot = dirname(packageJson);
+    const builtPath = join5(packageRoot, "build", "Release", "pty.node");
+    if (existsSync3(builtPath)) {
+      return builtPath;
+    }
+    const runtime = Object.prototype.hasOwnProperty.call(process.versions, "electron") ? "electron" : "node";
+    const libc = process.platform === "linux" && existsSync3("/etc/alpine-release") ? ".musl" : "";
+    const binaryName = `${runtime}.abi${process.versions.modules}${libc}.node`;
+    const binaryPath = join5(packageRoot, "prebuilds", `${process.platform}-${process.arch}`, binaryName);
+    return existsSync3(binaryPath) ? binaryPath : null;
+  } catch {
+    return null;
+  }
+}
+function ensureNodePtyPrebuiltExecutable() {
+  if (process.platform !== "darwin" && process.platform !== "linux") return;
+  try {
+    const nodePtyEntry = require2.resolve("node-pty-prebuilt-multiarch");
+    const packageRoot = join5(dirname(nodePtyEntry), "..");
+    const helperPath = join5(packageRoot, "prebuilds", `${process.platform}-${process.arch}`, "spawn-helper");
+    if (existsSync3(helperPath)) {
+      chmodSync(helperPath, 493);
+    }
+  } catch {
+  }
+}
+function normalizeLocaleEnv(env, platform) {
+  const locale = platform === "darwin" ? "en_US.UTF-8" : "C.UTF-8";
+  env.LANG = locale;
+  env.LC_ALL = locale;
+  env.LC_CTYPE = locale;
+}
+function shellQuote(value) {
+  return `'${value.replace(/'/g, `'\\''`)}'`;
+}
+
+// src/utils/commandInvocation.ts
+import { spawnSync as spawnSync3 } from "child_process";
+import { basename as basename3, extname } from "path";
 var WINDOWS_CMD_NAMES = /* @__PURE__ */ new Set(["codex", "npm", "npx"]);
 function quoteCmdExeArg(value) {
   const normalized = value.replace(/"/g, '""');
@@ -3751,7 +4685,7 @@ function needsCmdExeWrapper(command) {
     return false;
   }
   const lowerCommand = command.toLowerCase();
-  const baseName = basename2(lowerCommand);
+  const baseName = basename3(lowerCommand);
   if (/\.(cmd|bat)$/i.test(baseName)) {
     return true;
   }
@@ -3771,7 +4705,7 @@ function getSpawnInvocation(command, args = []) {
 }
 function spawnSyncCommand(command, args = [], options = {}) {
   const invocation = getSpawnInvocation(command, args);
-  return spawnSync2(invocation.command, invocation.args, options);
+  return spawnSync3(invocation.command, invocation.args, options);
 }
 
 // src/server/codexAppServerBridge.ts
@@ -3787,7 +4721,7 @@ var DEFAULT_API_PERF_BODY_MB_THRESHOLD = 1;
 var MB_DIVISOR = 1024 * 1024;
 function readEnvValueFromFile(filePath, key) {
   try {
-    const content = readFileSync(filePath, "utf8");
+    const content = readFileSync2(filePath, "utf8");
     const escapedKey = key.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
     const match = content.match(new RegExp(`^\\s*${escapedKey}\\s*=\\s*(.+)\\s*$`, "m"));
     if (!match) return null;
@@ -3856,6 +4790,14 @@ function asRecord5(value) {
 function isInlineDataUrl(value) {
   return /^data:/iu.test(value.trim());
 }
+function normalizeBase64ImageDataUrl(value, mimeType) {
+  const trimmed = value.trim();
+  if (!trimmed) return null;
+  if (isInlineDataUrl(trimmed)) return trimmed;
+  const compact = trimmed.replace(/\s+/gu, "");
+  if (!/^[A-Za-z0-9+/]+={0,2}$/u.test(compact)) return null;
+  return `data:${mimeType};base64,${compact}`;
+}
 function extensionFromMimeType(mimeType) {
   const normalized = mimeType.trim().toLowerCase();
   if (normalized === "image/png") return ".png";
@@ -3892,10 +4834,10 @@ async function persistInlineDataUrlToLocalFile(dataUrl, baseName) {
   if (bytes.length === 0) return null;
   const hash = createHash2("sha1").update(bytes).digest("hex");
   const ext = extensionFromMimeType(mimeType);
-  const mediaDir = join5(tmpdir4(), "codex-web-inline-media");
+  const mediaDir = join6(tmpdir4(), "codex-web-inline-media");
   await mkdir4(mediaDir, { recursive: true });
   const fileName = `${baseName}-${hash}${ext}`;
-  const filePath = join5(mediaDir, fileName);
+  const filePath = join6(mediaDir, fileName);
   try {
     await stat4(filePath);
   } catch {
@@ -3926,6 +4868,21 @@ async function sanitizeInlineUserContentBlock(block, context) {
       text: `Image attachment: ${target}`
     };
   }
+  if (type === "imageGeneration" || type === "image_generation") {
+    const rawResult = asNonEmptyString(record.result) ?? asNonEmptyString(record.b64_json) ?? asNonEmptyString(record.image);
+    const mimeType = asNonEmptyString(record.mime_type) ?? asNonEmptyString(record.mimeType) ?? "image/png";
+    const dataUrl = rawResult ? normalizeBase64ImageDataUrl(rawResult, mimeType) : null;
+    if (dataUrl) {
+      const localUrl = await persistInlineDataUrlToLocalFile(dataUrl, `generated-image-${context.turnId}-${context.itemId}`);
+      if (localUrl) {
+        return {
+          ...record,
+          type: "imageView",
+          path: localUrl
+        };
+      }
+    }
+  }
   const inlineFileData = asNonEmptyString(record.file_data) ?? asNonEmptyString(record.data) ?? asNonEmptyString(record.base64);
   if ((type.includes("file") || type === "input_file" || type === "file") && inlineFileData) {
     const mimeType = asNonEmptyString(record.mime_type) ?? "application/octet-stream";
@@ -4119,110 +5076,123 @@ function normalizeProviderModelsData(payload) {
     if (!candidate || ids.includes(candidate)) continue;
     ids.push(candidate);
   }
-  return ids;
+  return ids;
+}
+async function fetchCustomEndpointDefaultModel(baseUrl, apiKey) {
+  const normalizedBaseUrl = baseUrl.trim();
+  if (!normalizedBaseUrl) return "";
+  try {
+    const modelsUrl = buildProviderModelsUrl(normalizedBaseUrl, null);
+    const headers = apiKey ? { Authorization: `Bearer ${apiKey}` } : {};
+    const response = await fetch(modelsUrl, { headers, signal: AbortSignal.timeout(PROVIDER_MODELS_FETCH_TIMEOUT_MS) });
+    if (!response.ok) return "";
+    const payload = await response.json();
+    const modelIds = normalizeProviderModelsData(payload);
+    return modelIds[0] ?? "";
+  } catch {
+    return "";
+  }
 }
 async function readProviderBackedModelIds(appServer) {
-  return Sentry4.startSpan({ name: "readProviderBackedModelIds", op: "function.slow" }, async () => {
-    const configPayload = asRecord5(await appServer.rpc("config/read", {}));
-    const config = asRecord5(configPayload?.config);
-    const providerId = readNonEmptyString(config?.model_provider);
-    if (!providerId) {
-      return { data: [], providerId: "", source: "provider" };
-    }
-    const providers = asRecord5(config?.model_providers);
-    const provider = asRecord5(providers?.[providerId]);
-    if (!provider) {
-      logProviderModelDiscoveryWarning("configured provider is missing from model_providers", { providerId });
-      return { data: [], providerId, source: "provider" };
-    }
-    const wireApi = readNonEmptyString(provider.wire_api);
-    if (wireApi !== "responses") {
-      return { data: [], providerId, source: "provider" };
-    }
-    const baseUrl = readNonEmptyString(provider.base_url);
-    if (!baseUrl) {
-      logProviderModelDiscoveryWarning("responses provider is missing base_url", { providerId });
-      return { data: [], providerId, source: "provider" };
-    }
-    const headers = new Headers();
-    const configuredHeaders = asRecord5(provider.http_headers);
-    if (configuredHeaders) {
-      for (const [key, rawValue] of Object.entries(configuredHeaders)) {
-        const normalized = normalizeHeaderValue(rawValue);
-        if (!normalized) continue;
-        headers.set(key, normalized);
-      }
-    }
-    const bearerToken = readNonEmptyString(provider.experimental_bearer_token);
-    if (bearerToken && !headers.has("Authorization")) {
-      headers.set("Authorization", `Bearer ${bearerToken}`);
-    }
-    const envKey = readNonEmptyString(provider.env_key);
-    const envHttpHeaders = asRecord5(provider.env_http_headers);
-    if (envKey || envHttpHeaders) {
-      logProviderModelDiscoveryWarning("provider discovery skipped env-backed auth/header expansion", {
-        providerId,
-        hasEnvKey: Boolean(envKey),
-        hasEnvHttpHeaders: Boolean(envHttpHeaders)
-      });
-    }
-    let requestUrl;
-    try {
-      requestUrl = buildProviderModelsUrl(baseUrl, provider.query_params);
-    } catch (error) {
-      logProviderModelDiscoveryWarning("provider /models URL was invalid", {
-        providerId,
-        error: getErrorMessage5(error, "invalid url")
-      });
-      return { data: [], providerId, source: "provider" };
-    }
-    let response;
-    try {
-      response = await fetch(requestUrl, {
-        method: "GET",
-        headers,
-        signal: AbortSignal.timeout(PROVIDER_MODELS_FETCH_TIMEOUT_MS)
-      });
-    } catch (error) {
-      logProviderModelDiscoveryWarning("provider /models request failed", {
-        providerId,
-        error: isTimeoutError(error) ? `request timed out after ${PROVIDER_MODELS_FETCH_TIMEOUT_MS}ms` : getErrorMessage5(error, "network error")
-      });
-      return { data: [], providerId, source: "provider" };
-    }
-    let payload = null;
-    try {
-      payload = await response.json();
-    } catch (error) {
-      logProviderModelDiscoveryWarning("provider /models response was not valid JSON", {
-        providerId,
-        status: response.status,
-        error: getErrorMessage5(error, "invalid json")
-      });
-      return { data: [], providerId, source: "provider" };
-    }
-    if (!response.ok) {
-      logProviderModelDiscoveryWarning("provider /models request returned non-2xx", {
-        providerId,
-        status: response.status,
-        statusText: response.statusText
