manifest 5.26.0 → 5.27.1

package/README.md

@@ -31,7 +31,7 @@ OpenClaw costs
 ## What do you get?
 
 - 🔀 **Route requests to the right model** — cut costs up to 70%
-- 📊 **Track spending** — see tokens and costs per model in real time
+- 🔄 **Automatic fallbacks** — if a model fails, retry with backup models instantly
 - 🔔 **Set limits** — get alerts when usage goes over a threshold
 
 ## Why Manifest

package/dist/backend/database/seed-messages.js

@@ -18,6 +18,7 @@ async function seedAgentMessages(messageRepo, userId, logger, ctx = {
         { name: 'gpt-4o', auth_type: 'api_key' },
         { name: 'claude-haiku-4-5-20251001', auth_type: 'subscription' },
         { name: 'gemini-2.5-flash', auth_type: 'api_key' },
+        { name: 'gpt-4.1', auth_type: 'subscription' },
     ];
     const now = Date.now();
     const messages = [];

package/dist/backend/otlp/services/trace-ingest.service.js

@@ -176,7 +176,7 @@ let TraceIngestService = class TraceIngestService {
             if (traceId)
                 traceIds.push(traceId);
         }
-        const [errorByTrace, recentErrors, recentOkMessages, recentMessages] = await Promise.all([
+        const [errorByTrace, successByTrace, recentErrors, recentOkMessages, recentMessages] = await Promise.all([
             traceIds.length > 0
                 ? turnRepo.find({
                     where: {
@@ -187,6 +187,16 @@ let TraceIngestService = class TraceIngestService {
                     select: ['id', 'trace_id'],
                 })
                 : Promise.resolve([]),
+            traceIds.length > 0
+                ? turnRepo.find({
+                    where: {
+                        trace_id: (0, typeorm_3.In)(traceIds),
+                        tenant_id: ctx.tenantId,
+                        status: 'ok',
+                    },
+                    select: ['id', 'trace_id'],
+                })
+                : Promise.resolve([]),
             turnRepo.find({
                 where: {
                     tenant_id: ctx.tenantId,
@@ -212,6 +222,7 @@ let TraceIngestService = class TraceIngestService {
         ]);
         return {
             errorTraceIds: new Set(errorByTrace.map((e) => e.trace_id)),
+            successTraceIds: new Set(successByTrace.map((e) => e.trace_id)),
             recentErrors: recentErrors.map((e) => ({ id: e.id, timestamp: e.timestamp })),
             recentOkMessages: recentOkMessages.map((m) => ({
                 id: m.id,
@@ -361,6 +372,8 @@ let TraceIngestService = class TraceIngestService {
         const traceId = (0, otlp_helpers_1.toHexString)(span.traceId);
         if (traceId && dedup.errorTraceIds.has(traceId))
             return null;
+        if (traceId && dedup.successTraceIds.has(traceId))
+            return null;
         const spanTime = new Date((0, otlp_helpers_1.nanoToDatetime)(span.startTimeUnixNano)).getTime();
         const hasNearbyError = dedup.recentErrors.some((e) => {
             const errorTime = new Date(e.timestamp).getTime();
@@ -370,6 +383,7 @@ let TraceIngestService = class TraceIngestService {
             return null;
         const spanInputTokens = (0, otlp_helpers_1.attrNumber)(attrs, 'gen_ai.usage.input_tokens') ?? 0;
         const spanOutputTokens = (0, otlp_helpers_1.attrNumber)(attrs, 'gen_ai.usage.output_tokens') ?? 0;
+        const spanModel = (0, otlp_helpers_1.attrString)(attrs, 'gen_ai.request.model') ?? (0, otlp_helpers_1.attrString)(attrs, 'gen_ai.response.model');
         if (spanInputTokens === 0 && spanOutputTokens === 0) {
             const hasProxyData = dedup.recentOkMessages.some((m) => {
                 const mTime = new Date(m.timestamp).getTime();
@@ -378,6 +392,18 @@ let TraceIngestService = class TraceIngestService {
             if (hasProxyData)
                 return null;
         }
+        else {
+            const hasMatchingProxy = dedup.recentMessages.some((m) => {
+                if (m.model !== spanModel && !m.model?.startsWith(`${spanModel}-`))
+                    return false;
+                const mTime = new Date(m.timestamp).getTime();
+                if (Math.abs(mTime - spanTime) > 30_000)
+                    return false;
+                return m.input_tokens === spanInputTokens;
+            });
+            if (hasMatchingProxy)
+                return null;
+        }
         if (this.isEmptyOkSpan(span, attrs)) {
             const sessionKey = (0, otlp_helpers_1.attrString)(attrs, 'session.key');
             const candidates = sessionKey

