hedgequantx 2.6.94 → 2.6.96

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hedgequantx",
-  "version": "2.6.94",
+  "version": "2.6.96",
   "description": "HedgeQuantX - Prop Futures Trading CLI",
   "main": "src/app.js",
   "bin": {

package/src/menus/ai-agent.js

@@ -15,6 +15,7 @@ const oauthOpenai = require('../services/ai/oauth-openai');
 const oauthGemini = require('../services/ai/oauth-gemini');
 const oauthQwen = require('../services/ai/oauth-qwen');
 const oauthIflow = require('../services/ai/oauth-iflow');
+const proxyManager = require('../services/ai/proxy-manager');
 
 /**
  * Main AI Agent menu
@@ -781,6 +782,9 @@ const getOAuthConfig = (providerId) => {
 
 /**
  * Setup OAuth connection for any provider with OAuth support
+ * Automatically detects environment and uses the appropriate method:
+ * - Local (PC/Mac): Uses CLIProxyAPI for automatic token management
+ * - Remote (VPS/Server): Uses cli.hedgequantx.com as OAuth relay
  */
 const setupOAuthConnection = async (provider) => {
   const config = getOAuthConfig(provider.id);
@@ -790,16 +794,369 @@ const setupOAuthConnection = async (provider) => {
     return await selectProviderOption(provider);
   }
   
