labgate 0.5.29 → 0.5.31

package/dist/lib/container.js

@@ -39,8 +39,10 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.computeMountFingerprint = computeMountFingerprint;
 exports.prepareMcpServers = prepareMcpServers;
 exports.imageToSifName = imageToSifName;
+exports.buildCodexOauthPublishSpec = buildCodexOauthPublishSpec;
 exports.buildEntrypoint = buildEntrypoint;
 exports.setupBrowserHook = setupBrowserHook;
+exports.getAgentTokenEnv = getAgentTokenEnv;
 exports.startSession = startSession;
 exports.listSessions = listSessions;
 exports.stopSession = stopSession;
@@ -325,7 +327,7 @@ function prepareMcpServers(session, options = {}) {
             (0, fs_1.copyFileSync)(resultsBundleSrc, (0, path_1.join)(mcpDir, 'results-mcp.bundle.mjs'));
             mcpConfig.mcpServers['labgate-results'] = {
                 command: 'node',
-                args: ['/home/sandbox/.mcp-servers/results-mcp.bundle.mjs'],
+                args: ['/home/sandbox/.mcp-servers/results-mcp.bundle.mjs', '--db', '/labgate-config/results.json'],
                 env,
             };
         }
@@ -333,7 +335,7 @@ function prepareMcpServers(session, options = {}) {
             const resultsMcpPath = (0, path_1.resolve)(__dirname, 'results-mcp.js');
             mcpConfig.mcpServers['labgate-results'] = {
                 command: 'node',
-                args: [resultsMcpPath],
+                args: [resultsMcpPath, '--db', (0, config_js_1.getResultsDbPath)()],
             };
         }
         // Cluster MCP server (when SLURM integration is enabled)
@@ -803,6 +805,7 @@ function prepareCommonArgs(session, sessionId, tokenEnv) {
         '--env', `LABGATE_NETWORK_MODE=${config.network.mode}`,
         '--env', `LABGATE_DATASET_COUNT=${datasetCount}`,
         '--env', `LABGATE_RESULT_COUNT=${resultCount}`,
+        '--env', 'LABGATE_RESULTS_DB_PATH=/labgate-config/results.json',
         // HOME is set inside the entrypoint script (Apptainer rejects --env HOME)
         ...(commandBlacklist ? ['--env', `LABGATE_CMD_BLACKLIST=${commandBlacklist}`] : []),
         ...(dashboardUrl ? ['--env', `LABGATE_DASHBOARD_URL=${dashboardUrl}`] : []),
@@ -812,6 +815,23 @@ function prepareCommonArgs(session, sessionId, tokenEnv) {
     ];
     return { blockedMounts, emptyDir, envArgs };
 }
+function ensureResultsDbPathForContainer() {
+    const resultsPath = (0, config_js_1.getResultsDbPath)();
+    try {
+        (0, config_js_1.ensurePrivateDir)((0, path_1.dirname)(resultsPath));
+        if (!(0, fs_1.existsSync)(resultsPath)) {
+            (0, fs_1.writeFileSync)(resultsPath, JSON.stringify({ version: 1, results: [] }, null, 2) + '\n', {
+                encoding: 'utf-8',
+                mode: config_js_1.PRIVATE_FILE_MODE,
+            });
+        }
+        (0, config_js_1.ensurePrivateFile)(resultsPath);
+        return resultsPath;
+    }
+    catch {
+        return (0, fs_1.existsSync)(resultsPath) ? resultsPath : null;
+    }
+}
 function getRegisteredResultsCount() {
     try {
         const resultsPath = (0, config_js_1.getResultsDbPath)();
@@ -825,6 +845,10 @@ function getRegisteredResultsCount() {
     }
 }
 const DEFAULT_CODEX_OAUTH_CALLBACK_PORT = 1455;
+const CODEX_OAUTH_STARTUP_HEARTBEAT_MS = 10_000;
+const CODEX_OAUTH_STARTUP_HEARTBEAT_MAX_MS = 50_000;
+const CODEX_OAUTH_STARTUP_SPINNER_MS = 125;
+const CODEX_OAUTH_STARTUP_SPINNER_FRAMES = ['|', '/', '-', '\\'];
 function getCodexOauthCallbackPort() {
     const raw = (process.env.LABGATE_CODEX_OAUTH_CALLBACK_PORT || '').trim();
     if (!raw)
@@ -838,13 +862,90 @@ function getCodexOauthCallbackPort() {
     return port;
 }
 function shouldBridgeCodexOauthForPodman(agent, networkMode) {
-    return agent === 'codex' && networkMode !== 'none' && (0, os_1.platform)() === 'darwin';
+    if (agent !== 'codex' || networkMode === 'none' || (0, os_1.platform)() !== 'darwin')
+        return false;
+    // Default off: the macOS Podman path now uses device-auth fallback, and forcing
+    // a fixed localhost publish often fails with "proxy already running" in rootless
+    // Podman. Keep an explicit opt-in for troubleshooting legacy callback flows.