package/dist/backend/routing/model-discovery/model-discovery.service.js

@@ -22,8 +22,8 @@ const custom_provider_entity_1 = require("../../entities/custom-provider.entity"
 const provider_model_fetcher_service_1 = require("./provider-model-fetcher.service");
 const crypto_util_1 = require("../../common/utils/crypto.util");
 const quality_score_util_1 = require("../../database/quality-score.util");
-const providers_1 = require("../../common/constants/providers");
 const pricing_sync_service_1 = require("../../database/pricing-sync.service");
+const model_fallback_1 = require("./model-fallback");
 const customProviderKey = (id) => `custom:${id}`;
 const customModelKey = (id, modelName) => `custom:${id}/${modelName}`;
 let ModelDiscoveryService = ModelDiscoveryService_1 = class ModelDiscoveryService {
@@ -49,14 +49,42 @@ let ModelDiscoveryService = ModelDiscoveryService_1 = class ModelDiscoveryServic
                 return [];
             }
         }
-        let raw = await this.fetcher.fetch(provider.provider, apiKey, provider.auth_type);
-        if (raw.length === 0) {
-            raw = this.buildFallbackModels(provider.provider);
+        if (provider.auth_type === 'subscription' &&
+            provider.provider.toLowerCase() === 'openai' &&
+            apiKey) {
+            try {
+                const blob = JSON.parse(apiKey);
+                if (blob.t) {
+                    apiKey = blob.t;
+                }
+            }
+            catch {
+            }
+        }
+        let raw;
+        if (provider.auth_type === 'subscription' && !apiKey) {
+            raw = (0, model_fallback_1.buildSubscriptionFallbackModels)(this.pricingSync, provider.provider);
             if (raw.length > 0) {
-                this.logger.log(`Native API returned 0 models for ${provider.provider} — using ${raw.length} models from pricing data`);
+                this.logger.log(`No token for subscription provider ${provider.provider} — using ${raw.length} fallback models`);
             }
         }
-        const enriched = raw.map((model) => this.enrichModel(model, provider.provider));
+        else {
+            raw = await this.fetcher.fetch(provider.provider, apiKey, provider.auth_type);
+            if (raw.length === 0) {
+                raw = (0, model_fallback_1.buildFallbackModels)(this.pricingSync, provider.provider);
+                if (raw.length > 0) {
+                    this.logger.log(`Native API returned 0 models for ${provider.provider} — using ${raw.length} models from pricing data`);
+                }
+            }
+        }
+        if (provider.auth_type === 'subscription') {
+            raw = (0, model_fallback_1.supplementWithKnownModels)(raw, provider.provider);
+        }
+        const authType = provider.auth_type === 'subscription' ? 'subscription' : 'api_key';
+        const enriched = raw.map((model) => ({
+            ...this.enrichModel(model, provider.provider),
+            authType: authType,
+        }));
         provider.cached_models = enriched;
         provider.models_fetched_at = new Date().toISOString();
         await this.providerRepo.save(provider);
@@ -78,18 +106,24 @@ let ModelDiscoveryService = ModelDiscoveryService_1 = class ModelDiscoveryServic
             where: { agent_id: agentId, is_active: true },
         });
         const models = [];
-        const seen = new Set();
+        const seen = new Map();
         for (const p of providers) {
             if (p.provider.startsWith('custom:'))
                 continue;
             const cached = p.cached_models;
             if (!Array.isArray(cached))
                 continue;
+            const providerAuthType = p.auth_type === 'subscription' ? 'subscription' : 'api_key';
             for (const m of cached) {
+                const effectiveAuthType = m.authType ?? providerAuthType;
                 if (!seen.has(m.id)) {
-                    seen.add(m.id);
+                    seen.set(m.id, models.length);
                     models.push(m);
                 }
+                else if (effectiveAuthType === 'subscription' &&
+                    models[seen.get(m.id)]?.authType !== 'subscription') {
+                    models[seen.get(m.id)] = m;
+                }
             }
         }
         const customProviders = await this.customProviderRepo.find({
@@ -103,7 +137,7 @@ let ModelDiscoveryService = ModelDiscoveryService_1 = class ModelDiscoveryServic
                 const modelKey = customModelKey(cp.id, m.model_name);
                 if (seen.has(modelKey))
