hermes-web-ui 0.3.1 → 0.3.3

package/dist/client/assets/{sessions-1rFjfO8M.js → sessions-SzjWXR9A.js}

@@ -1 +1 @@
-import{o as e}from"./router-Zpu1Tghg.js";async function t(t,n){let r=new URLSearchParams;t&&r.set(`source`,t),n&&r.set(`limit`,String(n));let i=r.toString();return(await e(`/api/hermes/sessions${i?`?${i}`:``}`)).sessions}async function n(t){try{return(await e(`/api/hermes/sessions/${t}`)).session}catch{return null}}async function r(t){try{return await e(`/api/hermes/sessions/${t}`,{method:`DELETE`}),!0}catch{return!1}}async function i(t,n){try{return await e(`/api/hermes/sessions/${t}/rename`,{method:`POST`,body:JSON.stringify({title:n})}),!0}catch{return!1}}export{i,n,t as r,r as t};
+import{o as e}from"./router-0X4x3p8e.js";async function t(t,n){let r=new URLSearchParams;t&&r.set(`source`,t),n&&r.set(`limit`,String(n));let i=r.toString();return(await e(`/api/hermes/sessions${i?`?${i}`:``}`)).sessions}async function n(t){try{return(await e(`/api/hermes/sessions/${t}`)).session}catch{return null}}async function r(t){try{return await e(`/api/hermes/sessions/${t}`,{method:`DELETE`}),!0}catch{return!1}}async function i(t,n){try{return await e(`/api/hermes/sessions/${t}/rename`,{method:`POST`,body:JSON.stringify({title:n})}),!0}catch{return!1}}export{i,n,t as r,r as t};

package/dist/client/assets/{skills-Bu5JdqX-.js → skills-CsjvGVsY.js}

@@ -1 +1 @@
-import{o as e}from"./router-Zpu1Tghg.js";async function t(){return(await e(`/api/hermes/skills`)).categories}async function n(t){return(await e(`/api/hermes/skills/${t}`)).content}async function r(t,n){return(await e(`/api/hermes/skills/${t}/${n}/files`)).files}async function i(){return e(`/api/hermes/memory`)}async function a(t,n){await e(`/api/hermes/memory`,{method:`POST`,body:JSON.stringify({section:t,content:n})})}async function o(t,n){await e(`/api/hermes/skills/toggle`,{method:`PUT`,body:JSON.stringify({name:t,enabled:n})})}export{a,t as i,n,o,r,i as t};
+import{o as e}from"./router-0X4x3p8e.js";async function t(){return(await e(`/api/hermes/skills`)).categories}async function n(t){return(await e(`/api/hermes/skills/${t}`)).content}async function r(t,n){return(await e(`/api/hermes/skills/${t}/${n}/files`)).files}async function i(){return e(`/api/hermes/memory`)}async function a(t,n){await e(`/api/hermes/memory`,{method:`POST`,body:JSON.stringify({section:t,content:n})})}async function o(t,n){await e(`/api/hermes/skills/toggle`,{method:`PUT`,body:JSON.stringify({name:t,enabled:n})})}export{a,t as i,n,o,r,i as t};

package/dist/client/assets/use-compitable-DY4l-k3U.js

@@ -0,0 +1 @@
+import{C as e}from"./router-0X4x3p8e.js";function t(t,n){return e(()=>{for(let e of n)if(t[e]!==void 0)return t[e];return t[n[n.length-1]]})}export{t};

package/dist/client/assets/{use-message-CFWjMwGX.js → use-message-4kASja7X.js}

@@ -1 +1 @@
-import{F as e}from"./router-Zpu1Tghg.js";import{$ as t,Y as n}from"./browser-BanYmQkE.js";var r=t(`n-message-api`),i=t(`n-message-provider`);function a(){let t=e(r,null);return t===null&&n(`use-message`,"No outer <n-message-provider /> founded. See prerequisite in https://www.naiveui.com/en-US/os-theme/components/message for more details. If you want to use `useMessage` outside setup, please check https://www.naiveui.com/zh-CN/os-theme/components/message#Q-&-A."),t}export{r as n,i as r,a as t};
+import{F as e}from"./router-0X4x3p8e.js";import{$ as t,Y as n}from"./browser-BfJIjfY3.js";var r=t(`n-message-api`),i=t(`n-message-provider`);function a(){let t=e(r,null);return t===null&&n(`use-message`,"No outer <n-message-provider /> founded. See prerequisite in https://www.naiveui.com/en-US/os-theme/components/message for more details. If you want to use `useMessage` outside setup, please check https://www.naiveui.com/zh-CN/os-theme/components/message#Q-&-A."),t}export{r as n,i as r,a as t};