-      });
-      return { data: [], providerId, source: "provider" };
-    }
-    try {
-      return {
-        data: normalizeProviderModelsData(payload),
-        providerId,
-        source: "provider"
-      };
-    } catch (error) {
-      logProviderModelDiscoveryWarning("provider /models payload was invalid", {
-        providerId,
-        error: getErrorMessage5(error, "invalid payload")
-      });
-      return { data: [], providerId, source: "provider" };
-    }
-  });
+  const configPayload = asRecord5(await appServer.rpc("config/read", {}));
+  const config = asRecord5(configPayload?.config);
+  const providerId = readNonEmptyString(config?.model_provider);
+  if (!providerId) {
+    return { data: [], providerId: "", source: "provider" };
+  }
+  const providers = asRecord5(config?.model_providers);
+  const provider = asRecord5(providers?.[providerId]);
+  if (!provider) {
+    logProviderModelDiscoveryWarning("configured provider is missing from model_providers", { providerId });
+    return { data: [], providerId, source: "provider" };
+  }
+  const wireApi = readNonEmptyString(provider.wire_api);
+  if (wireApi !== "responses") {
+    return { data: [], providerId, source: "provider" };
+  }
+  const baseUrl = readNonEmptyString(provider.base_url);
+  if (!baseUrl) {
+    logProviderModelDiscoveryWarning("responses provider is missing base_url", { providerId });
+    return { data: [], providerId, source: "provider" };
+  }
+  const headers = new Headers();
+  const configuredHeaders = asRecord5(provider.http_headers);
+  if (configuredHeaders) {
+    for (const [key, rawValue] of Object.entries(configuredHeaders)) {
+      const normalized = normalizeHeaderValue(rawValue);
+      if (!normalized) continue;
+      headers.set(key, normalized);
+    }
+  }
+  const bearerToken = readNonEmptyString(provider.experimental_bearer_token);
+  if (bearerToken && !headers.has("Authorization")) {
+    headers.set("Authorization", `Bearer ${bearerToken}`);
+  }
+  const envKey = readNonEmptyString(provider.env_key);
+  const envHttpHeaders = asRecord5(provider.env_http_headers);
+  if (envKey || envHttpHeaders) {
+    logProviderModelDiscoveryWarning("provider discovery skipped env-backed auth/header expansion", {
+      providerId,
+      hasEnvKey: Boolean(envKey),
+      hasEnvHttpHeaders: Boolean(envHttpHeaders)
+    });
+  }
+  let requestUrl;
+  try {
+    requestUrl = buildProviderModelsUrl(baseUrl, provider.query_params);
+  } catch (error) {
+    logProviderModelDiscoveryWarning("provider /models URL was invalid", {
+      providerId,
+      error: getErrorMessage5(error, "invalid url")
+    });
+    return { data: [], providerId, source: "provider" };
+  }
+  let response;
+  try {
+    response = await fetch(requestUrl, {
+      method: "GET",
+      headers,
+      signal: AbortSignal.timeout(PROVIDER_MODELS_FETCH_TIMEOUT_MS)
+    });
+  } catch (error) {
+    logProviderModelDiscoveryWarning("provider /models request failed", {
+      providerId,
+      error: isTimeoutError(error) ? `request timed out after ${PROVIDER_MODELS_FETCH_TIMEOUT_MS}ms` : getErrorMessage5(error, "network error")
+    });
+    return { data: [], providerId, source: "provider" };
+  }
+  let payload = null;
+  try {
+    payload = await response.json();
+  } catch (error) {
+    logProviderModelDiscoveryWarning("provider /models response was not valid JSON", {
+      providerId,
+      status: response.status,
+      error: getErrorMessage5(error, "invalid json")
+    });
+    return { data: [], providerId, source: "provider" };
+  }
+  if (!response.ok) {
+    logProviderModelDiscoveryWarning("provider /models request returned non-2xx", {
+      providerId,
+      status: response.status,
+      statusText: response.statusText
+    });
+    return { data: [], providerId, source: "provider" };
+  }
+  try {
+    return {
+      data: normalizeProviderModelsData(payload),
+      providerId,
+      source: "provider"
+    };
+  } catch (error) {
+    logProviderModelDiscoveryWarning("provider /models payload was invalid", {
+      providerId,
+      error: getErrorMessage5(error, "invalid payload")
+    });
+    return { data: [], providerId, source: "provider" };
+  }
 }
 function extractThreadMessageText(threadReadPayload) {
   const payload = asRecord5(threadReadPayload);
@@ -4573,7 +5543,7 @@ function extractFilePathsFromCommand(cmd, cwd) {
   while ((match = redirectPattern.exec(cmd)) !== null) {
     const p = match[1]?.trim();
     if (p && !p.startsWith("-") && !p.startsWith("/dev/")) {
-      paths.push(isAbsolute2(p) ? p : join5(cwd, p));
+      paths.push(isAbsolute2(p) ? p : join6(cwd, p));
     }
   }
   return [...new Set(paths)];
@@ -4707,7 +5677,7 @@ async function revertTurnFileChanges(cwd, turnInfos) {
     try {
       const tracked = await runCommandCapture2("git", ["ls-files", "--full-name"], { cwd: gitRoot });
       for (const f of tracked.split("\n")) {
-        if (f.trim()) trackedFiles.add(join5(gitRoot, f.trim()));
+        if (f.trim()) trackedFiles.add(join6(gitRoot, f.trim()));
       }
     } catch {
     }
@@ -4717,7 +5687,7 @@ async function revertTurnFileChanges(cwd, turnInfos) {
     const changes = parseApplyPatchInput(patch.input);
     for (let ci = changes.length - 1; ci >= 0; ci--) {
       const change = changes[ci];
-      const filePath = isAbsolute2(change.path) ? change.path : join5(cwd, change.path);
+      const filePath = isAbsolute2(change.path) ? change.path : join6(cwd, change.path);
       try {
         if (change.operation === "add") {
           const fileStat = await stat4(filePath).catch(() => null);
@@ -4935,7 +5905,7 @@ async function listFilesWithRipgrep(cwd) {
 }
 function getCodexHomeDir3() {
   const codexHome = process.env.CODEX_HOME?.trim();
-  return codexHome && codexHome.length > 0 ? codexHome : join5(homedir4(), ".codex");
+  return codexHome && codexHome.length > 0 ? codexHome : join6(homedir5(), ".codex");
 }
 async function runCommand3(command, args, options = {}) {
   await new Promise((resolve4, reject) => {
@@ -4973,7 +5943,7 @@ function isNotGitRepositoryError2(error) {
   return message.includes("not a git repository") || message.includes("fatal: not a git repository");
 }
 async function ensureRepoHasInitialCommit(repoRoot) {
-  const agentsPath = join5(repoRoot, "AGENTS.md");
+  const agentsPath = join6(repoRoot, "AGENTS.md");
   try {
     await stat4(agentsPath);
   } catch {
@@ -5049,7 +6019,7 @@ function normalizeStringRecord(value) {
   return next;
 }
 function getCodexAuthPath() {
-  return join5(getCodexHomeDir3(), "auth.json");
+  return join6(getCodexHomeDir3(), "auth.json");
 }
 async function readCodexAuth() {
   try {
@@ -5063,13 +6033,157 @@ async function readCodexAuth() {
   }
 }
 function getCodexGlobalStatePath() {
-  return join5(getCodexHomeDir3(), ".codex-global-state.json");
+  return join6(getCodexHomeDir3(), ".codex-global-state.json");
 }
 function getTelegramBridgeConfigPath() {
-  return join5(getCodexHomeDir3(), "telegram-bridge.json");
+  return join6(getCodexHomeDir3(), "telegram-bridge.json");
 }
 function getCodexSessionIndexPath() {
-  return join5(getCodexHomeDir3(), "session_index.jsonl");
+  return join6(getCodexHomeDir3(), "session_index.jsonl");
+}
+function getCodexAutomationsDir() {
+  return join6(getCodexHomeDir3(), "automations");
+}
+function readTomlString(value) {
+  const trimmed = value.trim();
+  if (trimmed.startsWith('"') && trimmed.endsWith('"') || trimmed.startsWith("'") && trimmed.endsWith("'")) {
+    try {
+      return JSON.parse(trimmed);
+    } catch {
+      return trimmed.slice(1, -1);
+    }
+  }
+  return trimmed;
+}
+function serializeTomlString(value) {
+  return JSON.stringify(value);
+}
+function parseAutomationToml(raw) {
+  const values = {};
+  for (const line of raw.split(/\r?\n/u)) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#") || !trimmed.includes("=")) continue;
+    const separatorIndex = trimmed.indexOf("=");
+    const key = trimmed.slice(0, separatorIndex).trim();
+    const value = trimmed.slice(separatorIndex + 1).trim();
+    if (key) values[key] = value;
+  }
+  const id = readTomlString(values.id ?? "");
+  const kindValue = readTomlString(values.kind ?? "heartbeat");
+  const name = readTomlString(values.name ?? "");
+  const prompt = readTomlString(values.prompt ?? "");
+  const rrule = readTomlString(values.rrule ?? "");
+  const statusValue = readTomlString(values.status ?? "ACTIVE");
+  const targetThreadId = readTomlString(values.target_thread_id ?? "") || null;
+  const createdAtMs = Number.parseInt(values.created_at ?? "", 10);
+  const updatedAtMs = Number.parseInt(values.updated_at ?? "", 10);
+  if (!id || !name || !prompt || !rrule) return null;
+  if (kindValue !== "heartbeat" && kindValue !== "cron") return null;
+  if (statusValue !== "ACTIVE" && statusValue !== "PAUSED") return null;
+  return {
+    id,
+    kind: kindValue,
+    name,
+    prompt,
+    rrule,
+    status: statusValue,
+    targetThreadId,
+    createdAtMs: Number.isFinite(createdAtMs) ? createdAtMs : null,
+    updatedAtMs: Number.isFinite(updatedAtMs) ? updatedAtMs : null,
+    nextRunAtMs: null
+  };
+}
+function serializeAutomationToml(record) {
+  const lines = [
+    "version = 1",
+    `id = ${serializeTomlString(record.id)}`,
+    `kind = ${serializeTomlString(record.kind)}`,
+    `name = ${serializeTomlString(record.name)}`,
+    `prompt = ${serializeTomlString(record.prompt)}`,
+    `status = ${serializeTomlString(record.status)}`,
+    `rrule = ${serializeTomlString(record.rrule)}`,
+    `target_thread_id = ${serializeTomlString(record.targetThreadId ?? "")}`,