+    const optIn = (process.env.LABGATE_CODEX_PODMAN_OAUTH_BRIDGE || '').trim().toLowerCase();
+    return optIn === '1' || optIn === 'true' || optIn === 'yes';
+}
+function buildCodexOauthPublishSpec(port) {
+    // Podman macOS rootless networking does not allow publishing the same host
+    // port for both 127.0.0.1 and ::1 simultaneously (rootlessport conflict).
+    // Publishing without an explicit host IP gives dual-stack localhost reachability.
+    return `${port}:${port}`;
+}
+function startCodexOauthStartupHeartbeat() {
+    const startedAt = Date.now();
+    let stopped = false;
+    let sawOutput = false;
+    let interval = null;
+    let maxTimer = null;
+    let spinnerFrame = 0;
+    let spinnerActive = false;
+    const useSpinner = !!(process.stderr.isTTY && process.stdout.isTTY);
+    const renderSpinner = () => {
+        const elapsedSeconds = Math.max(1, Math.floor((Date.now() - startedAt) / 1000));
+        const frame = CODEX_OAUTH_STARTUP_SPINNER_FRAMES[spinnerFrame];
+        spinnerFrame = (spinnerFrame + 1) % CODEX_OAUTH_STARTUP_SPINNER_FRAMES.length;
+        process.stderr.write(`\r\x1b[2K${log.dim('›')} Waiting for Codex login output... ${frame} ${elapsedSeconds}s`);
+        spinnerActive = true;
+    };
+    const stop = () => {
+        if (stopped)
+            return;
+        stopped = true;
+        if (interval) {
+            clearInterval(interval);
+            interval = null;
+        }
+        if (maxTimer) {
+            clearTimeout(maxTimer);
+            maxTimer = null;
+        }
+        if (spinnerActive) {
+            process.stderr.write('\r\x1b[2K');
+            spinnerActive = false;
+        }
+    };
+    if (useSpinner) {
+        renderSpinner();
+        interval = setInterval(() => {
+            if (stopped || sawOutput)
+                return;
+            renderSpinner();
+        }, CODEX_OAUTH_STARTUP_SPINNER_MS);
+    }
+    else {
+        interval = setInterval(() => {
+            if (stopped || sawOutput)
+                return;
+            const elapsedSeconds = Math.max(1, Math.floor((Date.now() - startedAt) / 1000));
+            log.step(`Still starting Codex OAuth flow... (${elapsedSeconds}s elapsed)`);
+        }, CODEX_OAUTH_STARTUP_HEARTBEAT_MS);
+    }
+    maxTimer = setTimeout(() => stop(), CODEX_OAUTH_STARTUP_HEARTBEAT_MAX_MS);
+    interval.unref();
+    maxTimer.unref();
+    return {
+        noteOutput(data) {
+            if (stopped || sawOutput)
+                return;
+            if (!data || data.trim().length === 0)
+                return;
+            sawOutput = true;
+            stop();
+        },
+        stop,
+    };
 }
 // ── Build Apptainer arguments ─────────────────────────────
 function buildApptainerArgs(session, sifPath, sessionId, tokenEnv = []) {
     const { agent, workdir, config } = session;
     const sandboxHome = (0, config_js_1.getSandboxHome)();
     const { blockedMounts, emptyDir, envArgs } = prepareCommonArgs(session, sessionId, tokenEnv);
+    const resultsDbPath = ensureResultsDbPathForContainer();
     // SLURM auth passthrough: bind host munged socket dir when present.
     // This enables staged SLURM client commands inside the container to authenticate.