                     continue;
-                seen.add(modelKey);
+                seen.set(modelKey, models.length);
                 const inputPerToken = m.input_price_per_million_tokens != null
                     ? m.input_price_per_million_tokens / 1_000_000
                     : null;
@@ -134,9 +168,9 @@ let ModelDiscoveryService = ModelDiscoveryService_1 = class ModelDiscoveryServic
             return this.computeScore(model);
         }
         if (this.pricingSync) {
-            const orPrefix = this.findOpenRouterPrefix(providerId);
+            const orPrefix = (0, model_fallback_1.findOpenRouterPrefix)(providerId);
             if (orPrefix) {
-                const orPricing = this.lookupWithVariants(orPrefix, model.id);
+                const orPricing = (0, model_fallback_1.lookupWithVariants)(this.pricingSync, orPrefix, model.id);
                 if (orPricing) {
                     return this.computeScore({
                         ...model,
@@ -160,84 +194,6 @@ let ModelDiscoveryService = ModelDiscoveryService_1 = class ModelDiscoveryServic
         }
         return this.computeScore(model);
     }
-    findOpenRouterPrefix(providerId) {
-        const lower = providerId.toLowerCase();
-        if (providers_1.OPENROUTER_PREFIX_TO_PROVIDER.has(lower))
-            return lower;
-        const entry = providers_1.PROVIDER_BY_ID_OR_ALIAS.get(lower);
-        if (entry) {
-            for (const prefix of entry.openRouterPrefixes) {
-                if (providers_1.OPENROUTER_PREFIX_TO_PROVIDER.has(prefix))
-                    return prefix;
-            }
-        }
-        for (const [prefix, displayName] of providers_1.OPENROUTER_PREFIX_TO_PROVIDER) {
-            if (displayName.toLowerCase() === lower)
-                return prefix;
-        }
-        return null;
-    }
-    lookupWithVariants(prefix, modelId) {
-        if (!this.pricingSync)
-            return null;
-        const exact = this.pricingSync.lookupPricing(`${prefix}/${modelId}`);
-        if (exact)
-            return exact;
-        const dotVariant = modelId.replace(/-(\d+)-(\d)/g, '-$1.$2');
-        if (dotVariant !== modelId) {
-            const dotResult = this.pricingSync.lookupPricing(`${prefix}/${dotVariant}`);
-            if (dotResult)
-                return dotResult;
-        }
-        const dashVariant = modelId.replace(/\.(\d)/g, '-$1');
-        if (dashVariant !== modelId) {
-            const dashResult = this.pricingSync.lookupPricing(`${prefix}/${dashVariant}`);
-            if (dashResult)
-                return dashResult;
-        }
-        const noDate = modelId.replace(/-\d{8}$/, '');
-        if (noDate !== modelId) {
-            const noDateResult = this.pricingSync.lookupPricing(`${prefix}/${noDate}`);
-            if (noDateResult)
-                return noDateResult;
-            const noDateDot = noDate.replace(/-(\d+)-(\d)/g, '-$1.$2');
-            if (noDateDot !== noDate) {
-                const noDateDotResult = this.pricingSync.lookupPricing(`${prefix}/${noDateDot}`);
-                if (noDateDotResult)
-                    return noDateDotResult;
-            }
-        }
-        return null;
-    }
-    buildFallbackModels(providerId) {
-        const models = [];
-        const seen = new Set();
-        if (this.pricingSync) {
-            const orPrefix = this.findOpenRouterPrefix(providerId);
-            if (orPrefix) {
-                for (const [fullId, entry] of this.pricingSync.getAll()) {
-                    if (!fullId.startsWith(`${orPrefix}/`))
-                        continue;
-                    const modelId = fullId.substring(orPrefix.length + 1);
-                    if (seen.has(modelId))
-                        continue;
-                    seen.add(modelId);
-                    models.push({
-                        id: modelId,
-                        displayName: entry.displayName || modelId,
-                        provider: providerId,
-                        contextWindow: entry.contextWindow ?? 128000,
-                        inputPricePerToken: entry.input,
-                        outputPricePerToken: entry.output,
-                        capabilityReasoning: false,
-                        capabilityCode: false,
-                        qualityScore: 3,
-                    });
-                }
-            }
-        }
-        return models;
-    }
     computeScore(model) {
         const score = (0, quality_score_util_1.computeQualityScore)({
             model_name: model.id,