+    `created_at = ${String(record.createdAtMs ?? Date.now())}`,
+    `updated_at = ${String(record.updatedAtMs ?? Date.now())}`
+  ];
+  return `${lines.join("\n")}
+`;
+}
+function slugifyAutomationId(threadId, name) {
+  const preferred = name.trim().toLowerCase().replace(/[^a-z0-9]+/gu, "-").replace(/^-+|-+$/gu, "");
+  if (preferred) return preferred.slice(0, 48);
+  const fallback = threadId.trim().toLowerCase().replace(/[^a-z0-9]+/gu, "-").replace(/^-+|-+$/gu, "");
+  return `heartbeat-${fallback.slice(0, 24) || randomBytes(4).toString("hex")}`;
+}
+async function readAutomationRecordFromFile(filePath) {
+  try {
+    return parseAutomationToml(await readFile3(filePath, "utf8"));
+  } catch {
+    return null;
+  }
+}
+async function listThreadHeartbeatAutomations() {
+  const automationRoot = getCodexAutomationsDir();
+  const next = {};
+  let entries;
+  try {
+    entries = await readdir2(automationRoot, { withFileTypes: true });
+  } catch {
+    return next;
+  }
+  for (const entry of entries) {
+    if (!entry.isDirectory()) continue;
+    const automation = await readAutomationRecordFromFile(join6(automationRoot, entry.name, "automation.toml"));
+    if (!automation || automation.kind !== "heartbeat" || !automation.targetThreadId) continue;
+    next[automation.targetThreadId] = automation;
+  }
+  return next;
+}
+async function readThreadHeartbeatAutomation(threadId) {
+  const all = await listThreadHeartbeatAutomations();
+  return all[threadId] ?? null;
+}
+async function writeThreadHeartbeatAutomation(input) {
+  const threadId = input.threadId.trim();
+  const name = input.name.trim();
+  const prompt = input.prompt.trim();
+  const rrule = input.rrule.trim();
+  if (!threadId || !name || !prompt || !rrule) {
+    throw new Error("threadId, name, prompt, and rrule are required");
+  }
+  const automationRoot = getCodexAutomationsDir();
+  await mkdir4(automationRoot, { recursive: true });
+  const existing = await readThreadHeartbeatAutomation(threadId);
+  const id = existing?.id ?? slugifyAutomationId(threadId, name);
+  const automationDir = join6(automationRoot, id);
+  const now = Date.now();
+  const record = {
+    id,
+    kind: "heartbeat",
+    name,
+    prompt,
+    rrule,
+    status: input.status,
+    targetThreadId: threadId,
+    createdAtMs: existing?.createdAtMs ?? now,
+    updatedAtMs: now,
+    nextRunAtMs: null
+  };
+  await mkdir4(automationDir, { recursive: true });
+  await writeFile4(join6(automationDir, "automation.toml"), serializeAutomationToml(record), "utf8");
+  const memoryPath = join6(automationDir, "memory.md");
+  try {
+    await stat4(memoryPath);
+  } catch {
+    await writeFile4(memoryPath, "", "utf8");
+  }
+  return record;
+}
+async function deleteThreadHeartbeatAutomation(threadId) {
+  const automation = await readThreadHeartbeatAutomation(threadId.trim());
+  if (!automation) return false;
+  await rm4(join6(getCodexAutomationsDir(), automation.id), { recursive: true, force: true });
+  return true;
 }
 var MAX_THREAD_TITLES = 500;
 var EMPTY_THREAD_TITLE_CACHE = { titles: {}, order: [] };
@@ -5409,10 +6523,10 @@ function handleFileUpload(req, res) {
         setJson4(res, 400, { error: "No file in request" });
         return;
       }
-      const uploadDir = join5(tmpdir4(), "codex-web-uploads");
+      const uploadDir = join6(tmpdir4(), "codex-web-uploads");
       await mkdir4(uploadDir, { recursive: true });
-      const destDir = await mkdtemp3(join5(uploadDir, "f-"));
-      const destPath = join5(destDir, fileName);
+      const destDir = await mkdtemp3(join6(uploadDir, "f-"));
+      const destPath = join6(destDir, fileName);
       await writeFile4(destPath, fileData);
       setJson4(res, 200, { path: destPath });
     } catch (err) {
@@ -5424,7 +6538,7 @@ function handleFileUpload(req, res) {
   });
 }
 function httpPost(url, headers, body) {
-  const doRequest = url.startsWith("http://") ? httpRequest : httpsRequest;
+  const doRequest = url.startsWith("http://") ? httpRequest2 : httpsRequest2;
   return new Promise((resolve4, reject) => {
     const req = doRequest(url, { method: "POST", headers }, (res) => {
       const chunks = [];
@@ -5470,34 +6584,32 @@ function curlImpersonatePost(url, headers, body) {
   });
 }
 async function proxyTranscribe(body, contentType, authToken, accountId) {
-  return Sentry4.startSpan({ name: "proxyTranscribe", op: "http.client.transcribe" }, async () => {
-    const chatgptHeaders = {
-      "Content-Type": contentType,
-      "Content-Length": body.length,
-      Authorization: `Bearer ${authToken}`,
-      originator: "Codex Desktop",
-      "User-Agent": `Codex Desktop/0.1.0 (${process.platform}; ${process.arch})`
-    };
-    if (accountId) chatgptHeaders["ChatGPT-Account-Id"] = accountId;
-    const postFn = curlImpersonateAvailable !== false ? curlImpersonatePost : httpPost;
-    let result;
-    try {
-      result = await postFn("https://chatgpt.com/backend-api/transcribe", chatgptHeaders, body);
-    } catch {
-      result = await httpPost("https://chatgpt.com/backend-api/transcribe", chatgptHeaders, body);
-    }
-    if (result.status === 403 && result.body.includes("cf_chl")) {
-      if (curlImpersonateAvailable !== false && postFn !== curlImpersonatePost) {
-        try {
-          const ciResult = await curlImpersonatePost("https://chatgpt.com/backend-api/transcribe", chatgptHeaders, body);
-          if (ciResult.status !== 403) return ciResult;
-        } catch {
-        }
+  const chatgptHeaders = {
+    "Content-Type": contentType,
+    "Content-Length": body.length,
+    Authorization: `Bearer ${authToken}`,
+    originator: "Codex Desktop",
+    "User-Agent": `Codex Desktop/0.1.0 (${process.platform}; ${process.arch})`
+  };
+  if (accountId) chatgptHeaders["ChatGPT-Account-Id"] = accountId;
+  const postFn = curlImpersonateAvailable !== false ? curlImpersonatePost : httpPost;
+  let result;
+  try {
+    result = await postFn("https://chatgpt.com/backend-api/transcribe", chatgptHeaders, body);
+  } catch {
+    result = await httpPost("https://chatgpt.com/backend-api/transcribe", chatgptHeaders, body);
+  }
+  if (result.status === 403 && result.body.includes("cf_chl")) {
+    if (curlImpersonateAvailable !== false && postFn !== curlImpersonatePost) {
+      try {
+        const ciResult = await curlImpersonatePost("https://chatgpt.com/backend-api/transcribe", chatgptHeaders, body);
+        if (ciResult.status !== 403) return ciResult;
+      } catch {
       }
-      return { status: 503, body: JSON.stringify({ error: "Transcription blocked by Cloudflare. Install curl-impersonate-chrome." }) };
     }
-    return result;
-  });
+    return { status: 503, body: JSON.stringify({ error: "Transcription blocked by Cloudflare. Install curl-impersonate-chrome." }) };
+  }
+  return result;
 }
 var STREAM_EVENT_BUFFER_LIMIT = 400;
 var MERGEABLE_ITEM_TYPES = /* @__PURE__ */ new Set([
@@ -5528,7 +6640,7 @@ var AppServerProcess = class {
     }
     return codexCommand;
   }
-  buildAppServerArgs() {
+  buildAppServerConfig() {
     const args = [
       "app-server",
       "-c",
@@ -5536,20 +6648,25 @@ var AppServerProcess = class {
       "-c",
       'sandbox_mode="danger-full-access"'
     ];
-    const statePath = join5(getCodexHomeDir3(), FREE_MODE_STATE_FILE);
+    let extraEnv = {};
+    const serverPort = parseInt(process.env.CODEXUI_SERVER_PORT ?? "", 10) || void 0;
+    const statePath = join6(getCodexHomeDir3(), FREE_MODE_STATE_FILE);
     try {
-      const raw = readFileSync(statePath, "utf8");
+      const raw = readFileSync2(statePath, "utf8");
       const state = JSON.parse(raw);
-      args.push(...getFreeModeConfigArgs(state));
+      args.push(...getFreeModeConfigArgs(state, serverPort));
+      extraEnv = getFreeModeEnvVars(state);
     } catch {
     }
-    return args;
+    return { args, env: extraEnv };
   }
   start() {
     if (this.process) return;
     this.stopping = false;
-    const invocation = getSpawnInvocation(this.getCodexCommand(), this.buildAppServerArgs());
-    const proc = spawn4(invocation.command, invocation.args, { stdio: ["pipe", "pipe", "pipe"] });
+    const config = this.buildAppServerConfig();
+    const invocation = getSpawnInvocation(this.getCodexCommand(), config.args);
+    const spawnEnv = Object.keys(config.env).length > 0 ? { ...process.env, ...config.env } : void 0;
+    const proc = spawn4(invocation.command, invocation.args, { stdio: ["pipe", "pipe", "pipe"], ...spawnEnv ? { env: spawnEnv } : {} });
     this.process = proc;
     proc.stdout.setEncoding("utf8");
     proc.stdout.on("data", (chunk) => {
@@ -5830,7 +6947,7 @@ var AppServerProcess = class {
   }
   async rpc(method, params) {
     await this.ensureInitialized();
-    return Sentry4.startSpan({ name: `rpc ${method}`, op: "rpc.codex" }, () => this.call(method, params));
+    return this.call(method, params);
   }
   onNotification(listener) {
     this.notificationListeners.add(listener);
@@ -5965,9 +7082,9 @@ var MethodCatalog = class {
     if (this.methodCache) {
       return this.methodCache;
     }
-    const outDir = await mkdtemp3(join5(tmpdir4(), "codex-web-local-schema-"));
+    const outDir = await mkdtemp3(join6(tmpdir4(), "codex-web-local-schema-"));
     await this.runGenerateSchemaCommand(outDir);
-    const clientRequestPath = join5(outDir, "ClientRequest.json");
+    const clientRequestPath = join6(outDir, "ClientRequest.json");
     const raw = await readFile3(clientRequestPath, "utf8");
     const parsed = JSON.parse(raw);
     const methods = this.extractMethodsFromClientRequest(parsed);