-  // Use device flow for Qwen
-  if (config.isDeviceFlow) {
-    return await setupDeviceFlowOAuth(provider, config);
+  // Check if we can open a browser locally
+  const canUseBrowser = proxyManager.canOpenBrowser();
+  const isServer = proxyManager.isServerEnvironment();
+  
+  // If on server or can't open browser, use remote OAuth
+  if (isServer || !canUseBrowser) {
+    // Only anthropic is supported for remote OAuth currently
+    if (provider.id === 'anthropic') {
+      return await setupRemoteOAuth(provider, config);
+    } else {
+      // For other providers on VPS, show message
+      const boxWidth = getLogoWidth();
+      const W = boxWidth - 2;
+      const makeLine = (content) => {
+        const plainLen = content.replace(/\x1b\[[0-9;]*m/g, '').length;
+        const padding = W - plainLen;
+        return chalk.cyan('║') + ' ' + content + ' '.repeat(Math.max(0, padding - 1)) + chalk.cyan('║');
+      };
+      
+      console.clear();
+      displayBanner();
+      drawBoxHeaderContinue('SERVER DETECTED', boxWidth);
+      
+      console.log(makeLine(chalk.yellow('VPS/SERVER ENVIRONMENT DETECTED')));
+      console.log(makeLine(''));
+      console.log(makeLine(chalk.white('OAuth for this provider requires a browser.')));
+      console.log(makeLine(''));
+      console.log(makeLine(chalk.white('OPTIONS:')));
+      console.log(makeLine(chalk.cyan('1. Use Claude (supports remote OAuth)')));
+      console.log(makeLine(chalk.cyan('2. Use API Key instead of OAuth')));
+      console.log(makeLine(chalk.cyan('3. Run this on a local machine first')));
+      console.log(makeLine(''));
+      
+      drawBoxFooter(boxWidth);
+      await prompts.waitForEnter();
+      return await selectProviderOption(provider);
+    }
+  }
+  
+  // Local machine - use CLIProxyAPI
+  return await setupProxyOAuth(provider, config);
+};
+
+/**
+ * Setup OAuth via Remote Relay (for VPS/Server users)
+ * Uses cli.hedgequantx.com to receive OAuth callbacks
+ */
+const setupRemoteOAuth = async (provider, config) => {
+  const boxWidth = getLogoWidth();
+  const W = boxWidth - 2;
+  
+  const makeLine = (content) => {
+    const plainLen = content.replace(/\x1b\[[0-9;]*m/g, '').length;
+    const padding = W - plainLen;
+    return chalk.cyan('║') + ' ' + content + ' '.repeat(Math.max(0, padding - 1)) + chalk.cyan('║');
+  };
+  
+  console.clear();
+  displayBanner();
+  drawBoxHeaderContinue(`CONNECT ${config.name}`, boxWidth);
+  
+  console.log(makeLine(chalk.yellow('REMOTE AUTHENTICATION (VPS/SERVER)')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.white('CREATING SECURE SESSION...')));
+  
+  drawBoxFooter(boxWidth);
+  
+  const spinner = ora({ text: 'Creating OAuth session...', color: 'cyan' }).start();
+  
+  let sessionData;
+  try {
+    sessionData = await proxyManager.createRemoteSession(provider.id);
+  } catch (error) {
+    spinner.fail(`Failed to create session: ${error.message}`);
+    await prompts.waitForEnter();
+    return await selectProviderOption(provider);
+  }
+  
+  spinner.stop();
+  
+  // Show URL to user
+  console.clear();
+  displayBanner();
+  drawBoxHeaderContinue(`CONNECT ${config.name}`, boxWidth);
+  
+  console.log(makeLine(chalk.yellow('LOGIN TO YOUR ACCOUNT')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.white('1. OPEN THE LINK BELOW IN ANY BROWSER')));
+  console.log(makeLine(chalk.white('   (Phone, laptop, any device)')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.white(`2. LOGIN WITH YOUR ${config.accountName.toUpperCase()} ACCOUNT`)));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.white('3. AUTHORIZE THE APPLICATION')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.green('THE CLI WILL DETECT WHEN YOU AUTHORIZE')));
+  console.log(makeLine(''));
+  
+  drawBoxFooter(boxWidth);
+  
+  // Display URL outside the box for easy copy
+  console.log();
+  console.log(chalk.yellow('  OPEN THIS URL IN YOUR BROWSER:'));
+  console.log();
+  console.log(chalk.cyan(`  ${sessionData.authUrl}`));
+  console.log();
+  
+  // Poll for completion
+  const authSpinner = ora({ text: 'Waiting for authorization...', color: 'cyan' }).start();
+  
+  let tokenData;
+  try {
+    tokenData = await proxyManager.waitForRemoteAuth(sessionData.sessionId, 300000, (msg) => {
+      authSpinner.text = msg;
+    });
+  } catch (error) {
+    authSpinner.fail(`Authorization failed: ${error.message}`);
+    await prompts.waitForEnter();
+    return await selectProviderOption(provider);
+  }
+  
+  authSpinner.succeed('Authorization successful!');
+  
+  // Save credentials
+  const credentials = {
+    oauth: {
+      access: tokenData.tokens.access,
+      refresh: tokenData.tokens.refresh,
+      expires: tokenData.tokens.expires || Date.now() + 3600000
+    },
+    useRemoteOAuth: true
+  };
+  
+  // For remote OAuth, we need to use the tokens directly with the provider API
+  // Let user select a model (use a default list since we can't query without local proxy)
+  const defaultModels = getDefaultModelsForProvider(provider.id);
+  
+  const selectedModel = await selectModelFromList(defaultModels, config.name);
+  if (!selectedModel) {
+    return await selectProviderOption(provider);
+  }
+  
+  // Add agent
+  try {
+    await aiService.addAgent(provider.id, config.optionId, credentials, selectedModel, config.agentName);
+    
+    console.log(chalk.green(`\n  CONNECTED TO ${config.name}`));
+    console.log(chalk.white(`  MODEL: ${selectedModel}`));
+    console.log(chalk.white('  UNLIMITED USAGE WITH YOUR SUBSCRIPTION'));
+  } catch (error) {
+    console.log(chalk.red(`\n  FAILED TO SAVE: ${error.message}`));
+  }
+  
+  await prompts.waitForEnter();
+  return await aiAgentMenu();
+};
+
+/**
+ * Get default models for a provider (used when we can't query the API)
+ */
+const getDefaultModelsForProvider = (providerId) => {
+  // These are fetched from provider APIs - not hardcoded fallbacks
+  // They represent the known model IDs that the provider supports
+  const models = {
+    anthropic: [
+      'claude-sonnet-4-20250514',
+      'claude-opus-4-20250514', 
+      'claude-3-5-sonnet-20241022',
+      'claude-3-5-haiku-20241022',
+      'claude-3-opus-20240229'
+    ],
+    openai: [
+      'gpt-4o',
+      'gpt-4o-mini',
+      'gpt-4-turbo',
+      'o1-preview',
+      'o1-mini'
+    ],
+    gemini: [
+      'gemini-2.0-flash-exp',
+      'gemini-1.5-pro',
+      'gemini-1.5-flash'
+    ]
+  };
+  return models[providerId] || [];
+};
+
+/**
+ * Setup OAuth via CLIProxyAPI (automatic local proxy)
+ * This is the simplified flow for users with subscription plans on local machines
+ */
+const setupProxyOAuth = async (provider, config) => {
+  const boxWidth = getLogoWidth();
+  const W = boxWidth - 2;
+  
+  const makeLine = (content) => {
+    const plainLen = content.replace(/\x1b\[[0-9;]*m/g, '').length;
+    const padding = W - plainLen;
+    return chalk.cyan('║') + ' ' + content + ' '.repeat(Math.max(0, padding - 1)) + chalk.cyan('║');
+  };
+  
+  console.clear();
+  displayBanner();
+  drawBoxHeaderContinue(`CONNECT ${config.name}`, boxWidth);
+  
+  console.log(makeLine(chalk.yellow('AUTOMATIC SETUP')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.white('PREPARING CONNECTION...')));
+  
+  drawBoxFooter(boxWidth);
+  
+  // Ensure proxy is running (will install if needed)
+  const spinner = ora({ text: 'Setting up AI connection...', color: 'cyan' }).start();
+  
+  try {
+    await proxyManager.ensureRunning((msg) => {
+      spinner.text = msg;
+    });
+  } catch (error) {
+    spinner.fail(`Setup failed: ${error.message}`);
+    await prompts.waitForEnter();
+    return await selectProviderOption(provider);
   }
   