     const mungeBinds = [];
@@ -882,6 +983,7 @@ function buildApptainerArgs(session, sifPath, sessionId, tokenEnv = []) {
         }),
         // ── LabGate config for in-container MCP servers ──
         ...((0, fs_1.existsSync)((0, config_js_1.getConfigPath)()) ? ['--bind', `${(0, config_js_1.getConfigPath)()}:/labgate-config/config.json`] : []),
+        ...(resultsDbPath ? ['--bind', `${resultsDbPath}:/labgate-config/results.json`] : []),
         ...(config.slurm.enabled && (0, fs_1.existsSync)((0, config_js_1.getSlurmDbPath)())
             ? ['--bind', `${(0, config_js_1.getSlurmDbPath)()}:/labgate-config/slurm.db`] : []),
         ...(config.slurm.enabled && (0, fs_1.existsSync)(`${(0, config_js_1.getSlurmDbPath)()}.json`)
@@ -907,6 +1009,7 @@ function buildPodmanArgs(session, image, sessionId, tokenEnv = [], options = { t
     const { agent, workdir, config } = session;
     const sandboxHome = (0, config_js_1.getSandboxHome)();
     const { blockedMounts, emptyDir, envArgs } = prepareCommonArgs(session, sessionId, tokenEnv);
+    const resultsDbPath = ensureResultsDbPathForContainer();
     const bridgeCodexOauth = shouldBridgeCodexOauthForPodman(agent, config.network.mode);
     const codexOauthPort = bridgeCodexOauth ? getCodexOauthCallbackPort() : 0;
     const networkArgs = config.network.mode === 'none'
@@ -915,7 +1018,7 @@ function buildPodmanArgs(session, image, sessionId, tokenEnv = [], options = { t
             ? (bridgeCodexOauth ? [] : ['--network', 'host'])
             : [];
     const publishArgs = bridgeCodexOauth
-        ? ['--publish', `127.0.0.1:${codexOauthPort}:${codexOauthPort}`]
+        ? ['--publish', buildCodexOauthPublishSpec(codexOauthPort)]
         : [];
     return [
         'run',
@@ -943,6 +1046,7 @@ function buildPodmanArgs(session, image, sessionId, tokenEnv = [], options = { t
         }),
         // ── LabGate config for in-container MCP servers ──
         ...((0, fs_1.existsSync)((0, config_js_1.getConfigPath)()) ? ['--volume', `${(0, config_js_1.getConfigPath)()}:/labgate-config/config.json`] : []),
+        ...(resultsDbPath ? ['--volume', `${resultsDbPath}:/labgate-config/results.json`] : []),
         ...(config.slurm.enabled && (0, fs_1.existsSync)((0, config_js_1.getSlurmDbPath)())
             ? ['--volume', `${(0, config_js_1.getSlurmDbPath)()}:/labgate-config/slurm.db`] : []),
         ...(config.slurm.enabled && (0, fs_1.existsSync)(`${(0, config_js_1.getSlurmDbPath)()}.json`)
@@ -1070,7 +1174,11 @@ function buildEntrypoint(agent) {
         // Configure a LabGate status line in Claude Code with a dashboard URL.
         lines.push('mkdir -p "$HOME/.claude"', 'cat > "$HOME/.claude/labgate-statusline.sh" <<\'EOF\'', '#!/usr/bin/env bash', 'status_input="$(cat || true)"', 'url="${LABGATE_DASHBOARD_URL:-}"', 'if [ -z "$url" ]; then', '  dashboard_link_file="${LABGATE_DASHBOARD_LINK_FILE:-$HOME/.labgate-dashboard-url}"', '  if [ -f "$dashboard_link_file" ]; then', '    url="$(cat "$dashboard_link_file" 2>/dev/null || true)"', '  fi', 'fi', 'if [ -z "$url" ]; then', '  url="http://localhost:7700"', 'fi', 'dataset_count="${LABGATE_DATASET_COUNT:-0}"', 'result_count="${LABGATE_RESULT_COUNT:-0}"', 'status_meta="$(printf "%s" "$status_input" | node -e \'', '  const fs = require("fs");', '  let raw = "";', '  try { raw = fs.readFileSync(0, "utf8"); } catch {}', '  let model = "Unknown";', '  let remaining = "";', '  try {', '    const parsed = JSON.parse(raw || "{}");', '    const modelObj = parsed && parsed.model ? parsed.model : null;', '    if (modelObj) model = modelObj.display_name || modelObj.id || model;', '    const ctx = parsed && parsed.context_window ? parsed.context_window : null;', '    if (ctx && Number.isFinite(ctx.remaining_percentage)) {', '      remaining = String(Math.max(0, Math.min(100, Math.round(ctx.remaining_percentage))));', '    } else if (ctx && Number.isFinite(ctx.used_percentage)) {', '      remaining = String(Math.max(0, Math.min(100, Math.round(100 - ctx.used_percentage))));', '    }', '  } catch {}', '  process.stdout.write(String(model) + "\\t" + String(remaining));', '\' 2>/dev/null || true)"', 'model_display="Unknown"', 'context_remaining=""', 'if [ -n "$status_meta" ]; then', '  IFS=$\'\\t\' read -r model_display context_remaining <<< "$status_meta"', 'fi', 'if [ -z "$model_display" ]; then', '  model_display="Unknown"', 'fi', 'context_note="context availability unknown"', 'if [[ "$context_remaining" =~ ^[0-9]+$ ]]; then', '  context_note="${context_remaining}% context available"', 'fi', 'results_file="${LABGATE_RESULTS_DB_PATH:-$HOME/.labgate/results.json}"', 'baseline_file="$HOME/.claude/labgate-statusline.results-baseline.