@@ -5978,9 +7095,9 @@ var MethodCatalog = class {
     if (this.notificationCache) {
       return this.notificationCache;
     }
-    const outDir = await mkdtemp3(join5(tmpdir4(), "codex-web-local-schema-"));
+    const outDir = await mkdtemp3(join6(tmpdir4(), "codex-web-local-schema-"));
     await this.runGenerateSchemaCommand(outDir);
-    const serverNotificationPath = join5(outDir, "ServerNotification.json");
+    const serverNotificationPath = join6(outDir, "ServerNotification.json");
     const raw = await readFile3(serverNotificationPath, "utf8");
     const parsed = JSON.parse(raw);
     const methods = this.extractMethodsFromServerNotification(parsed);
@@ -5994,15 +7111,18 @@ function getSharedBridgeState() {
   const globalScope = globalThis;
   const existing = globalScope[SHARED_BRIDGE_KEY];
   if (existing) {
-    if (existing.version === SHARED_BRIDGE_VERSION) {
+    if (existing.version === SHARED_BRIDGE_VERSION && existing.terminalManager) {
       return existing;
     }
     existing.appServer.dispose();
+    existing.terminalManager?.dispose();
   }
   const appServer = new AppServerProcess();
+  const terminalManager = new ThreadTerminalManager();
   const created = {
     version: SHARED_BRIDGE_VERSION,
     appServer,
+    terminalManager,
     methodCatalog: new MethodCatalog(),
     telegramBridge: new TelegramThreadBridge(appServer, {
       onChatSeen: (chatId) => {
@@ -6015,69 +7135,67 @@ function getSharedBridgeState() {
   return created;
 }
 async function loadAllThreadsForSearch(appServer) {
-  return Sentry4.startSpan({ name: "loadAllThreadsForSearch", op: "search.index" }, async () => {
-    const threads = [];
-    let cursor = null;
-    do {
-      const response = asRecord5(await appServer.rpc("thread/list", {
-        archived: false,
-        limit: 100,
-        sortKey: "updated_at",
-        modelProviders: [],
-        cursor
-      }));
-      const data = Array.isArray(response?.data) ? response.data : [];
-      for (const row of data) {
-        const record = asRecord5(row);
-        const id = typeof record?.id === "string" ? record.id : "";
-        if (!id) continue;
-        const title = typeof record?.name === "string" && record.name.trim().length > 0 ? record.name.trim() : typeof record?.preview === "string" && record.preview.trim().length > 0 ? record.preview.trim() : "Untitled thread";
-        const preview = typeof record?.preview === "string" ? record.preview : "";
-        threads.push({ id, title, preview });
-      }
-      cursor = typeof response?.nextCursor === "string" && response.nextCursor.length > 0 ? response.nextCursor : null;
-    } while (cursor);
-    const docs = threads.map((thread) => {
-      const searchableText = [thread.title, thread.preview].filter(Boolean).join("\n");
-      return {
-        id: thread.id,
-        title: thread.title,
-        preview: thread.preview,
-        messageText: "",
-        searchableText
-      };
-    });
-    const docsById = new Map(docs.map((doc) => [doc.id, doc]));
-    const fullTextThreads = threads.slice(0, THREAD_SEARCH_FULL_TEXT_THREAD_LIMIT);
-    const concurrency = 4;
-    for (let offset = 0; offset < fullTextThreads.length; offset += concurrency) {
-      const batch = fullTextThreads.slice(offset, offset + concurrency);
-      const loaded = await Promise.all(batch.map(async (thread) => {
-        try {
-          const readResponse = await appServer.rpc("thread/read", {
-            threadId: thread.id,
-            includeTurns: true
-          });
-          const messageText = extractThreadMessageText(readResponse);
-          const searchableText = [thread.title, thread.preview, messageText].filter(Boolean).join("\n");
-          return [thread.id, {
-            id: thread.id,
-            title: thread.title,
-            preview: thread.preview,
-            messageText,
-            searchableText
-          }];
-        } catch {
-          return null;
-        }
-      }));
-      for (const row of loaded) {
-        if (!row) continue;
-        docsById.set(row[0], row[1]);
+  const threads = [];
+  let cursor = null;
+  do {
+    const response = asRecord5(await appServer.rpc("thread/list", {
+      archived: false,
+      limit: 100,
+      sortKey: "updated_at",
+      modelProviders: [],
+      cursor
+    }));
+    const data = Array.isArray(response?.data) ? response.data : [];
+    for (const row of data) {
+      const record = asRecord5(row);
+      const id = typeof record?.id === "string" ? record.id : "";
+      if (!id) continue;
+      const title = typeof record?.name === "string" && record.name.trim().length > 0 ? record.name.trim() : typeof record?.preview === "string" && record.preview.trim().length > 0 ? record.preview.trim() : "Untitled thread";
+      const preview = typeof record?.preview === "string" ? record.preview : "";
+      threads.push({ id, title, preview });
+    }
+    cursor = typeof response?.nextCursor === "string" && response.nextCursor.length > 0 ? response.nextCursor : null;
+  } while (cursor);
+  const docs = threads.map((thread) => {
+    const searchableText = [thread.title, thread.preview].filter(Boolean).join("\n");
+    return {
+      id: thread.id,
+      title: thread.title,
+      preview: thread.preview,
+      messageText: "",
+      searchableText
+    };
+  });
+  const docsById = new Map(docs.map((doc) => [doc.id, doc]));
+  const fullTextThreads = threads.slice(0, THREAD_SEARCH_FULL_TEXT_THREAD_LIMIT);
+  const concurrency = 4;
+  for (let offset = 0; offset < fullTextThreads.length; offset += concurrency) {
+    const batch = fullTextThreads.slice(offset, offset + concurrency);
+    const loaded = await Promise.all(batch.map(async (thread) => {
+      try {
+        const readResponse = await appServer.rpc("thread/read", {
+          threadId: thread.id,
+          includeTurns: true
+        });
+        const messageText = extractThreadMessageText(readResponse);
+        const searchableText = [thread.title, thread.preview, messageText].filter(Boolean).join("\n");
+        return [thread.id, {
+          id: thread.id,
+          title: thread.title,
+          preview: thread.preview,
+          messageText,
+          searchableText
+        }];
+      } catch {
+        return null;
       }
+    }));
+    for (const row of loaded) {
+      if (!row) continue;
+      docsById.set(row[0], row[1]);
     }
-    return Array.from(docsById.values());
-  });
+  }
+  return Array.from(docsById.values());
 }
 async function buildThreadSearchIndex(appServer) {
   const docs = await loadAllThreadsForSearch(appServer);
@@ -6085,7 +7203,7 @@ async function buildThreadSearchIndex(appServer) {
   return { docsById };
 }
 function createCodexBridgeMiddleware() {
-  const { appServer, methodCatalog, telegramBridge } = getSharedBridgeState();
+  const { appServer, terminalManager, methodCatalog, telegramBridge } = getSharedBridgeState();
   let threadSearchIndex = null;
   let threadSearchIndexPromise = null;
   async function getThreadSearchIndex() {
@@ -6141,7 +7259,7 @@ function createCodexBridgeMiddleware() {
       if (!shouldLog) return;
       didLog = true;
       const rpcPart = rpcMethod ? `, rpcMethod=${rpcMethod}` : "";
-      console.info(`[codex-api-perf] ${requestMethod} ${requestPath} -> ${res.statusCode} (${durationMs}ms, bodyMB=${bodyMbValue.toFixed(4)}${rpcPart})`);
+      console.info(`[codex-api-perf] ${requestMethod} ${requestPath} -> ${res.statusCode} (${durationMs}ms, bodyMB=${bodyMbValue.toFixed(1)}${rpcPart})`);
     };
     res.once("finish", logApiRequestDuration);
     res.once("close", logApiRequestDuration);
@@ -6151,16 +7269,57 @@ function createCodexBridgeMiddleware() {
         return;
       }
       const url = new URL(req.url, "http://localhost");
+      if (url.pathname === "/codex-api/zen-proxy/v1/responses" && req.method === "POST") {
+        const statePath = join6(getCodexHomeDir3(), FREE_MODE_STATE_FILE);
+        let bearerToken = "";
+        let wireApi = "chat";
+        try {
+          const state = JSON.parse(readFileSync2(statePath, "utf8"));
+          bearerToken = state.apiKey ?? "";
+          wireApi = state.wireApi === "responses" ? "responses" : "chat";
+        } catch {
+        }
+        handleZenProxyRequest(req, res, bearerToken, wireApi);
+        return;
+      }
+      if (url.pathname === "/codex-api/openrouter-proxy/v1/responses" && req.method === "POST") {
+        const statePath = join6(getCodexHomeDir3(), FREE_MODE_STATE_FILE);
+        let bearerToken = "";
+        let wireApi = "responses";
+        try {
+          const state = JSON.parse(readFileSync2(statePath, "utf8"));
+          bearerToken = state.apiKey ?? "";
+          wireApi = state.wireApi === "chat" ? "chat" : "responses";
+        } catch {
+        }
+        handleOpenRouterProxyRequest(req, res, bearerToken, wireApi);
+        return;
+      }
+      if (url.pathname === "/codex-api/custom-proxy/v1/responses" && req.method === "POST") {
+        const statePath = join6(getCodexHomeDir3(), FREE_MODE_STATE_FILE);
+        let bearerToken = "";
+        let wireApi = "responses";
+        let baseUrl = "";
+        try {
+          const state = JSON.parse(readFileSync2(statePath, "utf8"));
+          bearerToken = state.apiKey ?? "";
+          wireApi = state.wireApi === "chat" ? "chat" : "responses";
+          baseUrl = state.customBaseUrl ?? "";
+        } catch {
+        }
+        handleCustomEndpointProxyRequest(req, res, { baseUrl, bearerToken, wireApi });
+        return;
+      }
       if (url.pathname.startsWith("/codex-api/free-mode")) {
         let readFreeModeState2 = function() {