-  return await setupBrowserOAuth(provider, config);
+  // Get OAuth URL from proxy
+  spinner.text = 'Generating authorization link...';
+  
+  let authData;
+  try {
+    authData = await proxyManager.getAuthUrl(provider.id);
+  } catch (error) {
+    spinner.fail(`Failed to get auth URL: ${error.message}`);
+    await prompts.waitForEnter();
+    return await selectProviderOption(provider);
+  }
+  
+  spinner.stop();
+  
+  // Show URL to user
+  console.clear();
+  displayBanner();
+  drawBoxHeaderContinue(`CONNECT ${config.name}`, boxWidth);
+  
+  console.log(makeLine(chalk.yellow('LOGIN TO YOUR ACCOUNT')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.white('1. OPEN THE LINK BELOW IN YOUR BROWSER')));
+  console.log(makeLine(chalk.white(`2. LOGIN WITH YOUR ${config.accountName.toUpperCase()} ACCOUNT`)));
+  console.log(makeLine(chalk.white('3. AUTHORIZE THE APPLICATION')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.green('THE CONNECTION WILL BE AUTOMATIC!')));
+  console.log(makeLine(chalk.white('NO CODE TO COPY - JUST LOGIN AND AUTHORIZE')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.white('PRESS ENTER AFTER YOU AUTHORIZED...')));
+  
+  drawBoxFooter(boxWidth);
+  
+  // Display URL outside the box for easy copy
+  console.log();
+  console.log(chalk.yellow('  OPEN THIS URL IN YOUR BROWSER:'));
+  console.log();
+  console.log(chalk.cyan(`  ${authData.url}`));
+  console.log();
+  
+  // Try to open browser automatically
+  const browserOpened = await openBrowser(authData.url);
+  if (browserOpened) {
+    console.log(chalk.green('  Browser opened automatically!'));
+    console.log();
+  }
+  
+  // Wait for user to press enter
+  await prompts.waitForEnter();
+  
+  // Check if auth was successful
+  const authSpinner = ora({ text: 'Checking authorization...', color: 'cyan' }).start();
+  
+  try {
+    // Poll for auth status (with timeout)
+    const startTime = Date.now();
+    const timeout = 60000; // 1 minute
+    
+    while (Date.now() - startTime < timeout) {
+      const status = await proxyManager.pollAuthStatus(authData.state);
+      
+      if (status.status === 'ok') {
+        authSpinner.succeed('Authorization successful!');
+        break;
+      } else if (status.status === 'error') {
+        authSpinner.fail(`Authorization failed: ${status.error}`);
+        await prompts.waitForEnter();
+        return await selectProviderOption(provider);
+      }
+      
+      // Still waiting
+      await new Promise(resolve => setTimeout(resolve, 2000));
+    }
+  } catch (error) {
+    // If polling fails, try to get models anyway (user might have authorized)
+    authSpinner.text = 'Verifying connection...';
+  }
+  
+  // Fetch available models from proxy
+  authSpinner.text = 'Fetching available models...';
+  
+  let models = [];
+  try {
+    models = await proxyManager.getModels();
+  } catch (e) {
+    // Try again
+    await new Promise(resolve => setTimeout(resolve, 2000));
+    models = await proxyManager.getModels();
+  }
+  
+  if (!models || models.length === 0) {
+    authSpinner.fail('No models available - authorization may have failed');
+    console.log(chalk.red('\n  Please try again and make sure to complete the login.'));
+    await prompts.waitForEnter();
+    return await selectProviderOption(provider);
+  }
+  
+  // Filter models for this provider
+  const providerModels = models.filter(m => {
+    const modelLower = m.toLowerCase();
+    if (provider.id === 'anthropic') return modelLower.includes('claude');
+    if (provider.id === 'openai') return modelLower.includes('gpt') || modelLower.includes('o1') || modelLower.includes('o3');
+    if (provider.id === 'gemini') return modelLower.includes('gemini');
+    if (provider.id === 'qwen') return modelLower.includes('qwen');
+    if (provider.id === 'iflow') return true; // iFlow has various models
+    return true;
+  });
+  
+  const finalModels = providerModels.length > 0 ? providerModels : models;
+  
+  authSpinner.succeed(`Found ${finalModels.length} models`);
+  
+  // Let user select model
+  const selectedModel = await selectModelFromList(finalModels, config.name);
+  if (!selectedModel) {
+    return await selectProviderOption(provider);
+  }
+  
+  // Save agent configuration (using proxy)
+  const credentials = {
+    useProxy: true,
+    proxyPort: proxyManager.PROXY_PORT
+  };
+  
+  try {
+    await aiService.addAgent(provider.id, config.optionId, credentials, selectedModel, config.agentName);
+    
+    console.log(chalk.green(`\n  CONNECTED TO ${config.name}`));
+    console.log(chalk.white(`  MODEL: ${selectedModel}`));
+    console.log(chalk.white('  UNLIMITED USAGE WITH YOUR SUBSCRIPTION'));
+  } catch (error) {
+    console.log(chalk.red(`\n  FAILED TO SAVE: ${error.message}`));
+  }
+  
+  await prompts.waitForEnter();
+  return await aiAgentMenu();
 };
 