${LABGATE_SESSION:-default}"', 'read_results_count() {', '  local path="${1:-}"', '  [ -n "$path" ] || return 0', '  [ -f "$path" ] || return 0', '  node -e \'', '    const fs = require("fs");', '    const p = process.argv[1];', '    try {', '      const parsed = JSON.parse(fs.readFileSync(p, "utf8"));', '      const rows = Array.isArray(parsed?.results) ? parsed.results : [];', '      process.stdout.write(String(rows.length));', '    } catch {}', '  \' "$path" 2>/dev/null || true', '}', 'current_result_count="$(read_results_count "$results_file")"', 'if ! [[ "$current_result_count" =~ ^[0-9]+$ ]]; then', '  current_result_count="$result_count"', 'fi', 'baseline_result_count=""', 'if [ -f "$baseline_file" ]; then', '  baseline_result_count="$(cat "$baseline_file" 2>/dev/null || true)"', 'fi', 'if ! [[ "$baseline_result_count" =~ ^[0-9]+$ ]]; then', '  baseline_result_count="$current_result_count"', '  printf "%s\\n" "$baseline_result_count" > "$baseline_file" 2>/dev/null || true', 'fi', 'result_delta=$(( current_result_count - baseline_result_count ))', 'if [ "$result_delta" -lt 0 ]; then', '  result_delta=0', 'fi', 'dataset_suffix="s"', 'result_suffix="s"', 'delta_suffix="s"', '[ "$dataset_count" = "1" ] && dataset_suffix=""', '[ "$current_result_count" = "1" ] && result_suffix=""', '[ "$result_delta" = "1" ] && delta_suffix=""', 'delta_note=""', 'if [ "$result_delta" -gt 0 ]; then', '  delta_note=" (${result_delta} new result${delta_suffix} since this session)"', 'fi', 'summary="model ${model_display} | ${context_note} | ${dataset_count} dataset${dataset_suffix} registered | ${current_result_count} result${result_suffix} registered${delta_note}"', 'if [[ "$url" =~ ^https?:// ]]; then', '  echo "LabGate | ${url} -- ${summary}"', 'else', '  echo "LabGate -- ${summary}"', 'fi', 'EOF', 'chmod +x "$HOME/.claude/labgate-statusline.sh"', 'node -e \'', '  const fs = require("fs");', '  const path = process.env.HOME + "/.claude/settings.json";', '  let settings = {};', '  try {', '    if (fs.existsSync(path)) settings = JSON.parse(fs.readFileSync(path, "utf8"));', '  } catch {}', '  settings.statusLine = {', '    type: "command",', '    command: "~/.claude/labgate-statusline.sh",', '    padding: 1,', '  };', '  fs.writeFileSync(path, JSON.stringify(settings, null, 2));', '\'', '');
     }
-    lines.push(`if ! command -v ${setup.bin} >/dev/null 2>&1; then`, `  ${setup.installer}`, 'fi', `echo "[labgate] Starting ${setup.bin} in /work"`, `exec ${setup.bin}`);
+    const preLaunchLines = [];
+    if (agent === 'codex') {
+        preLaunchLines.push('labgate_ensure_ca_certificates() {', '  if [ -s /etc/ssl/certs/ca-certificates.crt ] || [ -s /etc/ssl/cert.pem ]; then', '    return 0', '  fi', '  if [ "$(id -u)" != "0" ]; then', '    echo "[labgate] Warning: missing CA certificates and no root access to install them; Codex login may fail." >&2', '    return 0', '  fi', '  echo "[labgate] Installing ca-certificates for Codex TLS..."', '  if command -v apt-get >/dev/null 2>&1; then', '    export DEBIAN_FRONTEND=noninteractive', '    apt-get update >/dev/null 2>&1 || return 0', '    apt-get install -y ca-certificates >/dev/null 2>&1 || return 0', '    update-ca-certificates >/dev/null 2>&1 || true', '    return 0', '  fi', '  if command -v apk >/dev/null 2>&1; then', '    apk add --no-cache ca-certificates >/dev/null 2>&1 || return 0', '    update-ca-certificates >/dev/null 2>&1 || true', '    return 0', '  fi', '  if command -v dnf >/dev/null 2>&1; then', '    dnf install -y ca-certificates >/dev/null 2>&1 || return 0', '    return 0', '  fi', '  if command -v yum >/dev/null 2>&1; then', '    yum install -y ca-certificates >/dev/null 2>&1 || return 0', '    return 0', '  fi', '  if command -v microdnf >/dev/null 2>&1; then', '    microdnf install -y ca-certificates >/dev/null 2>&1 || return 0', '  fi', '}', 'labgate_ensure_ca_certificates', 'if [ "${LABGATE_CODEX_PODMAN_DARWIN_WORKAROUND:-}" = "1" ]; then', '  if ! codex login status >/dev/null 2>&1; then', '    echo "[labgate] Starting Codex device-code login (Podman macOS callback workaround)..."', '    codex login --device-auth', '  fi', 'fi');