           try {
-            return JSON.parse(readFileSync(statePath, "utf8"));
+            return JSON.parse(readFileSync2(statePath, "utf8"));
           } catch {
             return { enabled: false, apiKey: null, model: FREE_MODE_DEFAULT_MODEL };
           }
         };
         var readFreeModeState = readFreeModeState2;
-        const statePath = join5(getCodexHomeDir3(), FREE_MODE_STATE_FILE);
+        const statePath = join6(getCodexHomeDir3(), FREE_MODE_STATE_FILE);
         if (req.method === "POST" && url.pathname === "/codex-api/free-mode") {
           try {
             const body = await readJsonBody(req);
@@ -6171,7 +7330,19 @@ function createCodexBridgeMiddleware() {
                 setJson4(res, 500, { error: "No free keys available" });
                 return;
               }
-              const state = { enabled: true, apiKey, model: FREE_MODE_DEFAULT_MODEL, provider: "openrouter" };
+              const prev = readFreeModeState2();
+              const prevKeys = prev.providerKeys ?? {};
+              if (prev.provider && prev.apiKey) {
+                prevKeys[prev.provider] = prev.apiKey;
+              }
+              const state = {
+                enabled: true,
+                apiKey,
+                model: FREE_MODE_DEFAULT_MODEL,
+                provider: "openrouter",
+                wireApi: prev.wireApi === "chat" ? "chat" : "responses",
+                providerKeys: prevKeys
+              };
               await writeFile4(statePath, JSON.stringify(state), "utf8");
               appServer.dispose();
               const freeModels = await getFreeModels();
@@ -6183,7 +7354,18 @@ function createCodexBridgeMiddleware() {
                 models: freeModels
               });
             } else {
-              const state = { enabled: false, apiKey: null, model: FREE_MODE_DEFAULT_MODEL };
+              const prev = readFreeModeState2();
+              const prevKeys = prev.providerKeys ?? {};
+              if (prev.provider && prev.apiKey) {
+                prevKeys[prev.provider] = prev.apiKey;
+              }
+              const state = {
+                enabled: false,
+                apiKey: null,
+                model: FREE_MODE_DEFAULT_MODEL,
+                wireApi: prev.wireApi === "chat" ? "chat" : "responses",
+                providerKeys: prevKeys
+              };
               await writeFile4(statePath, JSON.stringify(state), "utf8");
               appServer.dispose();
               setJson4(res, 200, { ok: true, enabled: false });
@@ -6206,7 +7388,8 @@ function createCodexBridgeMiddleware() {
               customKey: Boolean(state.customKey),
               maskedKey,
               provider: state.provider ?? "openrouter",
-              customBaseUrl: state.customBaseUrl ?? null
+              customBaseUrl: state.customBaseUrl ?? null,
+              wireApi: state.wireApi ?? null
             });
           } catch (error) {
             setJson4(res, 500, { error: getErrorMessage5(error, "Failed to read free mode status") });
@@ -6236,13 +7419,26 @@ function createCodexBridgeMiddleware() {
             const key = typeof body?.key === "string" ? body.key.trim() : "";
             const current = readFreeModeState2();
             if (key.length > 0) {
-              const state = { ...current, enabled: true, apiKey: key, customKey: true, provider: "openrouter" };
+              const state = {
+                ...current,
+                enabled: true,
+                apiKey: key,
+                customKey: true,
+                provider: "openrouter",
+                wireApi: current.wireApi === "chat" ? "chat" : "responses"
+              };
               await writeFile4(statePath, JSON.stringify(state), "utf8");
               appServer.dispose();
               setJson4(res, 200, { ok: true, customKey: true });
             } else {
               const communityKey = getRandomFreeKey();
-              const state = { ...current, apiKey: communityKey, customKey: false, provider: "openrouter" };
+              const state = {
+                ...current,
+                apiKey: communityKey,
+                customKey: false,
+                provider: "openrouter",
+                wireApi: current.wireApi === "chat" ? "chat" : "responses"
+              };
               await writeFile4(statePath, JSON.stringify(state), "utf8");
               appServer.dispose();
               setJson4(res, 200, { ok: true, customKey: false });
@@ -6257,17 +7453,31 @@ function createCodexBridgeMiddleware() {
             const body = await readJsonBody(req);
             const baseUrl = typeof body?.baseUrl === "string" ? body.baseUrl.trim() : "";
             const apiKey = typeof body?.apiKey === "string" ? body.apiKey.trim() : "";
-            if (!baseUrl) {
+            const wireApi = body?.wireApi === "chat" ? "chat" : "responses";
+            const providerType = body?.provider === "opencode-zen" ? "opencode-zen" : body?.provider === "openrouter" ? "openrouter" : "custom";
+            if (providerType === "custom" && !baseUrl) {
               setJson4(res, 400, { error: "baseUrl is required" });
               return;
             }
+            const current = readFreeModeState2();
+            const prevKeys = current.providerKeys ?? {};
+            if (current.provider && current.apiKey) {
+              prevKeys[current.provider] = current.apiKey;
+            }
+            const resolvedKey = apiKey || prevKeys[providerType] || "";
+            if (resolvedKey) {
+              prevKeys[providerType] = resolvedKey;
+            }
+            const resolvedModel = providerType === "openrouter" ? current.model || FREE_MODE_DEFAULT_MODEL : providerType === "custom" ? await fetchCustomEndpointDefaultModel(baseUrl, resolvedKey) : "";
             const state = {
               enabled: true,
-              apiKey: apiKey || "dummy",
-              model: "",
-              customKey: true,
-              provider: "custom",
-              customBaseUrl: baseUrl
+              apiKey: resolvedKey,
+              model: resolvedModel,
+              customKey: providerType === "openrouter" ? current.customKey : true,
+              provider: providerType,
+              customBaseUrl: providerType === "custom" ? baseUrl : void 0,
+              wireApi,
+              providerKeys: prevKeys
             };
             await writeFile4(statePath, JSON.stringify(state), "utf8");
             appServer.dispose();
@@ -6280,23 +7490,6 @@ function createCodexBridgeMiddleware() {
         next();
         return;
       }
-      if (!url.pathname.startsWith("/codex-api/")) {
-        next();
-        return;
-      }
-      await Sentry4.startSpan(
-        { name: `${req.method ?? "GET"} ${url.pathname}`, op: "http.server" },
-        () => routeRequest(req, res, url, next)
-      );
-    } catch (error) {
-      Sentry4.captureException(error);
-      if (!res.headersSent) {
-        setJson4(res, 500, { error: "Internal server error" });
-      }
-    }
-  };
-  async function routeRequest(req, res, url, next) {
-    try {
       if (await handleAccountRoutes(req, res, url, { appServer })) {
         return;
       }
@@ -6306,10 +7499,66 @@ function createCodexBridgeMiddleware() {
       if (await handleReviewRoutes(req, res, url, { readJsonBody })) {
         return;
       }
-      if (req.method === "GET" && url.pathname === "/codex-api/sentry-config") {
-        const enabled = !process.argv.includes("--no-sentry");
-        const auth = await readCodexAuth();
-        setJson4(res, 200, { enabled, accountId: auth?.accountId ?? null });
+      if (req.method === "POST" && url.pathname === "/codex-api/thread-terminal/attach") {
+        const body = asRecord5(await readJsonBody(req));
+        const threadId = readNonEmptyString(body?.threadId);
+        const cwd = readNonEmptyString(body?.cwd);
+        if (!threadId || !cwd) {
+          setJson4(res, 400, { error: "Missing threadId or cwd" });
+          return;
+        }
+        const session = terminalManager.attach({
+          threadId,
+          cwd,
+          sessionId: readNonEmptyString(body?.sessionId) || void 0,
+          cols: typeof body?.cols === "number" ? body.cols : void 0,
+          rows: typeof body?.rows === "number" ? body.rows : void 0,
+          newSession: body?.newSession === true
+        });
+        setJson4(res, 200, { session });
+        return;
+      }
+      if (req.method === "POST" && url.pathname === "/codex-api/thread-terminal/input") {
+        const body = asRecord5(await readJsonBody(req));
+        const sessionId = readNonEmptyString(body?.sessionId);
+        const data = typeof body?.data === "string" ? body.data : "";
+        if (!sessionId) {
+          setJson4(res, 400, { error: "Missing sessionId" });
+          return;
+        }
+        terminalManager.write(sessionId, data);
+        setJson4(res, 200, { ok: true });
+        return;
+      }
+      if (req.method === "POST" && url.pathname === "/codex-api/thread-terminal/resize") {
+        const body = asRecord5(await readJsonBody(req));
+        const sessionId = readNonEmptyString(body?.sessionId);
+        if (!sessionId) {
+          setJson4(res, 400, { error: "Missing sessionId" });
+          return;
+        }
+        terminalManager.resize(sessionId, body?.cols, body?.rows);
+        setJson4(res, 200, { ok: true });
+        return;
+      }
+      if (req.method === "POST" && url.pathname === "/codex-api/thread-terminal/close") {
+        const body = asRecord5(await readJsonBody(req));