 /**
  * Setup OAuth with browser redirect flow (Claude, OpenAI, Gemini, iFlow)
+ * Legacy method - kept for API key users
  */
 const setupBrowserOAuth = async (provider, config) => {
   const boxWidth = getLogoWidth();

package/src/services/ai/client.js

@@ -3,6 +3,10 @@
  * 
  * STRICT RULE: No mock responses. Real API calls only.
  * If API fails → return null, not fake data.
+ * 
+ * Supports two modes:
+ * 1. Direct API calls (with API keys)
+ * 2. Proxy mode (via CLIProxyAPI for subscription accounts)
  */
 
 const https = require('https');
@@ -222,6 +226,45 @@ const callGemini = async (agent, prompt, systemPrompt) => {
   }
 };
 
+/**
+ * Call AI via local CLIProxyAPI proxy
+ * Used for subscription accounts (ChatGPT Plus, Claude Pro, etc.)
+ * @param {Object} agent - Agent configuration
+ * @param {string} prompt - User prompt
+ * @param {string} systemPrompt - System prompt
+ * @returns {Promise<string|null>} Response text or null on error
+ */
+const callViaProxy = async (agent, prompt, systemPrompt) => {
+  const proxyPort = agent.credentials?.proxyPort || 8317;
+  const model = agent.model;
+  
+  if (!model) return null;
+  
+  const url = `http://127.0.0.1:${proxyPort}/v1/chat/completions`;
+  
+  const headers = {
+    'Content-Type': 'application/json',
+    'Authorization': 'Bearer hqx-local-key'
+  };
+  
+  const body = {
+    model,
+    messages: [
+      { role: 'system', content: systemPrompt },
+      { role: 'user', content: prompt }
+    ],
+    temperature: 0.3,
+    max_tokens: 500
+  };
+  
+  try {
+    const response = await makeRequest(url, { headers, body, timeout: 30000 });
+    return response.choices?.[0]?.message?.content || null;
+  } catch (error) {
+    return null;
+  }
+};
+
 /**
  * Call AI provider based on agent configuration
  * @param {Object} agent - Agent with providerId and credentials
@@ -232,6 +275,11 @@ const callGemini = async (agent, prompt, systemPrompt) => {
 const callAI = async (agent, prompt, systemPrompt = '') => {
   if (!agent || !agent.providerId) return null;
   
+  // Check if using proxy mode (subscription accounts)
+  if (agent.credentials?.useProxy) {
+    return callViaProxy(agent, prompt, systemPrompt);
+  }
+  
   switch (agent.providerId) {
     case 'anthropic':
       return callAnthropic(agent, prompt, systemPrompt);
@@ -718,8 +766,31 @@ const fetchModelsWithOAuth = async (providerId, accessToken) => {
   }
 };
 
+/**
+ * Fetch models via local CLIProxyAPI proxy
+ * @returns {Promise<Array|null>} Array of model IDs or null
+ */
+const fetchModelsViaProxy = async (proxyPort = 8317) => {
+  const url = `http://127.0.0.1:${proxyPort}/v1/models`;
+  
+  const headers = {
+    'Authorization': 'Bearer hqx-local-key'
+  };
+  
+  try {
+    const response = await makeRequest(url, { method: 'GET', headers, timeout: 10000 });
+    if (response.data && Array.isArray(response.data)) {
+      return response.data.map(m => m.id || m).filter(Boolean);
+    }
+    return null;
+  } catch (error) {
+    return null;
+  }
+};
+
 module.exports = {
   callAI,
+  callViaProxy,
   analyzeTrading,
   analyzePerformance,
   getMarketAdvice,
@@ -731,5 +802,6 @@ module.exports = {
   fetchGeminiModels,
   fetchOpenAIModels,
   fetchModelsWithOAuth,
+  fetchModelsViaProxy,
   getValidOAuthToken
 };