+    }
+    lines.push(`if ! command -v ${setup.bin} >/dev/null 2>&1; then`, `  ${setup.installer}`, 'fi', ...preLaunchLines, `echo "[labgate] Starting ${setup.bin} in /work"`, `exec ${setup.bin}`);
     return lines.join('\n');
 }
 // ── Browser-open hook for OAuth (via sandbox home) ────────
@@ -1101,45 +1209,113 @@ function osc52Copy(text) {
 const OAUTH_URL_DEDUPE_WINDOW_MS = 20_000;
 let lastHandledOAuthUrl = '';
 let lastHandledOAuthAt = 0;
+const CLAUDE_OAUTH_MARKER = 'https://claude.ai/oauth/authorize?';
+const CLAUDE_MANUAL_CODE_REDIRECT_URI = 'https://platform.claude.com/oauth/code/callback';
+const CLAUDE_LOCALHOST_REDIRECT_HOSTS = new Set(['localhost', '127.0.0.1', '[::1]', '::1']);
+function stripTerminalControlForOAuth(text) {
+    return String(text || '')
+        .replace(/\x1b\][\s\S]*?(?:\x07|\x1b\\)/g, '')
+        .replace(/\x1b\[[0-9;?]*[ -/]*[@-~]/g, '')
+        .replace(/\x1b[P^_][\s\S]*?\x1b\\/g, '')
+        .replace(/\x1b[@-_]/g, '')
+        .replace(/[\u0000-\u0008\u000b-\u001f\u007f]/g, '');
+}
+function canonicalizeClaudeOAuthRedirectUri(parsed) {
+    const rawRedirectUri = (parsed.searchParams.get('redirect_uri') || '').trim();
+    if (!rawRedirectUri)
+        return;
+    try {
+        const redirectUri = new URL(rawRedirectUri);
+        const host = (redirectUri.hostname || '').trim().toLowerCase();
+        if (!CLAUDE_LOCALHOST_REDIRECT_HOSTS.has(host))
+            return;
+        parsed.searchParams.set('redirect_uri', CLAUDE_MANUAL_CODE_REDIRECT_URI);
+    }
+    catch {
+        // Keep original redirect URI if it cannot be parsed.
+    }
+}
+function normalizeClaudeOAuthUrl(raw) {
+    const stripped = stripTerminalControlForOAuth(raw);
+    const start = stripped.lastIndexOf(CLAUDE_OAUTH_MARKER);
+    if (start === -1)
+        return null;
+    let candidate = stripped.slice(start);
+    const endPatterns = [/\n\s*Paste code/i, /\n\s*Browser did(?: not|n't) open\?/i, /\n\s*\n/];
+    let end = candidate.length;
+    for (const pat of endPatterns) {
+        const match = candidate.match(pat);
+        if (match && match.index !== undefined && match.index >= 0 && match.index < end) {
+            end = match.index;
+        }
+    }
+    candidate = candidate.slice(0, end).replace(/\s+/g, '').trim();
+    const urlMatch = candidate.match(/^https:\/\/claude\.ai\/oauth\/authorize\?[A-Za-z0-9\-._~%!$&'()*+,;=:@/?#[\]]+/);
+    if (!urlMatch)
+        return null;
+    try {
+        const parsed = new URL(urlMatch[0]);
+        if (parsed.protocol !== 'https:' || parsed.hostname !== 'claude.ai' || parsed.pathname !== '/oauth/authorize') {
+            return null;
+        }
+        const required = ['client_id', 'state', 'response_type', 'redirect_uri', 'scope', 'code_challenge', 'code_challenge_method'];
+        for (const key of required) {
+            if (!parsed.searchParams.get(key))
+                return null;
+        }
+        if ((parsed.searchParams.get('response_type') || '').trim().toLowerCase() !== 'code')
+            return null;
+        if ((parsed.searchParams.get('code_challenge_method') || '').trim().toUpperCase() !== 'S256')
+            return null;
+        canonicalizeClaudeOAuthRedirectUri(parsed);
+        return parsed.toString();
+    }
+    catch {
+        return null;
+    }
+}
 function handleOAuthUrl(url, options) {
+    const normalizedUrl = normalizeClaudeOAuthUrl(url);
+    if (!normalizedUrl)
+        return;
     const now = Date.now();
-    if (url === lastHandledOAuthUrl && (now - lastHandledOAuthAt) < OAUTH_URL_DEDUPE_WINDOW_MS) {
+    if (normalizedUrl === lastHandledOAuthUrl && (now - lastHandledOAuthAt) < OAUTH_URL_DEDUPE_WINDOW_MS) {
         return;
     }
-    lastHandledOAuthUrl = url;
+    lastHandledOAuthUrl = normalizedUrl;
     lastHandledOAuthAt = now;
     if (options.isRemote) {
         // SSH / headless: push URL to local clipboard via OSC 52 if supported.
