codexui-android 0.1.97 → 0.1.98

package/dist/index.html

@@ -12,8 +12,8 @@
     <link rel="icon" type="image/png" sizes="192x192" href="/icons/pwa-192x192.png" />
     <link rel="apple-touch-icon" sizes="180x180" href="/icons/apple-touch-icon.png" />
     <title>Codex Web</title>
-    <script type="module" crossorigin src="/assets/index-Bqk3qCGk.js"></script>
-    <link rel="stylesheet" crossorigin href="/assets/index-CfRa3ma1.css">
+    <script type="module" crossorigin src="/assets/index-23FodFfK.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-Wz7G59hk.css">
   </head>
   <body class="bg-slate-950">
     <div id="app"></div>

package/dist-cli/index.js

@@ -2,14 +2,14 @@
 
 // src/cli/index.ts
 import { createServer as createServer2 } from "http";
-import { chmodSync as chmodSync2, createWriteStream, existsSync as existsSync5, mkdirSync } from "fs";
+import { chmodSync as chmodSync2, createWriteStream, existsSync as existsSync6, mkdirSync as mkdirSync2 } from "fs";
 import { readFile as readFile5, stat as stat7, writeFile as writeFile6 } from "fs/promises";
-import { homedir as homedir6, networkInterfaces } from "os";
-import { isAbsolute as isAbsolute4, join as join9, resolve as resolve3 } from "path";
+import { homedir as homedir7, networkInterfaces } from "os";
+import { isAbsolute as isAbsolute4, join as join10, resolve as resolve3 } from "path";
 import { spawn as spawn5 } from "child_process";
 import { createInterface as createInterface2 } from "readline/promises";
 import { fileURLToPath as fileURLToPath2 } from "url";
-import { dirname as dirname5 } from "path";
+import { dirname as dirname6 } from "path";
 import { get as httpsGet } from "https";
 import { Command } from "commander";
 import qrcode from "qrcode-terminal";
@@ -216,8 +216,8 @@ function parseApprovalPolicy(value) {
 
 // src/server/httpServer.ts
 import { fileURLToPath } from "url";
-import { dirname as dirname4, extname as extname3, isAbsolute as isAbsolute3, join as join8 } from "path";
-import { existsSync as existsSync4 } from "fs";
+import { dirname as dirname5, extname as extname3, isAbsolute as isAbsolute3, join as join9 } from "path";
+import { existsSync as existsSync5 } from "fs";
 import { writeFile as writeFile5, stat as stat6 } from "fs/promises";
 import express from "express";
 
@@ -4830,13 +4830,42 @@ function asRecord5(value) {
 function isInlineDataUrl(value) {
   return /^data:/iu.test(value.trim());
 }
+function inferImageMimeTypeFromBytes(bytes) {
+  if (bytes.length >= 8 && bytes[0] === 137 && bytes[1] === 80 && bytes[2] === 78 && bytes[3] === 71 && bytes[4] === 13 && bytes[5] === 10 && bytes[6] === 26 && bytes[7] === 10) {
+    return "image/png";
+  }
+  if (bytes.length >= 3 && bytes[0] === 255 && bytes[1] === 216 && bytes[2] === 255) {
+    return "image/jpeg";
+  }
+  if (bytes.length >= 12 && bytes[0] === 82 && bytes[1] === 73 && bytes[2] === 70 && bytes[3] === 70 && bytes[8] === 87 && bytes[9] === 69 && bytes[10] === 66 && bytes[11] === 80) {
+    return "image/webp";
+  }
+  if (bytes.length >= 6 && bytes[0] === 71 && bytes[1] === 73 && bytes[2] === 70 && bytes[3] === 56 && (bytes[4] === 55 || bytes[4] === 57) && bytes[5] === 97) {
+    return "image/gif";
+  }
+  return null;
+}
+function inferImageMimeTypeFromBase64(value) {
+  const compact = value.trim().replace(/\s+/gu, "");
+  if (compact.length < 32 || !/^[A-Za-z0-9+/]+={0,2}$/u.test(compact)) return null;
+  try {
+    return inferImageMimeTypeFromBytes(Buffer.from(compact.slice(0, 64), "base64"));
+  } catch {
+    return null;
+  }
+}