package/dist/client/assets/{useTheme-CHkzsMnk.js → useTheme-Dh7NTo_V.js}

@@ -1 +1 @@
-import{X as e,ct as t}from"./router-Zpu1Tghg.js";var n=`hermes_theme`,r=t(localStorage.getItem(n)||`system`),i=t(!1);function a(e){i.value=e,document.documentElement.classList.toggle(`dark`,e)}function o(e){return e===`system`?window.matchMedia(`(prefers-color-scheme: dark)`).matches:e===`dark`}a(o(r.value)),window.matchMedia(`(prefers-color-scheme: dark)`).addEventListener(`change`,()=>{r.value===`system`&&a(o(`system`))}),e(r,e=>{localStorage.setItem(n,e),a(o(e))});function s(){function e(e){r.value=e}function t(){r.value=i.value?`light`:`dark`}return{mode:r,isDark:i,setMode:e,toggleTheme:t}}export{s as t};
+import{X as e,ct as t}from"./router-0X4x3p8e.js";var n=`hermes_theme`,r=t(localStorage.getItem(n)||`system`),i=t(!1);function a(e){i.value=e,document.documentElement.classList.toggle(`dark`,e)}function o(e){return e===`system`?window.matchMedia(`(prefers-color-scheme: dark)`).matches:e===`dark`}a(o(r.value)),window.matchMedia(`(prefers-color-scheme: dark)`).addEventListener(`change`,()=>{r.value===`system`&&a(o(`system`))}),e(r,e=>{localStorage.setItem(n,e),a(o(e))});function s(){function e(e){r.value=e}function t(){r.value=i.value?`light`:`dark`}return{mode:r,isDark:i,setMode:e,toggleTheme:t}}export{s as t};

package/dist/client/index.html

@@ -6,36 +6,36 @@
   <link rel="icon" type="image/svg+xml" href="/favicon.ico" />
   <meta name="viewport" content="width=device-width, initial-scale=1.0" />
   <title>Hermes</title>
-  <script type="module" crossorigin src="/assets/index-DtDTIaVj.js"></script>
-  <link rel="modulepreload" crossorigin href="/assets/router-Zpu1Tghg.js">
-  <link rel="modulepreload" crossorigin href="/assets/_plugin-vue_export-helper-B4hqCVU_.js">
-  <link rel="modulepreload" crossorigin href="/assets/browser-BanYmQkE.js">
-  <link rel="modulepreload" crossorigin href="/assets/Scrollbar-DZGif2x4.js">
-  <link rel="modulepreload" crossorigin href="/assets/use-compitable-Dl0AqAGv.js">
-  <link rel="modulepreload" crossorigin href="/assets/Popover-BLBLYanQ.js">
-  <link rel="modulepreload" crossorigin href="/assets/Close-ySsuLJTC.js">
-  <link rel="modulepreload" crossorigin href="/assets/Button-BeWnBoDR.js">
-  <link rel="modulepreload" crossorigin href="/assets/Suffix-CIX5CF-j.js">
-  <link rel="modulepreload" crossorigin href="/assets/fade-in-scale-up.cssr-B100njI2.js">
-  <link rel="modulepreload" crossorigin href="/assets/light-B8HxMQKs.js">
+  <script type="module" crossorigin src="/assets/index-XufFb2mL.js"></script>
+  <link rel="modulepreload" crossorigin href="/assets/router-0X4x3p8e.js">
+  <link rel="modulepreload" crossorigin href="/assets/_plugin-vue_export-helper-CcX4e_Is.js">
+  <link rel="modulepreload" crossorigin href="/assets/browser-BfJIjfY3.js">
+  <link rel="modulepreload" crossorigin href="/assets/Scrollbar-zYdleApO.js">
+  <link rel="modulepreload" crossorigin href="/assets/use-compitable-DY4l-k3U.js">
+  <link rel="modulepreload" crossorigin href="/assets/Popover-Dwi5NArH.js">
+  <link rel="modulepreload" crossorigin href="/assets/Close-Dx71Ggz9.js">
+  <link rel="modulepreload" crossorigin href="/assets/Button-Cpfqx5bj.js">
+  <link rel="modulepreload" crossorigin href="/assets/Suffix-jKQO068E.js">
+  <link rel="modulepreload" crossorigin href="/assets/fade-in-scale-up.cssr-e30I2JjN.js">
+  <link rel="modulepreload" crossorigin href="/assets/light-BF--Dz10.js">
   <link rel="modulepreload" crossorigin href="/assets/create-5zWq3BEB.js">
-  <link rel="modulepreload" crossorigin href="/assets/Select-3KS3TLPL.js">
-  <link rel="modulepreload" crossorigin href="/assets/Warning-BZfjWCrB.js">
-  <link rel="modulepreload" crossorigin href="/assets/Modal-D_vF9k8c.js">
-  <link rel="modulepreload" crossorigin href="/assets/pinia-DEKB7D30.js">
-  <link rel="modulepreload" crossorigin href="/assets/profiles-BSAOLUpt.js">
+  <link rel="modulepreload" crossorigin href="/assets/Select-0jFWg4Lf.js">
+  <link rel="modulepreload" crossorigin href="/assets/Warning-BPlnDrmx.js">
+  <link rel="modulepreload" crossorigin href="/assets/Modal-fhZL63EZ.js">
+  <link rel="modulepreload" crossorigin href="/assets/pinia-D2g49IcO.js">
+  <link rel="modulepreload" crossorigin href="/assets/profiles-DbCu_blp.js">
   <link rel="modulepreload" crossorigin href="/assets/omit-1BRB6K75.js">
-  <link rel="modulepreload" crossorigin href="/assets/sessions-1rFjfO8M.js">
-  <link rel="modulepreload" crossorigin href="/assets/app-DG_zFxqi.js">
-  <link rel="modulepreload" crossorigin href="/assets/chat-C6pq-bYQ.js">
-  <link rel="modulepreload" crossorigin href="/assets/light-BfPLur6t.js">
-  <link rel="modulepreload" crossorigin href="/assets/light-CeMZM90j.js">
-  <link rel="modulepreload" crossorigin href="/assets/use-message-CFWjMwGX.js">
-  <link rel="modulepreload" crossorigin href="/assets/light-Dav3NshO.js">
+  <link rel="modulepreload" crossorigin href="/assets/sessions-SzjWXR9A.js">
+  <link rel="modulepreload" crossorigin href="/assets/app-CcLe99Xa.js">
+  <link rel="modulepreload" crossorigin href="/assets/chat-CuVG21Hv.js">
+  <link rel="modulepreload" crossorigin href="/assets/light-CDuRPTUd.js">
+  <link rel="modulepreload" crossorigin href="/assets/light-DTBcb4qq.js">
+  <link rel="modulepreload" crossorigin href="/assets/use-message-4kASja7X.js">
+  <link rel="modulepreload" crossorigin href="/assets/light-CCZMDqco.js">
   <link rel="modulepreload" crossorigin href="/assets/_common-DgdkN_d5.js">
-  <link rel="modulepreload" crossorigin href="/assets/light-CDN7aXQb.js">
-  <link rel="modulepreload" crossorigin href="/assets/light-BT2gqEar.js">
-  <link rel="modulepreload" crossorigin href="/assets/useTheme-CHkzsMnk.js">
+  <link rel="modulepreload" crossorigin href="/assets/light-BLbGAFtS.js">
+  <link rel="modulepreload" crossorigin href="/assets/light-BJ4xZyd0.js">
+  <link rel="modulepreload" crossorigin href="/assets/useTheme-Dh7NTo_V.js">
   <link rel="modulepreload" crossorigin href="/assets/logo-Cd-t_oGE.js">
   <link rel="stylesheet" crossorigin href="/assets/index-JeutuTe0.css">
 </head>