-        osc52Copy(url);
-        log.info(`Login URL:\n${url}`);
+        osc52Copy(normalizedUrl);
+        log.info(`Login URL:\n${normalizedUrl}`);
         log.info('Tried to copy URL via terminal clipboard (OSC 52).');
         log.info('Open it in your local browser, then paste the code back here.');
         return;
     }
     if (options.hostPlatform === 'darwin') {
         try {
-            options.execSync('pbcopy', [], { input: url, stdio: ['pipe', 'ignore', 'ignore'] });
+            options.execSync('pbcopy', [], { input: normalizedUrl, stdio: ['pipe', 'ignore', 'ignore'] });
         }
         catch { /* best effort */ }
         try {
-            options.execSync('open', [url], { stdio: 'ignore' });
+            options.execSync('open', [normalizedUrl], { stdio: 'ignore' });
             log.success('Login URL opened in browser');
         }
         catch {
             log.warn('Could not auto-open browser. URL copied to clipboard (if available).');
-            log.info(`Login URL:\n${url}`);
+            log.info(`Login URL:\n${normalizedUrl}`);
         }
         return;
     }
     // Local Linux with display
     try {
-        options.execSync('xdg-open', [url], { stdio: 'ignore' });
+        options.execSync('xdg-open', [normalizedUrl], { stdio: 'ignore' });
         log.success('Login URL opened in browser');
     }
     catch {
-        osc52Copy(url);
+        osc52Copy(normalizedUrl);
         log.warn('Could not auto-open browser. Tried clipboard copy via terminal.');
-        log.info(`Login URL:\n${url}`);
+        log.info(`Login URL:\n${normalizedUrl}`);
     }
 }
 /**
@@ -1161,25 +1337,11 @@ function createOAuthInterceptor(options = {}) {
             if (buffer.length > 8000) {
                 buffer = buffer.slice(-6000);
             }
-            // Look for the OAuth URL pattern — it may be split across lines.
-            const match = buffer.match(/https:\/\/claude\.ai\/oauth\/authorize\?[^\s]*/);
-            if (!match)
+            const normalizedUrl = normalizeClaudeOAuthUrl(buffer);
+            if (!normalizedUrl)
                 return data;
-            // Reassemble wrapped URL by stripping terminal-inserted whitespace.
-            const urlStart = buffer.indexOf(match[0]);
-            let raw = buffer.slice(urlStart);
-            const endPatterns = [/\n\s*\n/, /Paste code/, /\n\s*$/];
-            for (const pat of endPatterns) {
-                const endMatch = raw.match(pat);
-                if (endMatch && endMatch.index) {
-                    raw = raw.slice(0, endMatch.index);
-                }
-            }
-            const cleanUrl = raw.replace(/\s+/g, '').trim();
-            if (cleanUrl.length > 50 && cleanUrl.startsWith('https://')) {
-                handled = true;
-                handleOAuthUrl(cleanUrl, { isRemote, hostPlatform, execSync });
-            }
+            handled = true;
+            handleOAuthUrl(normalizedUrl, { isRemote, hostPlatform, execSync });
             return data;
         },
     };
@@ -1307,51 +1469,56 @@ function renderStickyFooter(line) {
     const padded = trimmed.padEnd(cols, ' ');
     process.stdout.write(`\x1b7\x1b[${rows};1H\x1b[2K${padded}\x1b8`);
 }
-// ── Agent credential extraction ───────────────────────────
 /**
  * Resolve agent credentials. Checks in order:
  *   1. Explicit --api-key flag (passed via apiKey parameter)
- *   2. ANTHROPIC_API_KEY in host environment
- *   3. macOS keychain (Claude Code OAuth tokens)
+ *   2. macOS keychain (Claude Code OAuth tokens, Claude only)
+ *   3. ANTHROPIC_API_KEY in host environment
  *
  * Returns env args to inject into the container.