 function normalizeBase64ImageDataUrl(value, mimeType) {
   const trimmed = value.trim();
   if (!trimmed) return null;
-  if (isInlineDataUrl(trimmed)) return trimmed;
+  if (isInlineDataUrl(trimmed)) {
+    return /^data:image\//iu.test(trimmed) ? trimmed : null;
+  }
   const compact = trimmed.replace(/\s+/gu, "");
-  if (!/^[A-Za-z0-9+/]+={0,2}$/u.test(compact)) return null;
-  return `data:${mimeType};base64,${compact}`;
+  const inferredMimeType = inferImageMimeTypeFromBase64(compact);
+  if (!inferredMimeType) return null;
+  const normalizedMimeType = mimeType.trim().toLowerCase();
+  const finalMimeType = normalizedMimeType.startsWith("image/") && normalizedMimeType !== "image/*" ? normalizedMimeType : inferredMimeType;
+  return `data:${finalMimeType};base64,${compact}`;
 }
 function extensionFromMimeType(mimeType) {
   const normalized = mimeType.trim().toLowerCase();
@@ -4888,6 +4917,30 @@ async function persistInlineDataUrlToLocalFile(dataUrl, baseName) {
 function toLocalImageProxyUrl(path) {
   return `/codex-local-image?path=${encodeURIComponent(path)}`;
 }
+var INLINE_IMAGE_FIELD_NAMES = /* @__PURE__ */ new Set([
+  "b64_json",
+  "image",
+  "image_url",
+  "images",
+  "result",
+  "url"
+]);
+function isPotentialInlineImageField(fieldName) {
+  return typeof fieldName === "string" && INLINE_IMAGE_FIELD_NAMES.has(fieldName);
+}
+async function sanitizeInlineImageString(value, context) {
+  if (!isPotentialInlineImageField(context.fieldName)) {
+    return { value, changed: false };
+  }
+  const dataUrl = normalizeBase64ImageDataUrl(value, "image/*");
+  if (!dataUrl) return { value, changed: false };
+  const localUrl = await persistInlineDataUrlToLocalFile(
+    dataUrl,
+    `inline-image-${context.turnId}-${context.itemId}-${context.fieldName}-${String(context.blockIndex)}`
+  );
+  if (!localUrl) return { value, changed: false };
+  return { value: toLocalImageProxyUrl(localUrl), changed: true };
+}
 async function sanitizeInlineUserContentBlock(block, context) {
   const record = asRecord5(block);
   if (!record) return block;
@@ -4896,10 +4949,16 @@ async function sanitizeInlineUserContentBlock(block, context) {
   if (imageUrl && isInlineDataUrl(imageUrl)) {
     const localUrl = await persistInlineDataUrlToLocalFile(imageUrl, `inline-image-${context.turnId}-${context.itemId}-${String(context.blockIndex)}`);
     if (localUrl) {
+      const nextRecord = { ...record };
+      if (typeof record.url === "string") {
+        nextRecord.url = toLocalImageProxyUrl(localUrl);
+      }
+      if (typeof record.image_url === "string") {
+        nextRecord.image_url = toLocalImageProxyUrl(localUrl);
+      }
       return {
-        ...record,
-        type: "image",
-        url: toLocalImageProxyUrl(localUrl)
+        ...nextRecord,
+        type: "image"
       };
     }
     const target = toAttachmentLinkTarget(record, `inline-image/${context.turnId}/${context.itemId}/${String(context.blockIndex)}`);
@@ -4947,6 +5006,9 @@ async function sanitizeInlinePayloadDeep(value, context) {
   if (maybeBlock !== value) {
     return { value: maybeBlock, changed: true };
   }
+  if (typeof value === "string") {
+    return sanitizeInlineImageString(value, context);
+  }
   if (Array.isArray(value)) {
     let changed2 = false;
     const nextArray = [];
@@ -4954,7 +5016,8 @@ async function sanitizeInlinePayloadDeep(value, context) {
       const nested = await sanitizeInlinePayloadDeep(value[index], {
         turnId: context.turnId,
         itemId: context.itemId,
-        blockIndex: index
+        blockIndex: index,
