ethagent 2.1.1 → 2.2.0

package/src/auth/openaiOAuth/shared.ts

@@ -0,0 +1,115 @@
+export const OPENAI_OAUTH_ISSUER = 'https://auth.openai.com'
+export const OPENAI_OAUTH_TOKEN_URL = `${OPENAI_OAUTH_ISSUER}/oauth/token`
+export const OPENAI_OAUTH_CLIENT_ID = 'app_EMoamEEZ73f0CkXaXp7hrann'
+export const OPENAI_OAUTH_CALLBACK_PORT = 1455
+export const OPENAI_OAUTH_SCOPE =
+  'openid profile email offline_access api.connectors.read api.connectors.invoke'
+export const OPENAI_OAUTH_ORIGINATOR = 'codex_cli_rs'
+export const OPENAI_API_KEY_TOKEN_NAME = 'openai-api-key'
+export const OPENAI_ID_TOKEN_SUBJECT_TYPE =
+  'urn:ietf:params:oauth:token-type:id_token'
+export const OPENAI_TOKEN_EXCHANGE_GRANT =
+  'urn:ietf:params:oauth:grant-type:token-exchange'
+
+export function asTrimmedString(value: unknown): string | undefined {
+  if (typeof value !== 'string') return undefined
+  const trimmed = value.trim()
+  return trimmed ? trimmed : undefined
+}
+
+export function decodeJwtPayload(
+  token: string,
+): Record<string, unknown> | undefined {
+  const parts = token.split('.')
+  if (parts.length < 2) return undefined
+  const segment = parts[1]
+  if (!segment) return undefined
+
+  try {
+    const normalized = segment.replace(/-/g, '+').replace(/_/g, '/')
+    const padded = normalized + '='.repeat((4 - (normalized.length % 4)) % 4)
+    const json = Buffer.from(padded, 'base64').toString('utf8')
+    const parsed = JSON.parse(json) as unknown
+    return parsed && typeof parsed === 'object'
+      ? (parsed as Record<string, unknown>)
+      : undefined
+  } catch {
+    return undefined
+  }
+}
+
+export function parseChatgptAccountId(
+  token: string | undefined,
+): string | undefined {
+  if (!token) return undefined
+
+  const payload = decodeJwtPayload(token)
+  const nestedAuthRaw = payload?.['https://api.openai.com/auth']
+  const nestedAuth =
+    nestedAuthRaw && typeof nestedAuthRaw === 'object'
+      ? (nestedAuthRaw as Record<string, unknown>)
+      : undefined
+
+  return (
+    asTrimmedString(
+      nestedAuth?.chatgpt_account_id ??
+        payload?.['https://api.openai.com/auth.chatgpt_account_id'] ??
+        payload?.chatgpt_account_id,
+    ) ?? undefined
+  )
+}
+
+export function escapeHtml(value: string): string {
+  return value.replace(/[&<>"']/g, char => {
+    switch (char) {
+      case '&':
+        return '&amp;'
+      case '<':
+        return '&lt;'
+      case '>':
+        return '&gt;'
+      case '"':
+        return '&quot;'
+      case '\'':
+        return '&#39;'
+      default:
+        return char
+    }
+  })
+}
+
+export async function exchangeIdTokenForApiKey(idToken: string): Promise<string> {
+  const body = new URLSearchParams({
+    grant_type: OPENAI_TOKEN_EXCHANGE_GRANT,
+    client_id: OPENAI_OAUTH_CLIENT_ID,
+    requested_token: OPENAI_API_KEY_TOKEN_NAME,
+    subject_token: idToken,
+    subject_token_type: OPENAI_ID_TOKEN_SUBJECT_TYPE,
+  })
+
+  const response = await fetch(OPENAI_OAUTH_TOKEN_URL, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body,
+    signal: AbortSignal.timeout(15_000),
+  })
+
+  if (!response.ok) {
+    const bodyText = await response.text().catch(() => '')
+    throw new Error(
+      bodyText.trim()
+        ? `OpenAI API key exchange failed (${response.status}): ${bodyText.trim()}`
+        : `OpenAI API key exchange failed with status ${response.status}.`,
+    )
+  }
+
+  const payload = (await response.json()) as { access_token?: string }
+  const apiKey = asTrimmedString(payload.access_token)
+  if (!apiKey) {
+    throw new Error(
+      'OpenAI API key exchange completed, but no key was returned.',
+    )
+  }
+
+  return apiKey
+}