package/dist/backend/routing/model-discovery/model-fallback.js

@@ -0,0 +1,164 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.findOpenRouterPrefix = findOpenRouterPrefix;
+exports.lookupWithVariants = lookupWithVariants;
+exports.buildFallbackModels = buildFallbackModels;
+exports.buildSubscriptionFallbackModels = buildSubscriptionFallbackModels;
+exports.supplementWithKnownModels = supplementWithKnownModels;
+const providers_1 = require("../../common/constants/providers");
+const subscription_capabilities_1 = require("../../../../subscription-capabilities");
+function findOpenRouterPrefix(providerId) {
+    const lower = providerId.toLowerCase();
+    if (providers_1.OPENROUTER_PREFIX_TO_PROVIDER.has(lower))
+        return lower;
+    const entry = providers_1.PROVIDER_BY_ID_OR_ALIAS.get(lower);
+    if (entry) {
+        for (const prefix of entry.openRouterPrefixes) {
+            if (providers_1.OPENROUTER_PREFIX_TO_PROVIDER.has(prefix))
+                return prefix;
+        }
+    }
+    for (const [prefix, displayName] of providers_1.OPENROUTER_PREFIX_TO_PROVIDER) {
+        if (displayName.toLowerCase() === lower)
+            return prefix;
+    }
+    return null;
+}
+function lookupWithVariants(pricingSync, prefix, modelId) {
+    const exact = pricingSync.lookupPricing(`${prefix}/${modelId}`);
+    if (exact)
+        return exact;
+    const dotVariant = modelId.replace(/-(\d+)-(\d)/g, '-$1.$2');
+    if (dotVariant !== modelId) {
+        const dotResult = pricingSync.lookupPricing(`${prefix}/${dotVariant}`);
+        if (dotResult)
+            return dotResult;
+    }
+    const dashVariant = modelId.replace(/\.(\d)/g, '-$1');
+    if (dashVariant !== modelId) {
+        const dashResult = pricingSync.lookupPricing(`${prefix}/${dashVariant}`);
+        if (dashResult)
+            return dashResult;
+    }
+    const noDate = modelId.replace(/-\d{8}$/, '');
+    if (noDate !== modelId) {
+        const noDateResult = pricingSync.lookupPricing(`${prefix}/${noDate}`);
+        if (noDateResult)
+            return noDateResult;
+        const noDateDot = noDate.replace(/-(\d+)-(\d)/g, '-$1.$2');
+        if (noDateDot !== noDate) {
+            const noDateDotResult = pricingSync.lookupPricing(`${prefix}/${noDateDot}`);
+            if (noDateDotResult)
+                return noDateDotResult;
+        }
+    }
+    return null;
+}
+function buildFallbackModels(pricingSync, providerId) {
+    if (!pricingSync)
+        return [];
+    const models = [];
+    const seen = new Set();
+    const orPrefix = findOpenRouterPrefix(providerId);
+    if (!orPrefix)
+        return [];
+    for (const [fullId, entry] of pricingSync.getAll()) {
+        if (!fullId.startsWith(`${orPrefix}/`))
+            continue;
+        const modelId = fullId.substring(orPrefix.length + 1);
+        if (seen.has(modelId))
+            continue;
+        seen.add(modelId);
+        models.push({
+            id: modelId,
+            displayName: entry.displayName || modelId,
+            provider: providerId,
+            contextWindow: entry.contextWindow ?? 128000,
+            inputPricePerToken: entry.input,
+            outputPricePerToken: entry.output,
+            capabilityReasoning: false,