+        fieldName: context.fieldName
       });
       if (nested.changed) changed2 = true;
       nextArray.push(nested.value);
@@ -4969,7 +5032,8 @@ async function sanitizeInlinePayloadDeep(value, context) {
     const nested = await sanitizeInlinePayloadDeep(nestedValue, {
       turnId: context.turnId,
       itemId: context.itemId,
-      blockIndex: context.blockIndex
+      blockIndex: context.blockIndex,
+      fieldName: key
     });
     if (nested.changed) changed = true;
     nextRecord[key] = nested.value;
@@ -6651,6 +6715,46 @@ async function proxyTranscribe(body, contentType, authToken, accountId) {
   }
   return result;
 }
+function parseConnectorLogoUrl(rawUrl) {
+  const trimmed = rawUrl.trim();
+  if (!trimmed.startsWith("connectors://")) return null;
+  const rest = trimmed.slice("connectors://".length);
+  const connectorId = (rest.split(/[/?#]/u)[0] ?? "").trim();
+  if (!connectorId) return null;
+  const query = rest.includes("?") ? rest.slice(rest.indexOf("?") + 1).split("#")[0] ?? "" : "";
+  const theme = new URLSearchParams(query).get("theme")?.toLowerCase() === "dark" ? "dark" : "light";
+  return { connectorId, theme };
+}
+async function fetchConnectorLogo(rawUrl) {
+  const parsed = parseConnectorLogoUrl(rawUrl);
+  if (!parsed) throw new Error("Unsupported connector logo URL");
+  const auth = await readCodexAuth();
+  if (!auth) throw new Error("No auth token available for connector logo");
+  const endpoint = `https://chatgpt.com/backend-api/aip/connectors/${encodeURIComponent(parsed.connectorId)}/logo?theme=${parsed.theme}`;
+  const response = await fetch(endpoint, {
+    headers: {
+      Authorization: `Bearer ${auth.accessToken}`,
+      originator: "Codex Desktop",
+      "User-Agent": `Codex Desktop/0.1.0 (${process.platform}; ${process.arch})`,
+      ...auth.accountId ? { "ChatGPT-Account-Id": auth.accountId } : {}
+    },
+    signal: AbortSignal.timeout(1e4)
+  });
+  if (!response.ok) throw new Error(`Connector logo fetch failed (${response.status})`);
+  const contentType = response.headers.get("content-type") ?? "";
+  if (contentType.includes("application/json")) {
+    const payload = asRecord5(await response.json());
+    const body = asRecord5(payload?.body);
+    const base64 = readNonEmptyString(body?.base64);
+    const nestedContentType = readNonEmptyString(body?.contentType) ?? readNonEmptyString(body?.content_type);
+    if (!base64 || !nestedContentType) throw new Error("Connector logo response was missing image data");
+    return { contentType: nestedContentType, body: Buffer.from(base64, "base64") };
+  }
+  return {
+    contentType: contentType || "image/png",
+    body: Buffer.from(await response.arrayBuffer())
+  };
+}
 var STREAM_EVENT_BUFFER_LIMIT = 400;
 var MERGEABLE_ITEM_TYPES = /* @__PURE__ */ new Set([
   "commandExecution",
@@ -7844,6 +7948,23 @@ function createCodexBridgeMiddleware() {
         res.end(upstream.body);
         return;
       }
+      if (req.method === "GET" && url.pathname === "/codex-api/connector-logo") {
+        const src = url.searchParams.get("src")?.trim() ?? "";
+        if (!src) {
+          setJson4(res, 400, { error: "Missing src" });
+          return;
+        }
+        try {
+          const logo = await fetchConnectorLogo(src);
+          res.statusCode = 200;
+          res.setHeader("Content-Type", logo.contentType);
+          res.setHeader("Cache-Control", "private, max-age=3600");
+          res.end(logo.body);
+        } catch (error) {
+          setJson4(res, 502, { error: getErrorMessage5(error, "Failed to fetch connector logo") });