package/src/chat/chatSessionState.ts

@@ -5,6 +5,7 @@ import type { MessageRow } from './MessageList.js'
 import type { ModelPickerSelection } from '../models/ModelPicker.js'
 import { sessionMessagesToRows } from './chatScreenUtils.js'
 import { formatModelDisplayName } from '../models/modelDisplay.js'
+import { providerDisplayName } from '../models/modelPickerOptions.js'
 
 export type ModelSelectionResolution =
   | { kind: 'noop' }
@@ -69,7 +70,7 @@ export function resolveModelSelection(
   return {
     kind: 'switch',
     config: nextConfig,
-    notice: `${selection.keyJustSet ? `${selection.provider} key saved.` : `${selection.provider} ready.`} Now using ${nextConfig.provider} · ${formatModelDisplayName(nextConfig.provider, nextConfig.model, { maxLength: 64 })}.`,
+    notice: `${selection.keyJustSet ? `${providerDisplayName(selection.provider)} key saved.` : `${providerDisplayName(selection.provider)} ready.`} Now using ${providerDisplayName(nextConfig.provider)} · ${formatModelDisplayName(nextConfig.provider, nextConfig.model, { maxLength: 64 })}.`,
     tone: 'dim',
   }
 }

package/src/chat/commands.ts

@@ -19,6 +19,7 @@ import { setCwd } from '../runtime/cwd.js'
 import type { SessionMode } from '../runtime/sessionMode.js'
 import type { ContextUsage } from '../runtime/compaction.js'
 import { formatModelDisplayName } from '../models/modelDisplay.js'
+import { providerDisplayName } from '../models/modelPickerOptions.js'
 import type { McpManager } from '../mcp/manager.js'
 
 export type IdentityRequestAction =
@@ -210,7 +211,7 @@ const COMMANDS: CommandSpec[] = [
       }
       await saveConfig(next)
       ctx.onReplaceConfig(next)
-      return { kind: 'note', text: `Now using ${next.provider} · ${formatModelDisplayName(next.provider, name, { maxLength: 64 })}.` }
+      return { kind: 'note', text: `Now using ${providerDisplayName(next.provider)} · ${formatModelDisplayName(next.provider, name, { maxLength: 64 })}.` }
     },
   },
   {

package/src/identity/ens/agentRecords.ts

@@ -1,20 +1,17 @@
 export const AGENT_RECORD_KEYS = {
-  token:   'org.ethagent.token',
-  profile: 'org.ethagent.profile',
+  token: 'org.ethagent.token',
 } as const
 
 type AgentRecordKey = typeof AGENT_RECORD_KEYS[keyof typeof AGENT_RECORD_KEYS]
 
 export const AGENT_RECORD_KEY_LIST: readonly AgentRecordKey[] = [
   AGENT_RECORD_KEYS.token,
-  AGENT_RECORD_KEYS.profile,
 ] as const
 
 export const AGENT_RECORD_READ_KEY_LIST: readonly string[] = AGENT_RECORD_KEY_LIST
 
 export type AgentEnsRecords = {
   token?: string
-  profile?: string
 }
 
 export type AgentEnsRecordState = AgentEnsRecords
@@ -28,19 +25,16 @@ export type AgentRecordDiff = {
 }
 
 const FIELD_FOR_KEY: Record<AgentRecordKey, keyof AgentEnsRecords> = {
-  [AGENT_RECORD_KEYS.token]:   'token',
-  [AGENT_RECORD_KEYS.profile]: 'profile',
+  [AGENT_RECORD_KEYS.token]: 'token',
 }
 
 const LABEL_FOR_FIELD: Record<keyof AgentEnsRecordState, string> = {
-  token:   'Agent token',
-  profile: 'Agent profile',
+  token: 'Agent token',
 }
 
 export function recordsFromTextMap(text: Record<string, string>): AgentEnsRecordState {
   return {
-    token:   text[AGENT_RECORD_KEYS.token]   ?? '',
-    profile: text[AGENT_RECORD_KEYS.profile] ?? '',
+    token: text[AGENT_RECORD_KEYS.token] ?? '',
   }
 }
 
@@ -71,11 +65,7 @@ export function recordLabel(field: keyof AgentEnsRecordState): string {
   return LABEL_FOR_FIELD[field]
 }
 