+            capabilityCode: false,
+            qualityScore: 3,
+        });
+    }
+    return models;
+}
+function buildSubscriptionFallbackModels(pricingSync, providerId) {
+    const knownPrefixes = (0, subscription_capabilities_1.getSubscriptionKnownModels)(providerId);
+    if (!knownPrefixes)
+        return [];
+    const capabilities = (0, subscription_capabilities_1.getSubscriptionCapabilities)(providerId);
+    const models = [];
+    const seen = new Set();
+    const orPrefix = pricingSync ? findOpenRouterPrefix(providerId) : null;
+    if (pricingSync && orPrefix) {
+        for (const [fullId, entry] of pricingSync.getAll()) {
+            if (!fullId.startsWith(`${orPrefix}/`))
+                continue;
+            const modelId = fullId.substring(orPrefix.length + 1);
+            if (!knownPrefixes.some((p) => modelId.startsWith(p)))
+                continue;
+            if (seen.has(modelId))
+                continue;
+            seen.add(modelId);
+            let contextWindow = entry.contextWindow ?? 128000;
+            if (capabilities?.maxContextWindow && contextWindow > capabilities.maxContextWindow) {
+                contextWindow = capabilities.maxContextWindow;
+            }
+            models.push({
+                id: modelId,
+                displayName: entry.displayName || modelId,
+                provider: providerId,
+                contextWindow,
+                inputPricePerToken: entry.input,
+                outputPricePerToken: entry.output,
+                capabilityReasoning: false,
+                capabilityCode: false,
+                qualityScore: 3,
+            });
+        }
+    }
+    const defaultCtx = capabilities?.maxContextWindow ?? 200000;
+    for (const modelId of knownPrefixes) {
+        const covered = models.some((m) => m.id === modelId || m.id.startsWith(`${modelId}-`));
+        if (covered)
+            continue;
+        models.push({
+            id: modelId,
+            displayName: modelId,
+            provider: providerId,
+            contextWindow: defaultCtx,
+            inputPricePerToken: 0,
+            outputPricePerToken: 0,
+            capabilityReasoning: false,
+            capabilityCode: false,
+            qualityScore: 3,
+        });
+    }
+    return models;
+}
+function supplementWithKnownModels(raw, providerId) {
+    const knownModels = (0, subscription_capabilities_1.getSubscriptionKnownModels)(providerId);
+    if (!knownModels)
+        return raw;
+    const capabilities = (0, subscription_capabilities_1.getSubscriptionCapabilities)(providerId);
+    const defaultCtx = capabilities?.maxContextWindow ?? 200000;
+    for (const modelId of knownModels) {
+        const covered = raw.some((m) => m.id === modelId || m.id.startsWith(`${modelId}-`));
+        if (covered)
+            continue;
+        raw.push({
+            id: modelId,
+            displayName: modelId,
+            provider: providerId,
+            contextWindow: defaultCtx,
+            inputPricePerToken: 0,
+            outputPricePerToken: 0,
+            capabilityReasoning: false,
+            capabilityCode: false,
+            qualityScore: 3,
+        });
+    }
+    return raw;
+}
+//# sourceMappingURL=model-fallback.js.map