+        }
+        return;
+      }
       if (req.method === "POST" && url.pathname === "/codex-api/server-requests/respond") {
         const payload = await readJsonBody(req);
         await appServer.respondToServerRequest(payload);
@@ -8517,7 +8638,13 @@ data: ${JSON.stringify({ ok: true })}
 
 // src/server/authMiddleware.ts
 import { randomBytes as randomBytes2, timingSafeEqual } from "crypto";
+import { existsSync as existsSync4, mkdirSync, readFileSync as readFileSync3, renameSync, writeFileSync as writeFileSync2 } from "fs";
+import { homedir as homedir6 } from "os";
+import { dirname as dirname3, join as join7 } from "path";
 var TOKEN_COOKIE = "portal_session";
+var SESSION_TTL_MS = 30 * 24 * 60 * 60 * 1e3;
+var SESSION_STORE_FILE = "webui-auth-sessions.json";
+var MAX_PERSISTED_TOKENS = 128;
 function constantTimeCompare(a, b) {
   const bufA = Buffer.from(a);
   const bufB = Buffer.from(b);
@@ -8565,6 +8692,69 @@ function isTrustedTailscaleIPv6(remote) {
 function isTrustedTailscaleRemote(remote) {
   return isTrustedTailscaleIPv4(remote) || isTrustedTailscaleIPv6(remote);
 }
+function getCodexHomeDir4() {
+  const codexHome = process.env.CODEX_HOME?.trim();
+  return codexHome && codexHome.length > 0 ? codexHome : join7(homedir6(), ".codex");
+}
+function getSessionStorePath() {
+  return join7(getCodexHomeDir4(), SESSION_STORE_FILE);
+}
+function readPersistedSessions() {
+  const sessionStorePath = getSessionStorePath();
+  if (!existsSync4(sessionStorePath)) return /* @__PURE__ */ new Map();
+  try {
+    const raw = readFileSync3(sessionStorePath, "utf8");
+    const parsed = JSON.parse(raw);
+    const now = Date.now();
+    const sessions = /* @__PURE__ */ new Map();
+    for (const entry of parsed.tokens ?? []) {
+      const token = typeof entry?.value === "string" ? entry.value : "";
+      const expiresAt = typeof entry?.expiresAt === "number" ? entry.expiresAt : 0;
+      if (!token || !Number.isFinite(expiresAt) || expiresAt <= now) continue;
+      sessions.set(token, expiresAt);
+    }
+    return sessions;
+  } catch {
+    return /* @__PURE__ */ new Map();
+  }
+}
+function persistSessions(validTokens) {
+  const sessionStorePath = getSessionStorePath();
+  mkdirSync(dirname3(sessionStorePath), { recursive: true });
+  const tokens = Array.from(validTokens.entries()).sort((left, right) => right[1] - left[1]).slice(0, MAX_PERSISTED_TOKENS).map(([value, expiresAt]) => ({ value, expiresAt }));
+  const tmpPath = `${sessionStorePath}.tmp`;
+  writeFileSync2(tmpPath, `${JSON.stringify({ tokens }, null, 2)}
+`, { encoding: "utf8", mode: 384 });
+  renameSync(tmpPath, sessionStorePath);
+}
+function tryPersistSessions(validTokens) {
+  try {
+    persistSessions(validTokens);
+  } catch (error) {
+    console.warn("[auth] failed to persist login sessions:", error);
+  }
+}
+function pruneExpiredSessions(validTokens) {
+  const now = Date.now();
+  let changed = false;
+  for (const [token, expiresAt] of validTokens.entries()) {
+    if (expiresAt > now) continue;
+    validTokens.delete(token);
+    changed = true;
+  }
+  return changed;
+}
+function buildSessionCookie(token, expiresAt) {
+  const maxAgeSeconds = Math.max(0, Math.floor((expiresAt - Date.now()) / 1e3));
+  return [
+    `${TOKEN_COOKIE}=${token}`,
+    "Path=/",
+    "HttpOnly",
+    "SameSite=Lax",
+    `Max-Age=${String(maxAgeSeconds)}`,
+    `Expires=${new Date(expiresAt).toUTCString()}`
+  ].join("; ");
+}
 function isAuthorizedByRequestLike(remoteAddress, hostHeader, cookieHeader, validTokens) {
   const remote = remoteAddress ?? "";