-export function formatRecordValue(field: keyof AgentEnsRecordState, value: string): string {
-  if (field === 'profile' && value.startsWith('ipfs://')) {
-    const cid = value.slice('ipfs://'.length)
-    return cid.length > 18 ? `ipfs://${cid.slice(0, 10)}...${cid.slice(-6)}` : value
-  }
+export function formatRecordValue(_field: keyof AgentEnsRecordState, value: string): string {
   return value
 }
 
@@ -83,14 +73,10 @@ export function buildAgentEnsRecords(args: {
   chainId: number
   identityRegistryAddress: string
   agentId: string | undefined
-  agentCardCid: string | undefined
 }): AgentEnsRecords {
   const records: AgentEnsRecords = {}
   if (args.agentId) {
     records.token = `eip155:${args.chainId}:${args.identityRegistryAddress.toLowerCase()}:${args.agentId}`
   }
-  if (args.agentCardCid) {
-    records.profile = `ipfs://${args.agentCardCid}`
-  }
   return records
 }

package/src/identity/ens/ensAutomation/setup.ts

@@ -230,7 +230,6 @@ export async function preflightEnsSetup(args: EnsSetupPreflightArgs): Promise<En
     chainId: args.registry.chainId,
     identityRegistryAddress: args.registry.identityRegistryAddress,
     agentId: String(args.agentId),
-    agentCardCid: args.agentCardCid,
   })
   if (currentRecords.token && nextRecords.token && currentRecords.token !== nextRecords.token) {
     return manual(args, {

package/src/identity/ens/ensAutomation/types.ts

@@ -82,7 +82,6 @@ export type EnsSetupPreflightArgs = {
   allowSameOwnerOperator?: boolean
   registry: Erc8004RegistryConfig
   agentId: string | bigint | undefined
-  agentCardCid?: string
   ensClient?: EnsAutomationReadClient
   tokenPublicClient?: TokenOwnerReadClient
 }

package/src/identity/hub/OperationalRoutes.tsx

@@ -2,9 +2,6 @@ import React from 'react'
 import { hasPendingPublish } from './model/continuity.js'
 import type { ProfileUpdates } from './identityHubReducer.js'
 import { clearPinataJwt, savePinataJwt } from '../storage/pinataJwt.js'
-import {
-  runFixRecordsSubmit,
-} from './effects/restoreAdmin.js'
 import {
   runRebackupStorageSubmit,
 } from './effects/rebackup/runRebackup.js'
@@ -203,11 +200,13 @@ export const IdentityHubOperationalRoutes: React.FC<IdentityHubOperationalRoutes
       <IdentityHubEnsFlow
         step={step}
         walletSession={walletSession}
+        reconciliation={reconciliation}
         onSetStep={setStep}
         onBack={back}
         onWalletReady={setWalletSession}
         onTriggerRebackup={triggerRebackup}
         onTriggerPublicProfileSave={triggerPublicProfileSave}
+        onWithdrawTokenForEns={currentStep => custodyFlow.beginWithdrawToken(currentStep, currentStep, 'ens')}
       />
     )
   }
@@ -240,14 +239,6 @@ export const IdentityHubOperationalRoutes: React.FC<IdentityHubOperationalRoutes
         onManageOperatorWallets={() => {
           setStep({ kind: 'manage-ens-operators', identity: step.identity, registry: step.registry, returnTo: step })
         }}
-        onFixRecords={async plan => {
-          try {
-            await runFixRecordsSubmit({ identity: step.identity, registry: step.registry, plan, callbacks })
-            setStep({ ...step })
-          } catch (err: unknown) {
-            handleStepError(err, step)
-          }
-        }}
         onPrepareTransfer={openTokenTransferFlow}
         onBack={back}
       />

package/src/identity/hub/components/IdentitySummary.tsx

@@ -25,11 +25,12 @@ interface IdentitySummaryProps {
   config?: EthagentConfig
   workingStatus?: ContinuityWorkingTreeStatus | null
   hideLocalChanges?: boolean
+  hideHeader?: boolean
   tokenLinked?: boolean
   onchainOwner?: string
 }
 