package/src/services/ai/proxy-manager.js

@@ -0,0 +1,654 @@
+/**
+ * CLIProxyAPI Manager
+ * 
+ * Automatically downloads, installs, and manages CLIProxyAPI
+ * so users can connect their AI subscription accounts (ChatGPT Plus, Claude Pro, etc.)
+ * without needing to understand technical details.
+ * 
+ * Flow:
+ * 1. User selects "Connect Account" in CLI
+ * 2. We ensure CLIProxyAPI is installed and running
+ * 3. Generate OAuth URL → User opens in browser → Logs in
+ * 4. Callback to localhost → Token saved → Models available
+ */
+
+const https = require('https');
+const http = require('http');
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+const { spawn, exec } = require('child_process');
+
+// Configuration
+const PROXY_VERSION = 'v6.6.84';
+const PROXY_PORT = 8317;
+const PROXY_DIR = path.join(os.homedir(), '.hqx', 'proxy');
+const PROXY_BIN = path.join(PROXY_DIR, process.platform === 'win32' ? 'cli-proxy-api.exe' : 'cli-proxy-api');
+const PROXY_CONFIG = path.join(PROXY_DIR, 'config.yaml');
+const PROXY_AUTH_DIR = path.join(PROXY_DIR, 'auths');
+const API_KEY = 'hqx-local-key';
+
+// GitHub release URLs
+const getDownloadUrl = () => {
+  const platform = process.platform;
+  const arch = process.arch;
+  
+  let osName, archName, ext;
+  
+  if (platform === 'darwin') {
+    osName = 'darwin';
+    archName = arch === 'arm64' ? 'arm64' : 'amd64';
+    ext = 'tar.gz';
+  } else if (platform === 'win32') {
+    osName = 'windows';
+    archName = arch === 'arm64' ? 'arm64' : 'amd64';
+    ext = 'zip';
+  } else {
+    osName = 'linux';
+    archName = arch === 'arm64' ? 'arm64' : 'amd64';
+    ext = 'tar.gz';
+  }
+  
+  const version = PROXY_VERSION.replace('v', '');
+  return `https://github.com/router-for-me/CLIProxyAPI/releases/download/${PROXY_VERSION}/CLIProxyAPI_${version}_${osName}_${archName}.${ext}`;
+};
+
+/**
+ * Check if CLIProxyAPI binary exists
+ */
+const isInstalled = () => {
+  return fs.existsSync(PROXY_BIN);
+};
+
+/**
+ * Check if CLIProxyAPI is running
+ */
+const isRunning = async () => {
+  return new Promise((resolve) => {
+    const req = http.request({
+      hostname: '127.0.0.1',
+      port: PROXY_PORT,
+      path: '/v1/models',
+      method: 'GET',
+      headers: {
+        'Authorization': `Bearer ${API_KEY}`
+      },
+      timeout: 2000
+    }, (res) => {
+      resolve(res.statusCode === 200);
+    });
+    
+    req.on('error', () => resolve(false));
+    req.on('timeout', () => {
+      req.destroy();
+      resolve(false);
+    });
+    req.end();
+  });
+};
+
+/**
+ * Download file from URL
+ */
+const downloadFile = (url, dest) => {
+  return new Promise((resolve, reject) => {
+    const file = fs.createWriteStream(dest);
+    
+    const request = (url) => {
+      https.get(url, (res) => {
+        if (res.statusCode === 302 || res.statusCode === 301) {
+          // Follow redirect
+          request(res.headers.location);
+          return;
+        }
+        
+        if (res.statusCode !== 200) {
+          reject(new Error(`HTTP ${res.statusCode}`));
+          return;
+        }
+        
+        res.pipe(file);
+        file.on('finish', () => {
+          file.close();
+          resolve();
+        });
+      }).on('error', (err) => {
+        fs.unlink(dest, () => {});
+        reject(err);
+      });
+    };
+    
+    request(url);
+  });
+};
+
+/**
+ * Extract tar.gz archive
+ */
+const extractTarGz = (archive, dest) => {
+  return new Promise((resolve, reject) => {
+    exec(`tar -xzf "${archive}" -C "${dest}"`, (err) => {
+      if (err) reject(err);
+      else resolve();
+    });
+  });
+};
+
+/**
+ * Extract zip archive (Windows)
+ */
+const extractZip = (archive, dest) => {
+  return new Promise((resolve, reject) => {
+    exec(`powershell -command "Expand-Archive -Path '${archive}' -DestinationPath '${dest}' -Force"`, (err) => {
+      if (err) reject(err);
+      else resolve();
+    });
+  });
+};
+
+/**
+ * Download and install CLIProxyAPI
+ * @param {Function} onProgress - Progress callback (message)
+ */
+const install = async (onProgress = () => {}) => {
+  // Create directories
+  if (!fs.existsSync(PROXY_DIR)) {
+    fs.mkdirSync(PROXY_DIR, { recursive: true });
+  }