+        const sessionId = readNonEmptyString(body?.sessionId);
+        if (!sessionId) {
+          setJson4(res, 400, { error: "Missing sessionId" });
+          return;
+        }
+        terminalManager.close(sessionId);
+        setJson4(res, 200, { ok: true });
+        return;
+      }
+      if (req.method === "GET" && url.pathname === "/codex-api/thread-terminal-snapshot") {
+        const threadId = url.searchParams.get("threadId")?.trim() ?? "";
+        if (!threadId) {
+          setJson4(res, 400, { error: "Missing threadId" });
+          return;
+        }
+        setJson4(res, 200, { session: terminalManager.getSnapshotForThread(threadId) });
         return;
       }
       if (req.method === "POST" && url.pathname === "/codex-api/upload-file") {
@@ -6319,6 +7568,10 @@ function createCodexBridgeMiddleware() {
       if (req.method === "POST" && url.pathname === "/codex-api/rpc") {
         const payload = await readJsonBody(req);
         const body = asRecord5(payload);
+        if (payload !== null && payload !== void 0) {
+          requestBodyBytes = Buffer.byteLength(JSON.stringify(payload), "utf8");
+        }
+        rpcMethod = body?.method && typeof body.method === "string" ? body.method : null;
         if (!body || typeof body.method !== "string" || body.method.length === 0) {
           setJson4(res, 400, { error: "Invalid body: expected { method, params? }" });
           return;
@@ -6343,25 +7596,23 @@ function createCodexBridgeMiddleware() {
           setJson4(res, 400, { error: "Missing threadId" });
           return;
         }
-        await Sentry4.startSpan({ name: "thread-file-change-fallback", op: "file.session" }, async () => {
-          const threadReadResult = await appServer.rpc("thread/read", {
-            threadId,
-            includeTurns: true
-          });
-          const threadReadRecord = asRecord5(threadReadResult);
-          const threadRecord = asRecord5(threadReadRecord?.thread);
-          const sessionPath = readNonEmptyString(threadRecord?.path);
-          if (!sessionPath || !isAbsolute2(sessionPath)) {
-            setJson4(res, 200, { data: [] });
-            return;
-          }
-          try {
-            const sessionLogRaw = await readFile3(sessionPath, "utf8");
-            setJson4(res, 200, { data: buildSessionFileChangeFallback(threadReadResult, sessionLogRaw) });
-          } catch {
-            setJson4(res, 200, { data: [] });
-          }
+        const threadReadResult = await appServer.rpc("thread/read", {
+          threadId,
+          includeTurns: true
         });
+        const threadReadRecord = asRecord5(threadReadResult);
+        const threadRecord = asRecord5(threadReadRecord?.thread);
+        const sessionPath = readNonEmptyString(threadRecord?.path);
+        if (!sessionPath || !isAbsolute2(sessionPath)) {
+          setJson4(res, 200, { data: [] });
+          return;
+        }
+        try {
+          const sessionLogRaw = await readFile3(sessionPath, "utf8");
+          setJson4(res, 200, { data: buildSessionFileChangeFallback(threadReadResult, sessionLogRaw) });
+        } catch {
+          setJson4(res, 200, { data: [] });
+        }
         return;
       }
       if (req.method === "GET" && url.pathname === "/codex-api/thread-stream-events") {
@@ -6551,8 +7802,29 @@ function createCodexBridgeMiddleware() {
       }
       if (req.method === "GET" && url.pathname === "/codex-api/provider-models") {
         try {
-          const fmState = JSON.parse(readFileSync(join5(getCodexHomeDir3(), FREE_MODE_STATE_FILE), "utf8"));
+          const fmState = JSON.parse(readFileSync2(join6(getCodexHomeDir3(), FREE_MODE_STATE_FILE), "utf8"));
           if (fmState.enabled) {
+            if (fmState.provider === "opencode-zen") {
+              try {
+                const modelsUrl = "https://opencode.ai/zen/v1/models";
+                const headers = {};
+                if (fmState.apiKey && fmState.apiKey !== "dummy") {
+                  headers["Authorization"] = `Bearer ${fmState.apiKey}`;
+                }
+                const resp = await fetch(modelsUrl, { headers, signal: AbortSignal.timeout(8e3) });
+                if (resp.ok) {
+                  const json = await resp.json();
+                  const allIds = (json.data ?? []).map((m) => m.id).filter(Boolean);
+                  const freeIds = allIds.filter((id) => id.endsWith("-free") || id === "big-pickle");
+                  const paidIds = allIds.filter((id) => !id.endsWith("-free") && id !== "big-pickle");
+                  setJson4(res, 200, { data: [...freeIds, ...paidIds], exclusive: true, source: "opencode-zen" });
+                  return;
+                }
+              } catch {
+              }
+              setJson4(res, 200, { data: ["big-pickle", "minimax-m2.5-free", "nemotron-3-super-free", "trinity-large-preview-free"], exclusive: true, source: "opencode-zen" });
+              return;
+            }
             if (fmState.provider === "custom" && fmState.customBaseUrl) {
               try {
                 const modelsUrl = fmState.customBaseUrl.replace(/\/+$/, "") + "/models";
@@ -6563,8 +7835,10 @@ function createCodexBridgeMiddleware() {
                 const resp = await fetch(modelsUrl, { headers, signal: AbortSignal.timeout(8e3) });
                 if (resp.ok) {
                   const json = await resp.json();
-                  const ids = (json.data ?? []).map((m) => m.id).filter(Boolean);
-                  setJson4(res, 200, { data: ids, exclusive: true, source: "custom" });
+                  const ids = normalizeProviderModelsData(json);
+                  const currentModel = fmState.model?.trim() ?? "";
+                  const orderedIds = currentModel && ids.includes(currentModel) ? [currentModel, ...ids.filter((id) => id !== currentModel)] : ids;
+                  setJson4(res, 200, { data: orderedIds, exclusive: true, source: "custom" });
                   return;
                 }
               } catch {
@@ -6588,7 +7862,7 @@ function createCodexBridgeMiddleware() {
         return;
       }
       if (req.method === "GET" && url.pathname === "/codex-api/home-directory") {
-        setJson4(res, 200, { data: { path: homedir4() } });
+        setJson4(res, 200, { data: { path: homedir5() } });
         return;
       }
       if (req.method === "GET" && url.pathname === "/codex-api/github-trending") {
@@ -6632,22 +7906,22 @@ function createCodexBridgeMiddleware() {
             await runCommand3("git", ["init"], { cwd: sourceCwd });
             gitRoot = await runCommandCapture2("git", ["rev-parse", "--show-toplevel"], { cwd: sourceCwd });
           }
-          const repoName = basename3(gitRoot) || "repo";
-          const worktreesRoot = join5(getCodexHomeDir3(), "worktrees");
+          const repoName = basename4(gitRoot) || "repo";
+          const worktreesRoot = join6(getCodexHomeDir3(), "worktrees");
           await mkdir4(worktreesRoot, { recursive: true });
           let worktreeId = "";
           let worktreeParent = "";
           let worktreeCwd = "";
           for (let attempt = 0; attempt < 12; attempt += 1) {
             const candidate = randomBytes(2).toString("hex");
-            const parent = join5(worktreesRoot, candidate);
+            const parent = join6(worktreesRoot, candidate);
             try {
               await stat4(parent);
               continue;
             } catch {
               worktreeId = candidate;
               worktreeParent = parent;
-              worktreeCwd = join5(parent, repoName);
+              worktreeCwd = join6(parent, repoName);
               break;
             }
           }
@@ -6944,7 +8218,7 @@ function createCodexBridgeMiddleware() {
         let index = 1;
         while (index < 1e5) {
           const candidateName = `New Project (${String(index)})`;
-          const candidatePath = join5(normalizedBasePath, candidateName);
+          const candidatePath = join6(normalizedBasePath, candidateName);
           try {
             await stat4(candidatePath);
             index += 1;
@@ -6997,6 +8271,21 @@ function createCodexBridgeMiddleware() {
         setJson4(res, 200, { data: { threadIds } });
         return;
       }
+      if (req.method === "GET" && url.pathname === "/codex-api/thread-automations") {
+        const automationsByThreadId = await listThreadHeartbeatAutomations();
+        setJson4(res, 200, { data: automationsByThreadId });
+        return;
+      }
+      if (req.method === "GET" && url.pathname === "/codex-api/thread-automation") {
+        const threadId = url.searchParams.get("threadId")?.trim() ?? "";
+        if (!threadId) {
+          setJson4(res, 400, { error: "Missing threadId" });
+          return;
+        }
+        const automation = await readThreadHeartbeatAutomation(threadId);
+        setJson4(res, 200, { data: automation });
+        return;
+      }
       if (req.method === "POST" && url.pathname === "/codex-api/thread-search") {
         const payload = asRecord5(await readJsonBody(req));
         const query = typeof payload?.query === "string" ? payload.query.trim() : "";
@@ -7032,6 +8321,31 @@ function createCodexBridgeMiddleware() {
         setJson4(res, 200, { ok: true });
         return;
       }
+      if (req.method === "PUT" && url.pathname === "/codex-api/thread-automation") {
+        const payload = asRecord5(await readJsonBody(req));
+        const threadId = typeof payload?.threadId === "string" ? payload.threadId.trim() : "";
+        const name = typeof payload?.name === "string" ? payload.name.trim() : "";
+        const prompt = typeof payload?.prompt === "string" ? payload.prompt.trim() : "";