  */
-function getAgentTokenEnv(agent, apiKey) {
+function getAgentTokenEnv(agent, apiKey, deps = {}) {
+    const env = deps.env ?? process.env;
+    const platformFn = deps.platformFn ?? os_1.platform;
+    const execSync = deps.execFileSyncFn ?? child_process_1.execFileSync;
+    const ensureDir = deps.mkdirSyncFn ?? fs_1.mkdirSync;
+    const writeFile = deps.writeFileSyncFn ?? fs_1.writeFileSync;
     // 1. Explicit API key from CLI flag
     if (apiKey) {
         log.success('Using API key from --api-key flag');
         return ['--env', `ANTHROPIC_API_KEY=${apiKey}`];
     }
-    // 2. Forward ANTHROPIC_API_KEY from host environment
-    if (process.env.ANTHROPIC_API_KEY) {
-        log.success('Forwarding ANTHROPIC_API_KEY from environment');
-        return ['--env', `ANTHROPIC_API_KEY=${process.env.ANTHROPIC_API_KEY}`];
-    }
-    // 3. macOS keychain extraction (local only)
-    if ((0, os_1.platform)() === 'darwin' && agent === 'claude') {
+    // 2. macOS keychain extraction (local only, Claude)
+    // Sync credentials file into sandbox home, but do not export ANTHROPIC_API_KEY.
+    // Claude may prompt interactively when a custom ANTHROPIC_API_KEY is present,
+    // which can stall UI launches.
+    if (platformFn() === 'darwin' && agent === 'claude') {
         try {
-            const raw = (0, child_process_1.execFileSync)('security', [
+            const raw = execSync('security', [
                 'find-generic-password',
                 '-s', 'Claude Code-credentials',
                 '-w',
             ], { encoding: 'utf-8', timeout: 5000 }).trim();
             const creds = JSON.parse(raw);
             const token = creds.claudeAiOauth?.accessToken;
-            if (!token)
+            if (token) {
+                const sandboxHome = deps.sandboxHome ?? (0, config_js_1.getSandboxHome)();
+                const claudeDir = (0, path_1.join)(sandboxHome, '.claude');
+                ensureDir(claudeDir, { recursive: true });
+                writeFile((0, path_1.join)(claudeDir, '.credentials.json'), raw, { mode: 0o600 });
+                log.success('Synced credentials from macOS keychain');
                 return [];
-            // Sync the full credential file into the sandbox home so
-            // Claude Code picks it up natively (no OAuth flow needed)
-            const sandboxHome = (0, config_js_1.getSandboxHome)();
-            const claudeDir = (0, path_1.join)(sandboxHome, '.claude');
-            (0, fs_1.mkdirSync)(claudeDir, { recursive: true });
-            (0, fs_1.writeFileSync)((0, path_1.join)(claudeDir, '.credentials.json'), raw, { mode: 0o600 });
-            log.success('Synced credentials from macOS keychain');
-            return ['--env', `ANTHROPIC_API_KEY=${token}`];
+            }
         }
         catch {
-            return [];
+            // Fall through to host env var fallback.
         }
     }
+    // 3. Forward ANTHROPIC_API_KEY from host environment
+    if (env.ANTHROPIC_API_KEY) {
+        log.success('Forwarding ANTHROPIC_API_KEY from environment');
+        return ['--env', `ANTHROPIC_API_KEY=${env.ANTHROPIC_API_KEY}`];
+    }
     return [];
 }
 function formatStatusFooter(session, runtime, sessionId, image) {
@@ -1464,9 +1631,28 @@ async function startSession(session) {
     const footerLine = formatStatusFooter(session, runtime, sessionId, image);
     // Extract agent auth token (CLI flag → env var → macOS keychain)
     const tokenEnv = session.dryRun ? [] : getAgentTokenEnv(session.agent, session.apiKey);
+    const bridgeCodexOauthForPodman = runtime === 'podman' && shouldBridgeCodexOauthForPodman(session.agent, session.config.network.mode);
+    const needsCodexOauthStartupHeartbeat = bridgeCodexOauthForPodman && tokenEnv.length === 0;
     // Set up browser hook so OAuth URLs get opened on the host
     // Skip if we already have an API key (no OAuth needed)
     const browserHook = session.dryRun || tokenEnv.length > 0 ? undefined : setupBrowserHook();
+    // Some Podman/appliance setups may leak host env vars into the container.