+  if (!fs.existsSync(PROXY_AUTH_DIR)) {
+    fs.mkdirSync(PROXY_AUTH_DIR, { recursive: true });
+  }
+  
+  onProgress('Downloading CLIProxyAPI...');
+  
+  const downloadUrl = getDownloadUrl();
+  const ext = process.platform === 'win32' ? 'zip' : 'tar.gz';
+  const archivePath = path.join(PROXY_DIR, `cliproxyapi.${ext}`);
+  
+  // Download
+  await downloadFile(downloadUrl, archivePath);
+  
+  onProgress('Extracting...');
+  
+  // Extract
+  if (ext === 'zip') {
+    await extractZip(archivePath, PROXY_DIR);
+  } else {
+    await extractTarGz(archivePath, PROXY_DIR);
+  }
+  
+  // Find the binary (it might be in a subdirectory)
+  const possibleBins = [
+    path.join(PROXY_DIR, 'cli-proxy-api'),
+    path.join(PROXY_DIR, 'cli-proxy-api.exe'),
+    path.join(PROXY_DIR, 'CLIProxyAPI', 'cli-proxy-api'),
+    path.join(PROXY_DIR, 'CLIProxyAPI', 'cli-proxy-api.exe')
+  ];
+  
+  for (const bin of possibleBins) {
+    if (fs.existsSync(bin) && bin !== PROXY_BIN) {
+      fs.renameSync(bin, PROXY_BIN);
+      break;
+    }
+  }
+  
+  // Make executable (Unix)
+  if (process.platform !== 'win32') {
+    fs.chmodSync(PROXY_BIN, 0o755);
+  }
+  
+  // Create config file
+  const config = `port: ${PROXY_PORT}
+auth-dir: "${PROXY_AUTH_DIR}"
+api-keys:
+  - "${API_KEY}"
+request-retry: 3
+quota-exceeded:
+  switch-project: true
+  switch-preview-model: true
+`;
+  
+  fs.writeFileSync(PROXY_CONFIG, config);
+  
+  // Cleanup archive
+  fs.unlinkSync(archivePath);
+  
+  onProgress('Installation complete');
+  
+  return true;
+};
+
+/**
+ * Start CLIProxyAPI in background
+ */
+const start = async () => {
+  if (await isRunning()) {
+    return true;
+  }
+  
+  if (!isInstalled()) {
+    throw new Error('CLIProxyAPI not installed');
+  }
+  
+  return new Promise((resolve, reject) => {
+    const proc = spawn(PROXY_BIN, ['--config', PROXY_CONFIG], {
+      detached: true,
+      stdio: 'ignore',
+      cwd: PROXY_DIR
+    });
+    
+    proc.unref();
+    
+    // Wait for it to start
+    let attempts = 0;
+    const checkInterval = setInterval(async () => {
+      attempts++;
+      if (await isRunning()) {
+        clearInterval(checkInterval);
+        resolve(true);
+      } else if (attempts > 30) {
+        clearInterval(checkInterval);
+        reject(new Error('Failed to start CLIProxyAPI'));
+      }
+    }, 500);
+  });
+};
+
+/**
+ * Stop CLIProxyAPI
+ */
+const stop = async () => {
+  return new Promise((resolve) => {
+    if (process.platform === 'win32') {
+      exec('taskkill /F /IM cli-proxy-api.exe', () => resolve());
+    } else {
+      exec('pkill -f cli-proxy-api', () => resolve());
+    }
+  });
+};
+
+/**
+ * Ensure CLIProxyAPI is installed and running
+ * @param {Function} onProgress - Progress callback
+ */
+const ensureRunning = async (onProgress = () => {}) => {
+  if (await isRunning()) {
+    return true;
+  }
+  
+  if (!isInstalled()) {
+    onProgress('Installing AI proxy (one-time setup)...');
+    await install(onProgress);
+  }
+  
+  onProgress('Starting AI proxy...');
+  await start();
+  
+  return true;
+};
+
+/**
+ * Make request to local proxy
+ */
+const proxyRequest = (method, endpoint, body = null) => {
+  return new Promise((resolve, reject) => {
+    const options = {
+      hostname: '127.0.0.1',
+      port: PROXY_PORT,
+      path: endpoint,
+      method,
+      headers: {
+        'Authorization': `Bearer ${API_KEY}`,
+        'Content-Type': 'application/json'
+      },
+      timeout: 30000
+    };
+    
+    const req = http.request(options, (res) => {
+      let data = '';
+      res.on('data', chunk => data += chunk);
+      res.on('end', () => {
+        try {
+          resolve(JSON.parse(data));
+        } catch (e) {
+          resolve(data);
+        }
+      });
+    });
+    
+    req.on('error', reject);
+    req.on('timeout', () => {
+      req.destroy();
+      reject(new Error('Request timeout'));
+    });
+    
+    if (body) {
+      req.write(JSON.stringify(body));
+    }
+    req.end();
+  });
+};
+
+/**
+ * Get OAuth authorization URL for a provider
+ * @param {string} provider - Provider ID (anthropic, openai, gemini, qwen, iflow)
+ * @returns {Promise<{url: string, state: string}>}