   if (isLocalhostRemote(remote) && isLocalhostHost(hostHeader ?? "")) {
@@ -8575,7 +8765,9 @@ function isAuthorizedByRequestLike(remoteAddress, hostHeader, cookieHeader, vali
   }
   const cookies = parseCookies(cookieHeader);
   const token = cookies[TOKEN_COOKIE];
-  return Boolean(token && validTokens.has(token));
+  if (!token) return false;
+  const expiresAt = validTokens.get(token);
+  return typeof expiresAt === "number" && expiresAt > Date.now();
 }
 var LOGIN_PAGE_HTML = `<!DOCTYPE html>
 <html lang="en">
@@ -8619,8 +8811,14 @@ form.addEventListener('submit',async e=>{
 </body>
 </html>`;
 function createAuthSession(password) {
-  const validTokens = /* @__PURE__ */ new Set();
+  const validTokens = readPersistedSessions();
+  if (pruneExpiredSessions(validTokens)) {
+    tryPersistSessions(validTokens);
+  }
   const middleware = (req, res, next) => {
+    if (pruneExpiredSessions(validTokens)) {
+      tryPersistSessions(validTokens);
+    }
     if (isAuthorizedByRequestLike(req.socket.remoteAddress, req.headers.host, req.headers.cookie, validTokens)) {
       next();
       return;
@@ -8632,19 +8830,27 @@ function createAuthSession(password) {
         body += chunk;
       });
       req.on("end", () => {
+        let parsed;
+        try {
+          parsed = JSON.parse(body);
+        } catch {
+          res.status(400).json({ error: "Invalid request body" });
+          return;
+        }
+        const provided = typeof parsed.password === "string" ? parsed.password : "";
+        if (!constantTimeCompare(provided, password)) {
+          res.status(401).json({ error: "Invalid password" });
+          return;
+        }
         try {
-          const parsed = JSON.parse(body);
-          const provided = typeof parsed.password === "string" ? parsed.password : "";
-          if (!constantTimeCompare(provided, password)) {
-            res.status(401).json({ error: "Invalid password" });
-            return;
-          }
           const token = randomBytes2(32).toString("hex");
-          validTokens.add(token);
-          res.setHeader("Set-Cookie", `${TOKEN_COOKIE}=${token}; Path=/; HttpOnly; SameSite=Strict`);
+          const expiresAt = Date.now() + SESSION_TTL_MS;
+          validTokens.set(token, expiresAt);
+          tryPersistSessions(validTokens);
+          res.setHeader("Set-Cookie", buildSessionCookie(token, expiresAt));
           res.json({ ok: true });
         } catch {
-          res.status(400).json({ error: "Invalid request body" });
+          res.status(500).json({ error: "Failed to create login session" });
         }
       });
       return;
@@ -8653,8 +8859,10 @@ function createAuthSession(password) {
       const provided = req.path.slice("/password=".length);
       if (constantTimeCompare(provided, password)) {
         const token = randomBytes2(32).toString("hex");
-        validTokens.add(token);
-        res.setHeader("Set-Cookie", `${TOKEN_COOKIE}=${token}; Path=/; HttpOnly; SameSite=Strict`);
+        const expiresAt = Date.now() + SESSION_TTL_MS;
+        validTokens.set(token, expiresAt);
+        tryPersistSessions(validTokens);
+        res.setHeader("Set-Cookie", buildSessionCookie(token, expiresAt));
         res.redirect(302, "/");
         return;
       }
@@ -8669,7 +8877,7 @@ function createAuthSession(password) {
 }
 
 // src/server/localBrowseUi.ts
-import { dirname as dirname3, extname as extname2, join as join7 } from "path";
+import { dirname as dirname4, extname as extname2, join as join8 } from "path";