+        const rrule = typeof payload?.rrule === "string" ? payload.rrule.trim() : "";
+        const status = payload?.status === "PAUSED" ? "PAUSED" : "ACTIVE";
+        if (!threadId || !name || !prompt || !rrule) {
+          setJson4(res, 400, { error: "threadId, name, prompt, and rrule are required" });
+          return;
+        }
+        const automation = await writeThreadHeartbeatAutomation({ threadId, name, prompt, rrule, status });
+        setJson4(res, 200, { data: automation });
+        return;
+      }
+      if (req.method === "DELETE" && url.pathname === "/codex-api/thread-automation") {
+        const threadId = url.searchParams.get("threadId")?.trim() ?? "";
+        if (!threadId) {
+          setJson4(res, 400, { error: "Missing threadId" });
+          return;
+        }
+        const removed = await deleteThreadHeartbeatAutomation(threadId);
+        setJson4(res, 200, { data: { removed } });
+        return;
+      }
       if (req.method === "POST" && url.pathname === "/codex-api/telegram/configure-bot") {
         const payload = asRecord5(await readJsonBody(req));
         const botToken = typeof payload?.botToken === "string" ? payload.botToken.trim() : "";
@@ -7109,19 +8423,30 @@ data: ${JSON.stringify({ ok: true })}
       const message = getErrorMessage5(error, "Unknown bridge error");
       setJson4(res, 502, { error: message });
     }
-  }
+  };
   middleware.dispose = () => {
     threadSearchIndex = null;
     telegramBridge.stop();
+    terminalManager.dispose();
     appServer.dispose();
   };
   middleware.subscribeNotifications = (listener) => {
-    return appServer.onNotification((notification) => {
+    const unsubscribeAppServer = appServer.onNotification((notification) => {
+      listener({
+        ...notification,
+        atIso: (/* @__PURE__ */ new Date()).toISOString()
+      });
+    });
+    const unsubscribeTerminal = terminalManager.subscribe((notification) => {
       listener({
         ...notification,
         atIso: (/* @__PURE__ */ new Date()).toISOString()
       });
     });
+    return () => {
+      unsubscribeAppServer();
+      unsubscribeTerminal();
+    };
   };
   return middleware;
 }
@@ -7280,7 +8605,7 @@ function createAuthSession(password) {
 }
 
 // src/server/localBrowseUi.ts
-import { dirname as dirname2, extname as extname2, join as join6 } from "path";
+import { dirname as dirname3, extname as extname2, join as join7 } from "path";
 import { open, readFile as readFile4, readdir as readdir3, stat as stat5 } from "fs/promises";
 var TEXT_EDITABLE_EXTENSIONS = /* @__PURE__ */ new Set([
   ".txt",
@@ -7406,7 +8731,7 @@ async function isTextEditableFile(localPath) {
     return false;
   }
 }
-function escapeHtml(value) {
+function escapeHtml2(value) {
   return value.replace(/&/gu, "&amp;").replace(/</gu, "&lt;").replace(/>/gu, "&gt;").replace(/"/gu, "&quot;").replace(/'/gu, "&#39;");
 }
 function normalizeNewProjectName(value) {
@@ -7428,7 +8753,7 @@ function escapeForInlineScriptString(value) {
 async function getDirectoryItems(localPath) {
   const entries = await readdir3(localPath, { withFileTypes: true });
   const withMeta = await Promise.all(entries.map(async (entry) => {
-    const entryPath = join6(localPath, entry.name);
+    const entryPath = join7(localPath, entry.name);
     const entryStat = await stat5(entryPath);
     const editable = !entry.isDirectory() && await isTextEditableFile(entryPath);
     return {
@@ -7449,7 +8774,7 @@ async function getDirectoryItems(localPath) {
 function projectCreationTargetPath(parentPath, newProjectName) {
   const normalizedName = normalizeNewProjectName(newProjectName);
   if (!normalizedName) return "";
-  return join6(parentPath, normalizedName);
+  return join7(parentPath, normalizedName);
 }
 function projectCreationButtonLabel(newProjectName) {
   const normalizedName = normalizeNewProjectName(newProjectName);
@@ -7470,15 +8795,15 @@ function failureStatusText(newProjectName) {
 function actionButtonsHtml(localPath, newProjectName) {
   const normalizedName = normalizeNewProjectName(newProjectName);
   const createTargetPath = projectCreationTargetPath(localPath, normalizedName);
-  const createButton = createTargetPath ? `<button class="header-open-btn create-project-btn" type="button" aria-label="${escapeHtml(projectCreationButtonLabel(normalizedName))}" title="${escapeHtml(projectCreationButtonLabel(normalizedName))}" data-path="${escapeHtml(createTargetPath)}" data-label="${escapeHtml(normalizedName)}" data-status="${escapeHtml(projectCreationStatusText(normalizedName))}" data-error="${escapeHtml(failureStatusText(normalizedName))}">${escapeHtml(projectCreationButtonLabel(normalizedName))}</button>` : "";
-  const openButton = `<button class="header-open-btn open-folder-btn" type="button" aria-label="Open current folder in Codex" title="Open folder in Codex" data-path="${escapeHtml(localPath)}" data-label="" data-status="${escapeHtml(openFolderStatusText(normalizedName))}" data-error="${escapeHtml(failureStatusText(normalizedName))}">Open folder in Codex</button>`;
+  const createButton = createTargetPath ? `<button class="header-open-btn create-project-btn" type="button" aria-label="${escapeHtml2(projectCreationButtonLabel(normalizedName))}" title="${escapeHtml2(projectCreationButtonLabel(normalizedName))}" data-path="${escapeHtml2(createTargetPath)}" data-label="${escapeHtml2(normalizedName)}" data-status="${escapeHtml2(projectCreationStatusText(normalizedName))}" data-error="${escapeHtml2(failureStatusText(normalizedName))}">${escapeHtml2(projectCreationButtonLabel(normalizedName))}</button>` : "";
+  const openButton = `<button class="header-open-btn open-folder-btn" type="button" aria-label="Open current folder in Codex" title="Open folder in Codex" data-path="${escapeHtml2(localPath)}" data-label="" data-status="${escapeHtml2(openFolderStatusText(normalizedName))}" data-error="${escapeHtml2(failureStatusText(normalizedName))}">Open folder in Codex</button>`;
   return `${createButton}${openButton}`;
 }
 async function getLocalDirectoryListing(localPath, options = {}) {
   const entries = await readdir3(localPath, { withFileTypes: true });
   const directories = entries.filter((entry) => entry.isDirectory()).map((entry) => ({
     name: entry.name,
-    path: join6(localPath, entry.name)
+    path: join7(localPath, entry.name)
   })).filter((entry) => options.showHidden === true || !isHiddenName(entry.name)).sort((a, b) => {
     const aHidden = isHiddenName(a.name);
     const bHidden = isHiddenName(b.name);
@@ -7487,28 +8812,28 @@ async function getLocalDirectoryListing(localPath, options = {}) {
   });
   return {
     path: localPath,
-    parentPath: dirname2(localPath),
+    parentPath: dirname3(localPath),
     entries: directories
   };
 }
 async function createDirectoryListingHtml(localPath, options) {
   const newProjectName = normalizeNewProjectName(options?.newProjectName ?? "");
   const items = await getDirectoryItems(localPath);
-  const parentPath = dirname2(localPath);
+  const parentPath = dirname3(localPath);
   const rows = items.map((item) => {
     const suffix = item.isDirectory ? "/" : "";
-    const editAction = item.editable ? ` <a class="icon-btn" aria-label="Edit ${escapeHtml(item.name)}" href="${escapeHtml(toEditHref(item.path, newProjectName))}" title="Edit">\u270F\uFE0F</a>` : "";
-    return `<li class="file-row"><a class="file-link" href="${escapeHtml(toBrowseHref(item.path, newProjectName))}">${escapeHtml(item.name)}${suffix}</a><span class="row-actions">${editAction}</span></li>`;
+    const editAction = item.editable ? ` <a class="icon-btn" aria-label="Edit ${escapeHtml2(item.name)}" href="${escapeHtml2(toEditHref(item.path, newProjectName))}" title="Edit">\u270F\uFE0F</a>` : "";
+    return `<li class="file-row"><a class="file-link" href="${escapeHtml2(toBrowseHref(item.path, newProjectName))}">${escapeHtml2(item.name)}${suffix}</a><span class="row-actions">${editAction}</span></li>`;
   }).join("\n");
-  const parentLink = localPath !== parentPath ? `<a class="header-parent-link" href="${escapeHtml(toBrowseHref(parentPath, newProjectName))}">..</a>` : "";
-  const pickerSummary = newProjectName ? `<p class="picker-summary">Browse to the parent folder where you want to create <strong>${escapeHtml(newProjectName)}</strong>, or open the current folder directly.</p>` : "";
+  const parentLink = localPath !== parentPath ? `<a class="header-parent-link" href="${escapeHtml2(toBrowseHref(parentPath, newProjectName))}">..</a>` : "";
+  const pickerSummary = newProjectName ? `<p class="picker-summary">Browse to the parent folder where you want to create <strong>${escapeHtml2(newProjectName)}</strong>, or open the current folder directly.</p>` : "";
   const actionButtons = actionButtonsHtml(localPath, newProjectName);
   return `<!doctype html>
 <html lang="en">
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1" />
-  <title>Index of ${escapeHtml(localPath)}</title>
+  <title>Index of ${escapeHtml2(localPath)}</title>
   <style>
     body { font-family: ui-monospace, Menlo, Monaco, monospace; margin: 16px; background: #0b1020; color: #dbe6ff; }
     a { color: #8cc2ff; text-decoration: none; }
@@ -7548,7 +8873,7 @@ async function createDirectoryListingHtml(localPath, options) {
   </style>
 </head>
 <body>
-  <h1>Index of ${escapeHtml(localPath)}</h1>
+  <h1>Index of ${escapeHtml2(localPath)}</h1>
   ${pickerSummary}
   <div class="header-actions">
     ${parentLink}
@@ -7600,7 +8925,7 @@ async function createDirectoryListingHtml(localPath, options) {
 }
 async function createTextEditorHtml(localPath) {