package/dist/server/index.js

@@ -49,7 +49,7 @@ const config_1 = require("./config");
 const hermes_1 = require("./routes/hermes");
 const upload_1 = require("./routes/upload");
 const webhook_1 = require("./routes/webhook");
-const hermesCli = __importStar(require("./services/hermes-cli"));
+const hermesCli = __importStar(require("./services/hermes/hermes-cli"));
 const auth_1 = require("./services/auth");
 function getLocalVersion() {
     // production: dist/server → ../../package.json
@@ -241,7 +241,7 @@ function bindShutdown() {
 async function ensureApiServerConfig() {
     const { readFileSync, writeFileSync, existsSync, copyFileSync } = await Promise.resolve().then(() => __importStar(require('fs')));
     const yaml = (await Promise.resolve().then(() => __importStar(require('js-yaml')))).default;
-    const { getActiveConfigPath } = await Promise.resolve().then(() => __importStar(require('./services/hermes-profile')));
+    const { getActiveConfigPath } = await Promise.resolve().then(() => __importStar(require('./services/hermes/hermes-profile')));
     const configPath = getActiveConfigPath();
     const defaults = {
         enabled: true,

package/dist/server/routes/hermes/codex-auth.d.ts

@@ -0,0 +1,2 @@
+import Router from '@koa/router';
+export declare const codexAuthRoutes: Router<import("koa").DefaultState, import("koa").DefaultContext>;