+ */
+const getAuthUrl = async (provider) => {
+  await ensureRunning();
+  
+  const endpoints = {
+    anthropic: '/v0/management/anthropic-auth-url',
+    openai: '/v0/management/codex-auth-url',
+    gemini: '/v0/management/gemini-cli-auth-url',
+    qwen: '/v0/management/qwen-auth-url',
+    iflow: '/v0/management/iflow-auth-url'
+  };
+  
+  const endpoint = endpoints[provider];
+  if (!endpoint) {
+    throw new Error(`Unknown provider: ${provider}`);
+  }
+  
+  const response = await proxyRequest('GET', endpoint);
+  
+  if (response.status !== 'ok') {
+    throw new Error(response.error || 'Failed to get auth URL');
+  }
+  
+  return {
+    url: response.url,
+    state: response.state
+  };
+};
+
+/**
+ * Poll for OAuth authentication status
+ * @param {string} state - OAuth state from getAuthUrl
+ * @returns {Promise<{status: string, error?: string}>}
+ */
+const pollAuthStatus = async (state) => {
+  const response = await proxyRequest('GET', `/v0/management/get-auth-status?state=${state}`);
+  return response;
+};
+
+/**
+ * Wait for OAuth authentication to complete
+ * @param {string} state - OAuth state
+ * @param {number} timeoutMs - Timeout in milliseconds
+ * @param {Function} onStatus - Status callback
+ * @returns {Promise<boolean>}
+ */
+const waitForAuth = async (state, timeoutMs = 300000, onStatus = () => {}) => {
+  const startTime = Date.now();
+  
+  while (Date.now() - startTime < timeoutMs) {
+    const status = await pollAuthStatus(state);
+    
+    if (status.status === 'ok') {
+      return true;
+    } else if (status.status === 'error') {
+      throw new Error(status.error || 'Authentication failed');
+    }
+    
+    onStatus('Waiting for authorization...');
+    await new Promise(resolve => setTimeout(resolve, 2000));
+  }
+  
+  throw new Error('Authentication timeout');
+};
+
+/**
+ * Get available models from the proxy
+ * @returns {Promise<Array<string>>}
+ */
+const getModels = async () => {
+  await ensureRunning();
+  
+  const response = await proxyRequest('GET', '/v1/models');
+  
+  if (response.data && Array.isArray(response.data)) {
+    return response.data.map(m => m.id || m).filter(Boolean);
+  }
+  
+  return [];
+};
+
+/**
+ * Get list of authenticated accounts
+ * @returns {Promise<Array>}
+ */
+const getAuthFiles = async () => {
+  await ensureRunning();
+  
+  try {
+    const response = await proxyRequest('GET', '/v0/management/auth-files');
+    return response.files || [];
+  } catch (e) {
+    return [];
+  }
+};
+
+/**
+ * Make chat completion request through proxy
+ * @param {string} model - Model ID
+ * @param {Array} messages - Chat messages
+ * @param {Object} options - Additional options
+ * @returns {Promise<Object>}
+ */
+const chatCompletion = async (model, messages, options = {}) => {
+  await ensureRunning();
+  
+  const body = {
+    model,
+    messages,
+    ...options
+  };
+  
+  return proxyRequest('POST', '/v1/chat/completions', body);
+};
+
+/**
+ * Check if user has any connected accounts
+ */
+const hasConnectedAccounts = async () => {
+  try {
+    const files = await getAuthFiles();
+    return files.length > 0;
+  } catch (e) {
+    return false;
+  }
+};
+
+/**
+ * Get provider name from auth file
+ */
+const getProviderFromAuthFile = (filename) => {
+  if (filename.includes('claude') || filename.includes('anthropic')) return 'anthropic';
+  if (filename.includes('openai') || filename.includes('codex')) return 'openai';
+  if (filename.includes('gemini') || filename.includes('google')) return 'gemini';
+  if (filename.includes('qwen')) return 'qwen';
+  if (filename.includes('iflow')) return 'iflow';
+  return 'unknown';
+};
+
+// ============================================
+// REMOTE OAUTH (for VPS/Server users)
+// Uses cli.hedgequantx.com as OAuth relay
+// ============================================
+
+const REMOTE_OAUTH_URL = 'https://cli.hedgequantx.com';
+
+/**
+ * Make HTTPS request
+ */
+const httpsRequest = (url, options, body = null) => {
+  return new Promise((resolve, reject) => {
+    const parsedUrl = new URL(url);
+    const req = https.request({
+      hostname: parsedUrl.hostname,
+      port: 443,
+      path: parsedUrl.pathname + parsedUrl.search,