 import { open, readFile as readFile4, readdir as readdir3, stat as stat5 } from "fs/promises";
 var TEXT_EDITABLE_EXTENSIONS = /* @__PURE__ */ new Set([
   ".txt",
@@ -8817,7 +9025,7 @@ function escapeForInlineScriptString(value) {
 async function getDirectoryItems(localPath) {
   const entries = await readdir3(localPath, { withFileTypes: true });
   const withMeta = await Promise.all(entries.map(async (entry) => {
-    const entryPath = join7(localPath, entry.name);
+    const entryPath = join8(localPath, entry.name);
     const entryStat = await stat5(entryPath);
     const editable = !entry.isDirectory() && await isTextEditableFile(entryPath);
     return {
@@ -8838,7 +9046,7 @@ async function getDirectoryItems(localPath) {
 function projectCreationTargetPath(parentPath, newProjectName) {
   const normalizedName = normalizeNewProjectName(newProjectName);
   if (!normalizedName) return "";
-  return join7(parentPath, normalizedName);
+  return join8(parentPath, normalizedName);
 }
 function projectCreationButtonLabel(newProjectName) {
   const normalizedName = normalizeNewProjectName(newProjectName);
@@ -8867,7 +9075,7 @@ async function getLocalDirectoryListing(localPath, options = {}) {
   const entries = await readdir3(localPath, { withFileTypes: true });
   const directories = entries.filter((entry) => entry.isDirectory()).map((entry) => ({
     name: entry.name,
-    path: join7(localPath, entry.name)
+    path: join8(localPath, entry.name)
   })).filter((entry) => options.showHidden === true || !isHiddenName(entry.name)).sort((a, b) => {
     const aHidden = isHiddenName(a.name);
     const bHidden = isHiddenName(b.name);
@@ -8876,14 +9084,14 @@ async function getLocalDirectoryListing(localPath, options = {}) {
   });
   return {
     path: localPath,
-    parentPath: dirname3(localPath),
+    parentPath: dirname4(localPath),
     entries: directories
   };
 }
 async function createDirectoryListingHtml(localPath, options) {
   const newProjectName = normalizeNewProjectName(options?.newProjectName ?? "");
   const items = await getDirectoryItems(localPath);
-  const parentPath = dirname3(localPath);
+  const parentPath = dirname4(localPath);
   const rows = items.map((item) => {
     const suffix = item.isDirectory ? "/" : "";
     const editAction = item.editable ? ` <a class="icon-btn" aria-label="Edit ${escapeHtml2(item.name)}" href="${escapeHtml2(toEditHref(item.path, newProjectName))}" title="Edit">\u270F\uFE0F</a>` : "";
@@ -8989,7 +9197,7 @@ async function createDirectoryListingHtml(localPath, options) {
 }
 async function createTextEditorHtml(localPath) {
   const content = await readFile4(localPath, "utf8");
-  const parentPath = dirname3(localPath);
+  const parentPath = dirname4(localPath);
   const language = languageForPath(localPath);
   const safeContentLiteral = escapeForInlineScriptString(content);
   return `<!doctype html>
@@ -9058,9 +9266,9 @@ async function createTextEditorHtml(localPath) {
 
 // src/server/httpServer.ts
 import { WebSocketServer } from "ws";
-var __dirname = dirname4(fileURLToPath(import.meta.url));
-var distDir = join8(__dirname, "..", "dist");
-var spaEntryFile = join8(distDir, "index.html");
+var __dirname = dirname5(fileURLToPath(import.meta.url));
+var distDir = join9(__dirname, "..", "dist");
+var spaEntryFile = join9(distDir, "index.html");
 var IMAGE_CONTENT_TYPES = {
   ".avif": "image/avif",
   ".bmp": "image/bmp",
@@ -9229,7 +9437,7 @@ function createServer(options = {}) {
       res.status(404).json({ error: "File not found." });
     }
   });
-  const hasFrontendAssets = existsSync4(spaEntryFile);