package/dist/server/routes/hermes/codex-auth.js

@@ -0,0 +1,302 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.codexAuthRoutes = void 0;
+const router_1 = __importDefault(require("@koa/router"));
+const crypto_1 = require("crypto");
+const path_1 = require("path");
+const os_1 = require("os");
+const fs_1 = require("fs");
+const hermes_profile_1 = require("../../services/hermes/hermes-profile");
+// --- OAuth Constants ---
+const CODEX_CLIENT_ID = 'app_EMoamEEZ73f0CkXaXp7hrann';
+const CODEX_DEVICE_AUTH_URL = 'https://auth.openai.com/api/accounts/deviceauth/usercode';
+const CODEX_DEVICE_TOKEN_URL = 'https://auth.openai.com/api/accounts/deviceauth/token';
+const CODEX_OAUTH_TOKEN_URL = 'https://auth.openai.com/oauth/token';
+const CODEX_DEFAULT_BASE_URL = 'https://chatgpt.com/backend-api/codex';
+const CODEX_REDIRECT_URI = 'https://auth.openai.com/deviceauth/callback';
+const CODEX_VERIFICATION_URL = 'https://auth.openai.com/codex/device';
+const CODEX_HOME = (0, path_1.join)((0, os_1.homedir)(), '.codex');
+const POLL_MAX_DURATION = 15 * 60 * 1000; // 15 minutes
+const POLL_DEFAULT_INTERVAL = 5000; // 5 seconds
+const sessions = new Map();
+function cleanupExpiredSessions() {
+    const now = Date.now();
+    sessions.forEach((session, id) => {
+        if (now - session.createdAt > POLL_MAX_DURATION + 60000) {
+            sessions.delete(id);
+        }
+    });
+}
+function loadAuthJson(authPath) {
+    try {
+        const raw = (0, fs_1.readFileSync)(authPath, 'utf-8');
+        return JSON.parse(raw);
+    }
+    catch {
+        return { version: 1 };
+    }
+}
+function saveAuthJson(authPath, data) {
+    data.updated_at = new Date().toISOString();
+    const dir = authPath.substring(0, authPath.lastIndexOf('/'));
+    if (!(0, fs_1.existsSync)(dir))
+        (0, fs_1.mkdirSync)(dir, { recursive: true });
+    (0, fs_1.writeFileSync)(authPath, JSON.stringify(data, null, 2) + '\n', { mode: 0o600 });
+}
+function saveCodexCliTokens(accessToken, refreshToken) {
+    const codexHome = process.env.CODEX_HOME || CODEX_HOME;
+    const codexAuthPath = (0, path_1.join)(codexHome, 'auth.json');
+    const dir = codexAuthPath.substring(0, codexAuthPath.lastIndexOf('/'));
+    if (!(0, fs_1.existsSync)(dir))
+        (0, fs_1.mkdirSync)(dir, { recursive: true });
+    const data = {
+        tokens: { access_token: accessToken, refresh_token: refreshToken },
+        last_refresh: new Date().toISOString(),
+    };
+    (0, fs_1.writeFileSync)(codexAuthPath, JSON.stringify(data, null, 2) + '\n', { mode: 0o600 });
+}
+function decodeJwtExp(token) {
+    try {
+        const parts = token.split('.');
+        if (parts.length !== 3)
+            return null;
+        const payload = Buffer.from(parts[1], 'base64url').toString('utf-8');
+        const claims = JSON.parse(payload);
+        return typeof claims.exp === 'number' ? claims.exp : null;
+    }
+    catch {
+        return null;
+    }
+}
+// --- Background login worker ---
+async function codexLoginWorker(session, authPath) {
+    const startTime = Date.now();
+    const interval = POLL_DEFAULT_INTERVAL;
+    while (Date.now() - startTime < POLL_MAX_DURATION) {
+        await new Promise(resolve => setTimeout(resolve, interval));
+        if (session.status !== 'pending')
+            return;
+        try {
+            // Step 3: Poll for authorization
+            const pollRes = await fetch(CODEX_DEVICE_TOKEN_URL, {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/json' },
+                body: JSON.stringify({
+                    device_auth_id: session.deviceAuthId,
+                    user_code: session.userCode,
+                }),
+                signal: AbortSignal.timeout(10000),
+            });
+            if (pollRes.status === 200) {
+                const pollData = await pollRes.json();
+                // Step 4: Exchange authorization code for tokens
+                const tokenRes = await fetch(CODEX_OAUTH_TOKEN_URL, {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+                    body: new URLSearchParams({
+                        grant_type: 'authorization_code',
+                        code: pollData.authorization_code,
+                        redirect_uri: CODEX_REDIRECT_URI,
+                        client_id: CODEX_CLIENT_ID,
+                        code_verifier: pollData.code_verifier,
+                    }).toString(),
+                    signal: AbortSignal.timeout(15000),
+                });
+                if (!tokenRes.ok) {
+                    const errText = await tokenRes.text();
+                    console.error('[Codex Auth] Token exchange failed:', tokenRes.status, errText);
+                    session.status = 'error';
+                    session.error = `Token exchange failed: ${tokenRes.status}`;
+                    return;
+                }
+                const tokenData = await tokenRes.json();
+                const refreshToken = tokenData.refresh_token || '';
+                session.accessToken = tokenData.access_token;
+                session.refreshToken = refreshToken;
+                session.status = 'approved';
+                // Save to auth.json
+                const auth = loadAuthJson(authPath);
+                if (!auth.providers)
+                    auth.providers = {};
+                auth.providers['openai-codex'] = {
+                    tokens: {
+                        access_token: tokenData.access_token,
+                        refresh_token: refreshToken,
+                    },
+                    last_refresh: new Date().toISOString(),
+                    auth_mode: 'chatgpt',
+                };
+                // Add to credential pool
+                if (!auth.credential_pool)
+                    auth.credential_pool = {};
+                auth.credential_pool['openai-codex'] = [{
+                        id: `openai-codex-${Date.now()}`,
+                        label: 'OpenAI Codex',
+                        base_url: CODEX_DEFAULT_BASE_URL,
+                        access_token: tokenData.access_token,
+                        last_status: null,
+                    }];
+                saveAuthJson(authPath, auth);
+                // Save to ~/.codex/auth.json for CLI sync
+                saveCodexCliTokens(tokenData.access_token, refreshToken);