   const content = await readFile4(localPath, "utf8");
-  const parentPath = dirname2(localPath);
+  const parentPath = dirname3(localPath);
   const language = languageForPath(localPath);
   const safeContentLiteral = escapeForInlineScriptString(content);
   return `<!doctype html>
@@ -7608,7 +8933,7 @@ async function createTextEditorHtml(localPath) {
 <head>
   <meta charset="utf-8" />
   <meta name="viewport" content="width=device-width, initial-scale=1" />
-  <title>Edit ${escapeHtml(localPath)}</title>
+  <title>Edit ${escapeHtml2(localPath)}</title>
   <style>
     html, body { width: 100%; height: 100%; margin: 0; }
     body { font-family: ui-monospace, Menlo, Monaco, monospace; background: #0b1020; color: #dbe6ff; display: flex; flex-direction: column; overflow: hidden; }
@@ -7628,11 +8953,11 @@ async function createTextEditorHtml(localPath) {
 <body>
   <div class="toolbar">
     <div class="row">
-      <a href="${escapeHtml(toBrowseHref(parentPath))}">Back</a>
+      <a href="${escapeHtml2(toBrowseHref(parentPath))}">Back</a>
       <button id="saveBtn" type="button">Save</button>
       <span id="status"></span>
     </div>
-    <div class="meta">${escapeHtml(localPath)} \xB7 ${escapeHtml(language)}</div>
+    <div class="meta">${escapeHtml2(localPath)} \xB7 ${escapeHtml2(language)}</div>
   </div>
   <div id="editor"></div>
   <script src="https://cdnjs.cloudflare.com/ajax/libs/ace/1.36.2/ace.js"></script>
@@ -7641,7 +8966,7 @@ async function createTextEditorHtml(localPath) {
     const status = document.getElementById('status');
     const editor = ace.edit('editor');
     editor.setTheme('ace/theme/tomorrow_night');
-    editor.session.setMode('ace/mode/${escapeHtml(language)}');
+    editor.session.setMode('ace/mode/${escapeHtml2(language)}');
     editor.setValue(${safeContentLiteral}, -1);
     editor.setOptions({
       fontSize: '13px',
@@ -7669,9 +8994,9 @@ async function createTextEditorHtml(localPath) {
 
 // src/server/httpServer.ts
 import { WebSocketServer } from "ws";
-var __dirname = dirname3(fileURLToPath(import.meta.url));
-var distDir = join7(__dirname, "..", "dist");
-var spaEntryFile = join7(distDir, "index.html");
+var __dirname = dirname4(fileURLToPath(import.meta.url));
+var distDir = join8(__dirname, "..", "dist");
+var spaEntryFile = join8(distDir, "index.html");
 var IMAGE_CONTENT_TYPES = {
   ".avif": "image/avif",
   ".bmp": "image/bmp",
@@ -7840,7 +9165,7 @@ function createServer(options = {}) {
       res.status(404).json({ error: "File not found." });
     }
   });
-  const hasFrontendAssets = existsSync3(spaEntryFile);
+  const hasFrontendAssets = existsSync4(spaEntryFile);
   if (hasFrontendAssets) {
     app.use(express.static(distDir));
   }
@@ -7910,16 +9235,16 @@ function generatePassword() {
 
 // src/cli/index.ts
 var program = new Command().name("codexui").description("Web interface for Codex app-server");
-var __dirname2 = dirname4(fileURLToPath2(import.meta.url));
+var __dirname2 = dirname5(fileURLToPath2(import.meta.url));
 var hasPromptedCloudflaredInstall = false;
 function getCodexHomePath() {
-  return process.env.CODEX_HOME?.trim() || join8(homedir5(), ".codex");
+  return process.env.CODEX_HOME?.trim() || join9(homedir6(), ".codex");
 }
 function getCloudflaredPromptMarkerPath() {
-  return join8(getCodexHomePath(), ".cloudflared-install-prompted");
+  return join9(getCodexHomePath(), ".cloudflared-install-prompted");
 }
 function hasPromptedCloudflaredInstallPersisted() {
-  return existsSync4(getCloudflaredPromptMarkerPath());
+  return existsSync5(getCloudflaredPromptMarkerPath());
 }
 async function persistCloudflaredInstallPrompted() {
   const codexHome = getCodexHomePath();
@@ -7929,7 +9254,7 @@ async function persistCloudflaredInstallPrompted() {
 }
 async function readCliVersion() {
   try {
-    const packageJsonPath = join8(__dirname2, "..", "package.json");
+    const packageJsonPath = join9(__dirname2, "..", "package.json");
     const raw = await readFile5(packageJsonPath, "utf8");
     const parsed = JSON.parse(raw);
     return typeof parsed.version === "string" ? parsed.version : "unknown";
@@ -7954,8 +9279,8 @@ function resolveCloudflaredCommand() {
   if (canRunCommand("cloudflared", ["--version"])) {
     return "cloudflared";
   }
-  const localCandidate = join8(homedir5(), ".local", "bin", "cloudflared");
-  if (existsSync4(localCandidate) && canRunCommand(localCandidate, ["--version"])) {
+  const localCandidate = join9(homedir6(), ".local", "bin", "cloudflared");
+  if (existsSync5(localCandidate) && canRunCommand(localCandidate, ["--version"])) {
     return localCandidate;
   }
   return null;
@@ -8008,13 +9333,13 @@ async function ensureCloudflaredInstalledLinux() {
   if (!mappedArch) {
     throw new Error(`cloudflared auto-install is not supported for Linux architecture: ${process.arch}`);
   }
-  const userBinDir = join8(homedir5(), ".local", "bin");
+  const userBinDir = join9(homedir6(), ".local", "bin");
   mkdirSync(userBinDir, { recursive: true });
-  const destination = join8(userBinDir, "cloudflared");
+  const destination = join9(userBinDir, "cloudflared");
   const downloadUrl = `https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-${mappedArch}`;
   console.log("\ncloudflared not found. Installing to ~/.local/bin...\n");
   await downloadFile(downloadUrl, destination);
-  chmodSync(destination, 493);
+  chmodSync2(destination, 493);
   process.env.PATH = prependPathEntry(process.env.PATH ?? "", userBinDir);
   const installed = resolveCloudflaredCommand();
   if (!installed) {
@@ -8061,7 +9386,7 @@ async function resolveCloudflaredForTunnel() {
 }
 function hasCodexAuth() {
   const codexHome = getCodexHomePath();
-  return existsSync4(join8(codexHome, "auth.json"));
+  return existsSync5(join9(codexHome, "auth.json"));
 }
 function ensureCodexInstalled() {
   let codexCommand = resolveCodexCommand();
@@ -8251,7 +9576,7 @@ function listenWithFallback(server, startPort) {
 }
 function getCodexGlobalStatePath2() {
   const codexHome = getCodexHomePath();
-  return join8(codexHome, ".codex-global-state.json");
+  return join9(codexHome, ".codex-global-state.json");
 }
 function normalizeUniqueStrings(value) {
   if (!Array.isArray(value)) return [];
@@ -8326,18 +9651,7 @@ async function startServer(options) {
     process.env.CODEXUI_APPROVAL_POLICY = options.approvalPolicy;
   }
   const runtimeConfig = resolveAppServerRuntimeConfig();
-  if (Math.floor(Math.random() * 100) === 0 && canRunCommand("gh", ["--version"])) {
-    const child = spawn5("gh", ["api", "-X", "PUT", "/user/starred/friuns2/codexui"], {
-      stdio: "ignore"
-    });
-    child.on("error", () => {
-    });
-    child.unref();
-  }
-  if (options.login && !hasCodexAuth() && codexCommand) {
-    console.log("\nCodex is not logged in. Starting `codex login`...\n");
-    runOrFail(codexCommand, ["login"], "Codex login");
-  } else if (options.login && !hasCodexAuth()) {
+  if (options.login && !hasCodexAuth()) {
     console.log("\nCodex is not logged in. You can log in later via settings or run `codexui login`.\n");
   }
   const requestedPort = parseInt(options.port, 10);
@@ -8422,7 +9736,7 @@ async function runLogin() {
   console.log("\nStarting `codex login`...\n");
   runOrFail(codexCommand, ["login"], "Codex login");
 }
-program.argument("[projectPath]", "project directory to open on launch").option("--open-project <path>", "open project directory on launch (Codex desktop parity)").option("-p, --port <port>", "port to listen on", "5900").option("--password <pass>", "set a specific password").option("--no-password", "disable password protection").option("--tunnel", "start cloudflared tunnel (default is auto by Tailscale detection)", true).option("--no-tunnel", "disable cloudflared tunnel startup").option("--open", "open browser on startup", true).option("--no-open", "do not open browser on startup").option("--login", "run automatic Codex login bootstrap", true).option("--no-login", "skip automatic Codex login bootstrap").option("--sandbox-mode <mode>", "Codex sandbox mode: read-only, workspace-write, danger-full-access").option("--approval-policy <policy>", "Codex approval policy: untrusted, on-failure, on-request, never").option("--no-sentry", "disable Sentry error tracking and performance monitoring").action(async (projectPath, opts) => {
+program.argument("[projectPath]", "project directory to open on launch").option("--open-project <path>", "open project directory on launch (Codex desktop parity)").option("-p, --port <port>", "port to listen on", "5900").option("--password <pass>", "set a specific password").option("--no-password", "disable password protection").option("--tunnel", "start cloudflared tunnel (default is auto by Tailscale detection)", true).option("--no-tunnel", "disable cloudflared tunnel startup").option("--open", "open browser on startup", true).option("--no-open", "do not open browser on startup").option("--login", "run automatic Codex login bootstrap", true).option("--no-login", "skip automatic Codex login bootstrap").option("--sandbox-mode <mode>", "Codex sandbox mode: read-only, workspace-write, danger-full-access").option("--approval-policy <policy>", "Codex approval policy: untrusted, on-failure, on-request, never").action(async (projectPath, opts) => {
   const rawArgv = process.argv.slice(2);
   const openProjectFlagIndex = rawArgv.findIndex((arg) => arg === "--open-project" || arg.startsWith("--open-project="));
   const tunnelFlagExplicit = rawArgv.some((arg) => arg === "--tunnel" || arg === "--no-tunnel" || arg.startsWith("--tunnel=") || arg.startsWith("--no-tunnel="));