-export const IdentitySummary: React.FC<IdentitySummaryProps> = ({ identity, config, workingStatus, hideLocalChanges = false, tokenLinked = true, onchainOwner }) => {
+export const IdentitySummary: React.FC<IdentitySummaryProps> = ({ identity, config, workingStatus, hideLocalChanges = false, hideHeader = false, tokenLinked = true, onchainOwner }) => {
   if (!identity) {
     return (
       <Text color={theme.dim}>No agent yet. Create or load one.</Text>
@@ -60,8 +61,12 @@ export const IdentitySummary: React.FC<IdentitySummaryProps> = ({ identity, conf
 
   return (
     <Box flexDirection="column">
-      <Text color={theme.accentPeriwinkle} bold>{stateName || 'Active Agent'}</Text>
-      <Text color={identity.agentId ? theme.text : theme.dim} bold={Boolean(identity.agentId)}>{tokenLine}</Text>
+      {hideHeader ? null : (
+        <>
+          <Text color={theme.accentPeriwinkle} bold>{stateName || 'Active Agent'}</Text>
+          <Text color={identity.agentId ? theme.text : theme.dim} bold={Boolean(identity.agentId)}>{tokenLine}</Text>
+        </>
+      )}
       <Text>
         <Text color={theme.dim}>{'ENS'.padEnd(12)}</Text>
         {ensStatus.kind === 'linked'

package/src/identity/hub/components/MenuScreen.tsx

@@ -85,7 +85,7 @@ export const MenuScreen: React.FC<MenuScreenProps> = ({
     ? menuFlagsFromReconciliation(reconciliation, perspective)
     : (perspective === 'operator'
       ? menuFlagsFromReconciliation({
-          token: 'unknown', custody: 'unknown', agentUri: 'unknown', ensRecords: 'unknown',
+          token: 'unknown', custody: 'unknown', agentUri: 'unknown',
           vault: 'unknown', workingTree: 'unknown', rpc: 'reachable', driftCount: 0, lastCheckedAt: '',
         }, perspective)
       : null)
@@ -223,7 +223,6 @@ function renderReconciliationBanner(r: AgentReconciliation, identity: EthagentId
   if (r.custody === 'mid-flow-uri-pending') lines.push('Advanced setup pending. Open Custody Mode to finish.')
   if (r.agentUri === 'local-newer') lines.push('Local state newer than chain. Save Snapshot Now to publish.')
   if (r.agentUri === 'chain-newer') lines.push('Onchain agentURI is newer than local. Refetch Latest.')
-  if (r.ensRecords === 'drift') lines.push('ENS records out of sync. Open Custody Mode to Fix Records.')
   if (r.vault === 'missing') lines.push('Recorded vault address has no contract at it. Open Custody Mode to redeploy.')
   if (r.workingTree === 'dirty') lines.push('Local edits pending. Save Snapshot Now to publish.')
   return (

package/src/identity/hub/components/menuFlagsFromReconciliation.ts

@@ -30,7 +30,7 @@ export function menuFlagsFromReconciliation(r: AgentReconciliation, perspective:
     prepareTransferReason = 'Token is in the vault. Withdraw it first in Custody Mode.'
   }
 
-  const custodyAsterisk = r.custody === 'mid-flow-uri-pending' || r.ensRecords === 'drift' || r.vault === 'missing'
+  const custodyAsterisk = r.custody === 'mid-flow-uri-pending' || r.vault === 'missing'
   let custodyHint: string | undefined
   if (isOperator) {
     custodyHint = undefined
@@ -38,8 +38,6 @@ export function menuFlagsFromReconciliation(r: AgentReconciliation, perspective:
     custodyHint = 'Advanced setup pending. Open to finish.'
   } else if (r.vault === 'missing') {
     custodyHint = 'Vault contract not found. Open to redeploy.'
-  } else if (r.ensRecords === 'drift') {
-    custodyHint = 'ENS records out of sync. Open to fix.'
   }
 