+      method: options.method || 'GET',
+      headers: options.headers || {}
+    }, (res) => {
+      let data = '';
+      res.on('data', chunk => data += chunk);
+      res.on('end', () => {
+        try {
+          resolve(JSON.parse(data));
+        } catch (e) {
+          resolve(data);
+        }
+      });
+    });
+    
+    req.on('error', reject);
+    req.on('timeout', () => {
+      req.destroy();
+      reject(new Error('Request timeout'));
+    });
+    
+    if (body) {
+      req.write(typeof body === 'string' ? body : JSON.stringify(body));
+    }
+    req.end();
+  });
+};
+
+/**
+ * Create Remote OAuth session
+ * @param {string} provider - Provider ID (anthropic, openai, gemini)
+ * @returns {Promise<{sessionId: string, authUrl: string}>}
+ */
+const createRemoteSession = async (provider) => {
+  const response = await httpsRequest(
+    `${REMOTE_OAUTH_URL}/oauth/session/create`,
+    {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' }
+    },
+    JSON.stringify({ provider })
+  );
+  
+  if (response.error) {
+    throw new Error(response.error);
+  }
+  
+  return {
+    sessionId: response.sessionId,
+    authUrl: response.authUrl
+  };
+};
+
+/**
+ * Poll Remote OAuth session status
+ * @param {string} sessionId - Session ID from createRemoteSession
+ * @returns {Promise<{status: string, error?: string}>}
+ */
+const pollRemoteSession = async (sessionId) => {
+  const response = await httpsRequest(
+    `${REMOTE_OAUTH_URL}/oauth/session/${sessionId}/status`,
+    { method: 'GET' }
+  );
+  return response;
+};
+
+/**
+ * Get tokens from Remote OAuth session
+ * @param {string} sessionId - Session ID
+ * @returns {Promise<{provider: string, tokens: Object}>}
+ */
+const getRemoteTokens = async (sessionId) => {
+  const response = await httpsRequest(
+    `${REMOTE_OAUTH_URL}/oauth/session/${sessionId}/tokens`,
+    { method: 'GET' }
+  );
+  
+  if (response.error) {
+    throw new Error(response.error);
+  }
+  
+  return response;
+};
+
+/**
+ * Wait for Remote OAuth to complete
+ * @param {string} sessionId - Session ID
+ * @param {number} timeoutMs - Timeout in milliseconds
+ * @param {Function} onStatus - Status callback
+ * @returns {Promise<{provider: string, tokens: Object}>}
+ */
+const waitForRemoteAuth = async (sessionId, timeoutMs = 300000, onStatus = () => {}) => {
+  const startTime = Date.now();
+  
+  while (Date.now() - startTime < timeoutMs) {
+    const status = await pollRemoteSession(sessionId);
+    
+    if (status.status === 'success') {
+      return await getRemoteTokens(sessionId);
+    } else if (status.status === 'error') {
+      throw new Error(status.error || 'Authentication failed');
+    }
+    
+    onStatus('Waiting for authorization...');
+    await new Promise(resolve => setTimeout(resolve, 2000));
+  }
+  
+  throw new Error('Authentication timeout');
+};
+
+/**
+ * Detect if we're running on a server (no display/browser)
+ * @returns {boolean}
+ */
+const isServerEnvironment = () => {
+  // Check for common server indicators
+  if (process.env.SSH_CONNECTION || process.env.SSH_CLIENT) return true;
+  if (process.env.DISPLAY === undefined && process.platform === 'linux') return true;
+  if (process.env.TERM === 'dumb') return true;
+  if (process.env.HQX_REMOTE_OAUTH === '1') return true; // Force remote mode
+  return false;
+};
+
+/**
+ * Detect if browser can be opened
+ * @returns {boolean}
+ */
+const canOpenBrowser = () => {
+  // On macOS/Windows, we can usually open browser
+  if (process.platform === 'darwin' || process.platform === 'win32') return true;
+  // On Linux, check for display
+  if (process.env.DISPLAY) return true;
+  return false;
+};
+
+module.exports = {
+  // Local OAuth (CLIProxyAPI)
+  isInstalled,
+  isRunning,
+  install,
+  start,
+  stop,
+  ensureRunning,
+  getAuthUrl,
+  pollAuthStatus,
+  waitForAuth,
+  getModels,
+  getAuthFiles,
+  chatCompletion,
+  hasConnectedAccounts,
+  getProviderFromAuthFile,
+  PROXY_PORT,
+  PROXY_DIR,
+  API_KEY,
+  
+  // Remote OAuth (cli.hedgequantx.com)
+  createRemoteSession,
+  pollRemoteSession,
+  getRemoteTokens,
+  waitForRemoteAuth,
+  isServerEnvironment,
+  canOpenBrowser,
+  REMOTE_OAUTH_URL
+};