+                console.log('[Codex Auth] Login successful');
+                return;
+            }
+            if (pollRes.status === 403 || pollRes.status === 404) {
+                // Not yet authorized, keep polling
+                continue;
+            }
+            // Other error status
+            console.error('[Codex Auth] Poll failed:', pollRes.status);
+            session.status = 'error';
+            session.error = `Poll failed: ${pollRes.status}`;
+            return;
+        }
+        catch (err) {
+            if (err.name === 'TimeoutError' || err.name === 'AbortError') {
+                continue;
+            }
+            console.error('[Codex Auth] Poll error:', err.message);
+            session.status = 'error';
+            session.error = err.message;
+            return;
+        }
+    }
+    // Timeout
+    session.status = 'expired';
+}
+// --- Routes ---
+exports.codexAuthRoutes = new router_1.default();
+exports.codexAuthRoutes.post('/api/hermes/auth/codex/start', async (ctx) => {
+    try {
+        cleanupExpiredSessions();
+        // Step 1: Request device code
+        const res = await fetch(CODEX_DEVICE_AUTH_URL, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'Accept': 'application/json',
+                'User-Agent': 'node-fetch',
+            },
+            body: JSON.stringify({ client_id: CODEX_CLIENT_ID }),
+            signal: AbortSignal.timeout(10000),
+        });
+        if (!res.ok) {
+            let errorBody = null;
+            try {
+                errorBody = await res.json();
+            }
+            catch { /* ignore */ }
+            console.error(`[codex-auth] Device code request failed: ${res.status}`, errorBody);
+            let errorMessage = `Device code request failed: ${res.status}`;
+            if (errorBody?.error?.code === 'unsupported_country_region_territory') {
+                errorMessage = 'OpenAI does not support your region. You may need to use a proxy or VPN to access Codex.';
+            }
+            ctx.status = 502;
+            ctx.body = { error: errorMessage, code: errorBody?.error?.code };
+            return;
+        }
+        const data = await res.json();
+        const sessionId = (0, crypto_1.randomUUID)();
+        const session = {
+            id: sessionId,
+            userCode: data.user_code,
+            deviceAuthId: data.device_auth_id,
+            status: 'pending',
+            createdAt: Date.now(),
+        };
+        sessions.set(sessionId, session);
+        // Start background worker
+        const authPath = (0, hermes_profile_1.getActiveAuthPath)();
+        codexLoginWorker(session, authPath).catch(err => {
+            console.error('[Codex Auth] Worker error:', err);
+            session.status = 'error';
+            session.error = err.message;
+        });
+        ctx.body = {
+            session_id: sessionId,
+            user_code: data.user_code,
+            verification_url: CODEX_VERIFICATION_URL,
+            expires_in: 900, // 15 minutes
+        };
+    }
+    catch (err) {
+        ctx.status = 500;
+        ctx.body = { error: err.message };
+    }
+});
+exports.codexAuthRoutes.get('/api/hermes/auth/codex/poll/:sessionId', async (ctx) => {
+    const session = sessions.get(ctx.params.sessionId);
+    if (!session) {
+        ctx.status = 404;
+        ctx.body = { error: 'Session not found' };
+        return;
+    }
+    ctx.body = {
+        status: session.status,
+        error: session.error || null,
+    };
+});
+exports.codexAuthRoutes.get('/api/hermes/auth/codex/status', async (ctx) => {
+    try {
+        const authPath = (0, hermes_profile_1.getActiveAuthPath)();
+        const auth = loadAuthJson(authPath);
+        const tokens = auth.providers?.['openai-codex']?.tokens;
+        if (!tokens?.access_token || !auth.providers) {
+            ctx.body = { authenticated: false };
+            return;
+        }
+        const codexProvider = auth.providers['openai-codex'];
+        // Check if token is expired
+        const exp = decodeJwtExp(tokens.access_token);
+        if (exp && exp <= Date.now() / 1000 + 120) {
+            // Try refresh
+            if (tokens.refresh_token) {
+                try {
+                    const refreshRes = await fetch(CODEX_OAUTH_TOKEN_URL, {
+                        method: 'POST',
+                        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+                        body: new URLSearchParams({
+                            grant_type: 'refresh_token',
+                            refresh_token: tokens.refresh_token,
+                            client_id: CODEX_CLIENT_ID,
+                        }).toString(),
+                        signal: AbortSignal.timeout(15000),
+                    });
+                    if (refreshRes.ok) {
+                        const newTokens = await refreshRes.json();
+                        codexProvider.tokens.access_token = newTokens.access_token;
+                        if (newTokens.refresh_token) {
+                            codexProvider.tokens.refresh_token = newTokens.refresh_token;
+                        }
+                        codexProvider.last_refresh = new Date().toISOString();
+                        saveAuthJson(authPath, auth);
+                        saveCodexCliTokens(newTokens.access_token, newTokens.refresh_token || tokens.refresh_token);
+                        // Update credential pool too
+                        if (auth.credential_pool?.['openai-codex']?.[0]) {
+                            auth.credential_pool['openai-codex'][0].access_token = newTokens.access_token;
+                            saveAuthJson(authPath, auth);
+                        }
+                        ctx.body = { authenticated: true, last_refresh: codexProvider.last_refresh };
+                        return;
+                    }
+                }
+                catch {
+                    // Refresh failed
+                }
+            }
+            ctx.body = { authenticated: false };
+            return;
+        }
+        ctx.body = {
+            authenticated: true,
+            last_refresh: codexProvider.last_refresh,
+        };
+    }
+    catch {
+        ctx.body = { authenticated: false };
+    }
+});