+  const hasFrontendAssets = existsSync5(spaEntryFile);
   if (hasFrontendAssets) {
     app.use(express.static(distDir));
   }
@@ -9299,26 +9507,26 @@ function generatePassword() {
 
 // src/cli/index.ts
 var program = new Command().name("codexui").description("Web interface for Codex app-server");
-var __dirname2 = dirname5(fileURLToPath2(import.meta.url));
+var __dirname2 = dirname6(fileURLToPath2(import.meta.url));
 var hasPromptedCloudflaredInstall = false;
 function getCodexHomePath() {
-  return process.env.CODEX_HOME?.trim() || join9(homedir6(), ".codex");
+  return process.env.CODEX_HOME?.trim() || join10(homedir7(), ".codex");
 }
 function getCloudflaredPromptMarkerPath() {
-  return join9(getCodexHomePath(), ".cloudflared-install-prompted");
+  return join10(getCodexHomePath(), ".cloudflared-install-prompted");
 }
 function hasPromptedCloudflaredInstallPersisted() {
-  return existsSync5(getCloudflaredPromptMarkerPath());
+  return existsSync6(getCloudflaredPromptMarkerPath());
 }
 async function persistCloudflaredInstallPrompted() {
   const codexHome = getCodexHomePath();
-  mkdirSync(codexHome, { recursive: true });
+  mkdirSync2(codexHome, { recursive: true });
   await writeFile6(getCloudflaredPromptMarkerPath(), `${Date.now()}
 `, "utf8");
 }
 async function readCliVersion() {
   try {
-    const packageJsonPath = join9(__dirname2, "..", "package.json");
+    const packageJsonPath = join10(__dirname2, "..", "package.json");
     const raw = await readFile5(packageJsonPath, "utf8");
     const parsed = JSON.parse(raw);
     return typeof parsed.version === "string" ? parsed.version : "unknown";
@@ -9343,8 +9551,8 @@ function resolveCloudflaredCommand() {
   if (canRunCommand("cloudflared", ["--version"])) {
     return "cloudflared";
   }
-  const localCandidate = join9(homedir6(), ".local", "bin", "cloudflared");
-  if (existsSync5(localCandidate) && canRunCommand(localCandidate, ["--version"])) {
+  const localCandidate = join10(homedir7(), ".local", "bin", "cloudflared");
+  if (existsSync6(localCandidate) && canRunCommand(localCandidate, ["--version"])) {
     return localCandidate;
   }
   return null;
@@ -9397,9 +9605,9 @@ async function ensureCloudflaredInstalledLinux() {
   if (!mappedArch) {
     throw new Error(`cloudflared auto-install is not supported for Linux architecture: ${process.arch}`);
   }
-  const userBinDir = join9(homedir6(), ".local", "bin");
-  mkdirSync(userBinDir, { recursive: true });
-  const destination = join9(userBinDir, "cloudflared");
+  const userBinDir = join10(homedir7(), ".local", "bin");
+  mkdirSync2(userBinDir, { recursive: true });
+  const destination = join10(userBinDir, "cloudflared");
   const downloadUrl = `https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-${mappedArch}`;
   console.log("\ncloudflared not found. Installing to ~/.local/bin...\n");
   await downloadFile(downloadUrl, destination);
@@ -9450,7 +9658,7 @@ async function resolveCloudflaredForTunnel() {
 }
 function hasCodexAuth() {
   const codexHome = getCodexHomePath();
-  return existsSync5(join9(codexHome, "auth.json"));
+  return existsSync6(join10(codexHome, "auth.json"));
 }
 function ensureCodexInstalled() {
   let codexCommand = resolveCodexCommand();
@@ -9640,7 +9848,7 @@ function listenWithFallback(server, startPort) {
 }
 function getCodexGlobalStatePath2() {
   const codexHome = getCodexHomePath();
-  return join9(codexHome, ".codex-global-state.json");
+  return join10(codexHome, ".codex-global-state.json");
 }
 function normalizeUniqueStrings(value) {
   if (!Array.isArray(value)) return [];