   const custodyModeReason = isOperator

package/src/identity/hub/effects/ens/transactions.ts

@@ -1,15 +1,15 @@
-import type { Address, Hex, PublicClient } from 'viem'
-import {
-  DEFAULT_ETHEREUM_RPC_URL,
-  RegisterAgentPreflightError,
-  createErc8004PublicClient,
-  supportedErc8004ChainForId,
-} from '../../../registry/erc8004.js'
-import { encodeSetEthagentTextRecords } from '../../../ens/ensLookup.js'
-import { encodeEnsRecordsTransaction, encodeEnsRegistryTransaction, type EnsSetupPlan } from '../../../ens/ensAutomation.js'
-import type { AgentEnsRecordState, AgentEnsRecords } from '../../../ens/agentRecords.js'
-import { changedRecords } from '../../../ens/agentRecords.js'
-import { sendBrowserWalletTransaction, type BrowserWalletSession, type WalletPurpose } from '../../../wallet/browserWallet.js'
+import type { Address, Hex, PublicClient } from 'viem'
+import {
+  DEFAULT_ETHEREUM_RPC_URL,
+  RegisterAgentPreflightError,
+  createErc8004PublicClient,
+  supportedErc8004ChainForId,
+} from '../../../registry/erc8004.js'
+import { encodeSetEthagentTextRecords } from '../../../ens/ensLookup.js'
+import { encodeEnsRecordsTransaction, encodeEnsRegistryTransaction, type EnsSetupPlan } from '../../../ens/ensAutomation.js'
+import type { AgentEnsRecordState, AgentEnsRecords } from '../../../ens/agentRecords.js'
+import { changedRecords } from '../../../ens/agentRecords.js'
+import { sendBrowserWalletTransaction, type BrowserWalletSession, type WalletPurpose } from '../../../wallet/browserWallet.js'
 import type { EffectCallbacks } from '../types.js'
 function chainLabel(chainId: number): string {
   return supportedErc8004ChainForId(chainId)?.name ?? `chain ${chainId}`
@@ -84,9 +84,9 @@ export function ensRecordWritesForUpdate(args: {
   clearRecords?: boolean
 }): Record<string, string> {
   if (args.clearRecords) {
-    return changedRecords(args.currentRecords ?? {}, { token: '', profile: '' })
+    return changedRecords(args.currentRecords ?? {}, { token: '' })
   }
-  return changedRecords(args.currentRecords ?? { token: '', profile: '' }, args.records)
+  return changedRecords(args.currentRecords ?? { token: '' }, args.records)
 }
 
 export async function runEnsSetupRegistryTransaction(args: {
@@ -187,7 +187,7 @@ export async function runEnsSetupRecordsTransaction(args: {
   return { txHash: result.txHash }
 }
 
-export function createMainnetEnsPublicClient(): PublicClient {
+export function createMainnetEnsPublicClient(): PublicClient {
   return createErc8004PublicClient({
     chainId: 1,
     rpcUrl: DEFAULT_ETHEREUM_RPC_URL,

package/src/identity/hub/effects/index.ts

@@ -52,7 +52,6 @@ export {
   runStorageSubmit,
 } from './create.js'
 export {
-  runFixRecordsSubmit,
   runRestoreRegistrySubmit,
 } from './restoreAdmin.js'
 export {

package/src/identity/hub/effects/profile/profileState.ts

@@ -71,11 +71,19 @@ export function applyEnsValidationState(
       throw new Error('Advanced custody requires owner wallet and operator wallet addresses')
     }
     const ownerAddress = getAddress(ownerAddressValue)
-    const existingOperators = mergeApprovedOperatorWallets(baseState.approvedOperatorWallets, profile.approvedOperatorWallets ?? [], { walletAddress: ownerAddress })
-    const approvedOperatorWallets = upsertApprovedOperatorWallet(existingOperators, getAddress(operatorWallet), { walletAddress: ownerAddress })
     setOwnerAddressField(state, getAddress(ownerAddress))
-    state.approvedOperatorWallets = approvedOperatorWallets
-    state.activeOperatorAddress = getAddress(operatorWallet)
+    const operatorTouched =
+      profile.approvedOperatorWallets !== undefined
+      || profile.activeOperatorAddress !== undefined
+    if (operatorTouched) {
+      const existingOperators = mergeApprovedOperatorWallets(baseState.approvedOperatorWallets, profile.approvedOperatorWallets ?? [], { walletAddress: ownerAddress })
+      const approvedOperatorWallets = upsertApprovedOperatorWallet(existingOperators, getAddress(operatorWallet), { walletAddress: ownerAddress })
+      state.approvedOperatorWallets = approvedOperatorWallets
+      state.activeOperatorAddress = getAddress(operatorWallet)
+    } else {
+      state.approvedOperatorWallets = normalizeApprovedOperatorWallets(baseState.approvedOperatorWallets)
+      state.activeOperatorAddress = getAddress(operatorWallet)
+    }
     return
   }
   clearOwnerAddressField(state)