package/dist/server/routes/hermes/config.js

@@ -8,8 +8,8 @@ const router_1 = __importDefault(require("@koa/router"));
 const promises_1 = require("fs/promises");
 const promises_2 = require("fs/promises");
 const js_yaml_1 = __importDefault(require("js-yaml"));
-const hermes_cli_1 = require("../../services/hermes-cli");
-const hermes_profile_1 = require("../../services/hermes-profile");
+const hermes_cli_1 = require("../../services/hermes/hermes-cli");
+const hermes_profile_1 = require("../../services/hermes/hermes-profile");
 // Platform sections that require gateway restart after config change
 const PLATFORM_SECTIONS = new Set([
     'telegram', 'discord', 'slack', 'whatsapp', 'matrix',
@@ -82,6 +82,18 @@ function getNested(obj, path) {
     }
     return cur;
 }
+function deepMerge(target, source) {
+    for (const key of Object.keys(source)) {
+        if (source[key] && typeof source[key] === 'object' && !Array.isArray(source[key]) &&
+            target[key] && typeof target[key] === 'object' && !Array.isArray(target[key])) {
+            target[key] = deepMerge(target[key], source[key]);
+        }
+        else {
+            target[key] = source[key];
+        }
+    }
+    return target;
+}
 async function readEnvPlatforms() {
     try {
         const raw = await (0, promises_1.readFile)(envPath(), 'utf-8');
@@ -218,7 +230,7 @@ exports.configRoutes.put('/api/hermes/config', async (ctx) => {
     }
     try {
         const config = await readConfig();
-        config[section] = { ...(config[section] || {}), ...values };
+        config[section] = deepMerge(config[section] || {}, values);
         await writeConfig(config);
         // Restart gateway for platform/channel config changes
         if (PLATFORM_SECTIONS.has(section)) {