package/dist/backend/routing/model-discovery/provider-model-fetcher.service.js

@@ -147,12 +147,46 @@ function parseOllama(body, provider) {
         };
     });
 }
+function parseOpenaiSubscription(body, provider) {
+    const data = body?.models;
+    if (!Array.isArray(data))
+        return [];
+    return data
+        .filter((m) => {
+        const entry = m;
+        return typeof entry.slug === 'string' && entry.visibility === 'list';
+    })
+        .map((m) => {
+        const entry = m;
+        return {
+            id: entry.slug,
+            displayName: entry.display_name || entry.slug,
+            provider,
+            contextWindow: entry.context_window ?? 200000,
+            inputPricePerToken: 0,
+            outputPricePerToken: 0,
+            capabilityReasoning: false,
+            capabilityCode: true,
+            qualityScore: 3,
+        };
+    });
+}
 exports.PROVIDER_CONFIGS = {
     openai: {
         endpoint: 'https://api.openai.com/v1/models',
         buildHeaders: bearerHeaders,
         parse: parseOpenAI,
     },
+    'openai-subscription': {
+        endpoint: 'https://chatgpt.com/backend-api/codex/models?client_version=0.99.0',
+        buildHeaders: (key) => ({
+            Authorization: `Bearer ${key}`,
+            'Content-Type': 'application/json',
+            originator: 'codex_cli_rs',
+            'user-agent': 'codex_cli_rs/0.0.0 (Unknown 0; unknown) unknown',
+        }),
+        parse: parseOpenaiSubscription,
+    },
     deepseek: {
         endpoint: 'https://api.deepseek.com/models',
         buildHeaders: bearerHeaders,
@@ -224,7 +258,11 @@ exports.PROVIDER_CONFIGS = {
 let ProviderModelFetcherService = ProviderModelFetcherService_1 = class ProviderModelFetcherService {
     logger = new common_1.Logger(ProviderModelFetcherService_1.name);
     async fetch(providerId, apiKey, authType) {
-        const config = exports.PROVIDER_CONFIGS[providerId.toLowerCase()];
+        let configKey = providerId.toLowerCase();
+        if (configKey === 'openai' && authType === 'subscription') {
+            configKey = 'openai-subscription';
+        }
+        const config = exports.PROVIDER_CONFIGS[configKey];
         if (!config) {
             this.logger.warn(`No fetcher config for provider: ${providerId}`);
             return [];