+    // For Claude sessions without an explicit API-key auth source, clear
+    // ANTHROPIC_API_KEY to avoid interactive "use custom key?" prompts.
+    const claudeEnvGuard = (session.agent === 'claude' && tokenEnv.length === 0)
+        ? ['--env', 'ANTHROPIC_API_KEY=']
+        : [];
+    const codexPodmanDarwinLoginWorkaround = (runtime === 'podman' &&
+        session.agent === 'codex' &&
+        (0, os_1.platform)() === 'darwin')
+        ? ['--env', 'LABGATE_CODEX_PODMAN_DARWIN_WORKAROUND=1']
+        : [];
+    const runtimeEnvArgs = [
+        ...claudeEnvGuard,
+        ...codexPodmanDarwinLoginWorkaround,
+        ...tokenEnv,
+        ...(browserHook?.env ?? []),
+    ];
     let cleanupSlurmHostProxy = () => { };
     // If the agent isn't installed in the persistent sandbox home yet, warn that first run can be slow.
     if (!session.dryRun) {
@@ -1521,18 +1707,21 @@ async function startSession(session) {
         else {
             sifPath = ensureSifImage(runtime, image);
         }
-        args = buildApptainerArgs(session, sifPath, sessionId, [...tokenEnv, ...(browserHook?.env ?? [])]);
+        args = buildApptainerArgs(session, sifPath, sessionId, runtimeEnvArgs);
     }
     else {
-        if (shouldBridgeCodexOauthForPodman(session.agent, session.config.network.mode)) {
+        if (bridgeCodexOauthForPodman) {
             const port = getCodexOauthCallbackPort();
             log.step(`Codex OAuth callback bridge enabled on localhost:${port} ` +
                 '(Podman macOS uses bridge networking for callback compatibility).');
+            if (needsCodexOauthStartupHeartbeat) {
+                log.step('Launching Codex OAuth flow. Login output may take ~30s to appear.');
+            }
         }
         if (!session.dryRun) {
             ensurePodmanImage(runtime, image);
         }
-        args = buildPodmanArgs(session, image, sessionId, [...tokenEnv, ...(browserHook?.env ?? [])], { tty: !!(process.stdout.isTTY && process.stdin.isTTY) });
+        args = buildPodmanArgs(session, image, sessionId, runtimeEnvArgs, { tty: !!(process.stdout.isTTY && process.stdin.isTTY) });
     }
     if (session.dryRun) {
         prettyPrintCommand(runtime, args);
@@ -1588,7 +1777,7 @@ async function startSession(session) {
     const wantsSticky = footerMode === 'sticky';
     const needsOAuthPtyFallback = !!oauthInterceptor;
     const hasTty = !!(process.stdout.isTTY && process.stdin.isTTY);
-    const shouldUsePty = hasTty && (wantsSticky || needsOAuthPtyFallback);
+    const shouldUsePty = hasTty && (wantsSticky || needsOAuthPtyFallback || needsCodexOauthStartupHeartbeat);
     if (shouldUsePty) {
         const pty = await loadPty();
         if (!pty) {
@@ -1598,6 +1787,9 @@ async function startSession(session) {
             else if (needsOAuthPtyFallback) {
                 log.step('OAuth URL fallback interceptor unavailable (node-pty missing).');
             }
+            else if (needsCodexOauthStartupHeartbeat) {
+                log.step('Codex startup heartbeat unavailable (node-pty missing).');
+            }
         }
         else {
             let runtimePath;
@@ -1633,6 +1825,9 @@ async function startSession(session) {
                 // Continue below with non-PTY spawn.
             }
             else {
+                const codexOauthHeartbeat = needsCodexOauthStartupHeartbeat
+                    ? startCodexOauthStartupHeartbeat()
+                    : null;
                 let exited = false;
                 const resizeHandler = () => {
                     child.resize(process.stdout.columns || 80, process.stdout.rows || 24);
@@ -1645,6 +1840,7 @@ async function startSession(session) {
                     renderStickyFooter(footerLine);
                 }
                 child.onData((data) => {
+                    codexOauthHeartbeat?.noteOutput(data);
                     if (oauthInterceptor)
                         oauthInterceptor.feed(data);
                     process.stdout.write(data);
@@ -1667,6 +1863,7 @@ async function startSession(session) {
                 const timeoutHandle = setupSessionTimeout(session, sessionId, runtime, () => exited, () => child.kill('SIGTERM'));
                 child.onExit((event) => {
                     exited = true;
+                    codexOauthHeartbeat?.stop();
                     if (timeoutHandle)
                         clearTimeout(timeoutHandle);
                     browserHook?.cleanup();