package/dist/server/routes/hermes/filesystem.js

@@ -41,14 +41,16 @@ const router_1 = __importDefault(require("@koa/router"));
 const promises_1 = require("fs/promises");
 const path_1 = require("path");
 const js_yaml_1 = __importDefault(require("js-yaml"));
-const hermes_profile_1 = require("../../services/hermes-profile");
-const hermesCli = __importStar(require("../../services/hermes-cli"));
+const hermes_profile_1 = require("../../services/hermes/hermes-profile");
+const hermesCli = __importStar(require("../../services/hermes/hermes-cli"));
 // --- Provider env var mapping (from hermes providers.py HERMES_OVERLAYS + config.py) ---
 // Maps provider key → { api_key_envs: all env var aliases for API key, base_url_env: env var for base URL }
 const PROVIDER_ENV_MAP = {
     openrouter: { api_key_env: 'OPENROUTER_API_KEY', base_url_env: 'OPENROUTER_BASE_URL' },
     zai: { api_key_env: 'ZAI_API_KEY', base_url_env: '' },
-    'kimi-for-coding': { api_key_env: 'KIMI_API_KEY', base_url_env: '' },
+    'kimi-coding': { api_key_env: 'KIMI_API_KEY', base_url_env: '' },
+    'kimi-coding-cn': { api_key_env: 'KIMI_API_KEY', base_url_env: '' },
+    moonshot: { api_key_env: 'MOONSHOT_API_KEY', base_url_env: 'MOONSHOT_BASE_URL' },
     minimax: { api_key_env: 'MINIMAX_API_KEY', base_url_env: 'MINIMAX_BASE_URL' },
     'minimax-cn': { api_key_env: 'MINIMAX_API_KEY', base_url_env: 'MINIMAX_CN_BASE_URL' },
     deepseek: { api_key_env: 'DEEPSEEK_API_KEY', base_url_env: 'DEEPSEEK_BASE_URL' },
@@ -57,11 +59,13 @@ const PROVIDER_ENV_MAP = {
     xai: { api_key_env: 'XAI_API_KEY', base_url_env: 'XAI_BASE_URL' },
     xiaomi: { api_key_env: 'XIAOMI_API_KEY', base_url_env: 'XIAOMI_BASE_URL' },
     gemini: { api_key_env: 'GEMINI_API_KEY', base_url_env: '' },
-    kilo: { api_key_env: 'KILO_API_KEY', base_url_env: 'KILOCODE_BASE_URL' },
-    vercel: { api_key_env: 'AI_GATEWAY_API_KEY', base_url_env: '' },
-    opencode: { api_key_env: 'OPENCODE_API_KEY', base_url_env: 'OPENCODE_ZEN_BASE_URL' },
+    kilocode: { api_key_env: 'KILO_API_KEY', base_url_env: 'KILOCODE_BASE_URL' },
+    'ai-gateway': { api_key_env: 'AI_GATEWAY_API_KEY', base_url_env: '' },
+    'opencode-zen': { api_key_env: 'OPENCODE_API_KEY', base_url_env: 'OPENCODE_ZEN_BASE_URL' },
     'opencode-go': { api_key_env: 'OPENCODE_API_KEY', base_url_env: 'OPENCODE_GO_BASE_URL' },
     huggingface: { api_key_env: 'HF_TOKEN', base_url_env: 'HF_BASE_URL' },
+    arcee: { api_key_env: 'ARCEE_API_KEY', base_url_env: '' },
+    'openai-codex': { api_key_env: '', base_url_env: 'HERMES_CODEX_BASE_URL' },
 };
 async function saveEnvValue(key, value) {
     const envPath = (0, hermes_profile_1.getActiveEnvPath)();
@@ -390,14 +394,12 @@ exports.fsRoutes.post('/api/hermes/memory', async (ctx) => {
 // Build model list from user's actual config.yaml using js-yaml
 function buildModelGroups(config) {
     let defaultModel = '';
-    let defaultProvider = '';
     const groups = [];
     const allModelIds = new Set();
     // 1. Extract current model
     const modelSection = config.model;
     if (typeof modelSection === 'object' && modelSection !== null) {
         defaultModel = String(modelSection.default || '').trim();
-        defaultProvider = String(modelSection.provider || '').trim();
     }
     else if (typeof modelSection === 'string') {
         defaultModel = modelSection.trim();
@@ -480,20 +482,85 @@ exports.fsRoutes.get('/api/hermes/available-models', async (ctx) => {
             for (const result of results) {
                 if (result.status === 'fulfilled' && result.value.models.length > 0) {
                     const { key, label, base_url, models } = result.value;
-                    groups.push({ provider: key, label, base_url, models });
+                    groups.push({ provider: key, label, base_url, models: Array.from(new Set(models)) });
                 }
                 else if (result.status === 'rejected') {
                     console.error(`[available-models] Failed: ${result.reason?.message || result.reason}`);
                 }
             }
         }
-        // Fallback: if no providers returned models, fall back to config.yaml parsing
-        if (groups.length === 0) {
+        // Deduplicate models within each group and merge groups with the same provider key
+        const dedupedGroups = [];
+        const seenProviders = new Map();
+        for (const g of groups) {
+            g.models = Array.from(new Set(g.models));
+            const existingIdx = seenProviders.get(g.provider);
+            if (existingIdx !== undefined) {
+                // Merge models into existing group
+                const existing = dedupedGroups[existingIdx];
+                const existingSet = new Set(existing.models);
+                for (const m of g.models) {
+                    if (!existingSet.has(m))
+                        existing.models.push(m);
+                }
+            }
+            else {
+                seenProviders.set(g.provider, dedupedGroups.length);
+                dedupedGroups.push(g);