package/dist/backend/routing/openai-oauth.controller.js

@@ -0,0 +1,132 @@
+"use strict";
+var __decorate = (this && this.__decorate) || function (decorators, target, key, desc) {
+    var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d;
+    if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc);
+    else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r;
+    return c > 3 && r && Object.defineProperty(target, key, r), r;
+};
+var __metadata = (this && this.__metadata) || function (k, v) {
+    if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
+};
+var __param = (this && this.__param) || function (paramIndex, decorator) {
+    return function (target, key) { decorator(target, key, paramIndex); }
+};
+var OpenaiOauthController_1;
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OpenaiOauthController = void 0;
+const common_1 = require("@nestjs/common");
+const public_decorator_1 = require("../common/decorators/public.decorator");
+const current_user_decorator_1 = require("../auth/current-user.decorator");
+const openai_oauth_service_1 = require("./openai-oauth.service");
+const resolve_agent_service_1 = require("./resolve-agent.service");
+const routing_service_1 = require("./routing.service");
+let OpenaiOauthController = OpenaiOauthController_1 = class OpenaiOauthController {
+    oauthService;
+    resolveAgent;
+    routingService;
+    logger = new common_1.Logger(OpenaiOauthController_1.name);
+    constructor(oauthService, resolveAgent, routingService) {
+        this.oauthService = oauthService;
+        this.resolveAgent = resolveAgent;
+        this.routingService = routingService;
+    }
+    async authorize(agentName, user, req) {
+        if (!agentName) {
+            throw new common_1.HttpException('agentName query parameter is required', common_1.HttpStatus.BAD_REQUEST);
+        }
+        const agent = await this.resolveAgent.resolve(user.id, agentName);
+        const backendUrl = `${req.protocol}://${req.get('host')}`;
+        try {
+            const url = await this.oauthService.generateAuthorizationUrl(agent.id, user.id, backendUrl);
+            return { url };
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : 'Failed to start OAuth callback server';
+            throw new common_1.HttpException(message, common_1.HttpStatus.SERVICE_UNAVAILABLE);
+        }
+    }
+    async revoke(agentName, user) {
+        if (!agentName) {
+            throw new common_1.HttpException('agentName query parameter is required', common_1.HttpStatus.BAD_REQUEST);
+        }
+        const agent = await this.resolveAgent.resolve(user.id, agentName);
+        const apiKey = await this.routingService.getProviderApiKey(agent.id, 'openai', 'subscription');
+        if (apiKey) {
+            try {
+                const blob = JSON.parse(apiKey);
+                if (blob.t)
+                    await this.oauthService.revokeToken(blob.t);
+                if (blob.r)
+                    await this.oauthService.revokeToken(blob.r);
+            }
+            catch {
+                this.logger.warn('Could not parse OAuth token blob for revocation');
+            }
+        }
+        await this.routingService.removeProvider(agent.id, 'openai', 'subscription');
+        return { ok: true };
+    }
+    async callback(code, state, user) {
+        if (!code || !state) {
+            throw new common_1.HttpException('code and state are required', common_1.HttpStatus.BAD_REQUEST);
+        }
+        try {
+            await this.oauthService.exchangeCode(state, code);
+            return { ok: true };
+        }
+        catch (err) {
+            const message = err instanceof Error ? err.message : 'Token exchange failed';
+            this.logger.error(`OAuth callback exchange failed: ${message}`);
+            throw new common_1.HttpException(message, common_1.HttpStatus.BAD_REQUEST);
+        }
+    }
+    done(ok, res) {
+        const success = ok === '1';
+        res.setHeader('Content-Type', 'text/html');
+        res.setHeader('Content-Security-Policy', "default-src 'none'; script-src 'unsafe-inline'");
+        res.send((0, openai_oauth_service_1.oauthDoneHtml)(success));
+    }
+};
+exports.OpenaiOauthController = OpenaiOauthController;
+__decorate([
+    (0, common_1.Get)('authorize'),
+    __param(0, (0, common_1.Query)('agentName')),
+    __param(1, (0, current_user_decorator_1.CurrentUser)()),
+    __param(2, (0, common_1.Req)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Object, Object]),
+    __metadata("design:returntype", Promise)
+], OpenaiOauthController.prototype, "authorize", null);
+__decorate([
+    (0, common_1.Post)('revoke'),
+    __param(0, (0, common_1.Query)('agentName')),
+    __param(1, (0, current_user_decorator_1.CurrentUser)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Object]),
+    __metadata("design:returntype", Promise)
+], OpenaiOauthController.prototype, "revoke", null);
+__decorate([
+    (0, common_1.Post)('callback'),
+    __param(0, (0, common_1.Body)('code')),
+    __param(1, (0, common_1.Body)('state')),
+    __param(2, (0, current_user_decorator_1.CurrentUser)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, String, Object]),
+    __metadata("design:returntype", Promise)
+], OpenaiOauthController.prototype, "callback", null);
+__decorate([
+    (0, common_1.Get)('done'),
+    (0, public_decorator_1.Public)(),
+    __param(0, (0, common_1.Query)('ok')),
+    __param(1, (0, common_1.Res)()),
+    __metadata("design:type", Function),
+    __metadata("design:paramtypes", [String, Object]),
+    __metadata("design:returntype", void 0)
+], OpenaiOauthController.prototype, "done", null);
+exports.OpenaiOauthController = OpenaiOauthController = OpenaiOauthController_1 = __decorate([
+    (0, common_1.Controller)('api/v1/oauth/openai'),
+    __metadata("design:paramtypes", [openai_oauth_service_1.OpenaiOauthService,
+        resolve_agent_service_1.ResolveAgentService,
+        routing_service_1.RoutingService])
+], OpenaiOauthController);
+//# sourceMappingURL=openai-oauth.controller.js.map