+            }
+        }
+        // Merge custom_providers from config.yaml (ensures manually-input model names appear)
+        const customProviders = Array.isArray(config.custom_providers)
+            ? config.custom_providers
+            : [];
+        for (const cp of customProviders) {
+            if (!cp.base_url || !cp.model)
+                continue;
+            const baseUrl = cp.base_url.replace(/\/+$/, '');
+            // Check if we already have a group for this base_url
+            const existing = dedupedGroups.find(g => g.base_url.replace(/\/+$/, '') === baseUrl);
+            if (existing) {
+                if (!existing.models.includes(cp.model)) {
+                    existing.models.push(cp.model);
+                }
+            }
+            else {
+                dedupedGroups.push({
+                    provider: `custom:${cp.name.trim().toLowerCase().replace(/ /g, '-')}`,
+                    label: cp.name,
+                    base_url: baseUrl,
+                    models: [cp.model],
+                });
+            }
+        }
+        // Ensure config's current default model appears in the model list
+        if (currentDefault) {
+            const currentProvider = typeof config.model === 'object' ? String(config.model.provider || '').trim() : '';
+            if (currentProvider) {
+                const targetGroup = dedupedGroups.find(g => g.provider === currentProvider);
+                if (targetGroup && !targetGroup.models.includes(currentDefault)) {
+                    targetGroup.models.unshift(currentDefault);
+                }
+            }
+            else {
+                // No provider specified — add to the first group that matches via base_url
+                // or just prepend to all groups
+                let found = false;
+                for (const g of dedupedGroups) {
+                    if (!found && !g.models.includes(currentDefault)) {
+                        g.models.unshift(currentDefault);
+                        found = true;
+                    }
+                }
+            }
+        }
+        // Fallback: if still no providers, fall back to config.yaml parsing
+        if (dedupedGroups.length === 0) {
             const fallback = buildModelGroups(config);
             ctx.body = fallback;
             return;
         }
-        ctx.body = { default: currentDefault, groups };
+        ctx.body = { default: currentDefault, groups: dedupedGroups };
     }
     catch (err) {
         ctx.status = 500;
@@ -624,19 +691,26 @@ exports.fsRoutes.delete('/api/hermes/config/providers/:poolKey', async (ctx) =>
             ctx.body = { error: 'Cannot delete the last provider' };
             return;
         }
+        // Case-insensitive key lookup: normalize poolKey to match credential_pool
+        let resolvedKey = poolKey;
         if (!(poolKey in auth.credential_pool)) {
-            ctx.status = 404;
-            ctx.body = { error: `Provider "${poolKey}" not found` };
-            return;
+            const normalized = poolKey.toLowerCase();
+            const match = Object.keys(auth.credential_pool).find(k => k.toLowerCase() === normalized);
+            if (!match) {
+                ctx.status = 404;
+                ctx.body = { error: `Provider "${poolKey}" not found` };
+                return;
+            }
+            resolvedKey = match;
         }
         // Check if this is the current active provider
         const config = await readConfigYaml();
         const currentProvider = config.model?.provider;
-        const isCurrent = currentProvider === poolKey;
+        const isCurrent = currentProvider === poolKey || currentProvider === resolvedKey;
         // Save base_url before deleting
-        const deletedBaseUrl = auth.credential_pool[poolKey]?.[0]?.base_url;
+        const deletedBaseUrl = auth.credential_pool[resolvedKey]?.[0]?.base_url;
         // 1. Delete from auth.json
-        delete auth.credential_pool[poolKey];
+        delete auth.credential_pool[resolvedKey];
         await saveAuthJson(auth);
         // 2. Remove matching entry from config.yaml custom_providers
         if (deletedBaseUrl && Array.isArray(config.custom_providers)) {

package/dist/server/routes/hermes/index.js

@@ -11,6 +11,7 @@ const config_1 = require("./config");
 const filesystem_1 = require("./filesystem");
 const logs_1 = require("./logs");
 const weixin_1 = require("./weixin");
+const codex_auth_1 = require("./codex-auth");
 const proxy_1 = require("./proxy");
 Object.defineProperty(exports, "proxyMiddleware", { enumerable: true, get: function () { return proxy_1.proxyMiddleware; } });
 const terminal_1 = require("./terminal");
@@ -22,4 +23,5 @@ exports.hermesRoutes.use(config_1.configRoutes.routes());
 exports.hermesRoutes.use(filesystem_1.fsRoutes.routes());
 exports.hermesRoutes.use(logs_1.logRoutes.routes());
 exports.hermesRoutes.use(weixin_1.weixinRoutes.routes());
+exports.hermesRoutes.use(codex_auth_1.codexAuthRoutes.routes());
 exports.hermesRoutes.use(proxy_1.proxyRoutes.routes());