responses-proxy 0.1.0

package/dist/telegram-bot/bot-identity-repository.test.js

@@ -0,0 +1,78 @@
+import { mkdtempSync, rmSync } from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import assert from "node:assert/strict";
+import test from "node:test";
+import BetterSqlite3 from "better-sqlite3";
+import { BotIdentityRepository } from "./bot-identity-repository.js";
+function withRepository(fn) {
+    const dir = mkdtempSync(path.join(os.tmpdir(), "telegram-identity-"));
+    try {
+        const dbFile = path.join(dir, "bot.sqlite");
+        fn(BotIdentityRepository.create(dbFile), dbFile);
+    }
+    finally {
+        rmSync(dir, { recursive: true, force: true });
+    }
+}
+test("BotIdentityRepository creates and updates Telegram users", () => {
+    withRepository((repo) => {
+        const first = repo.upsertUser({
+            telegramUserId: "1283361952",
+            username: "atger",
+            firstName: "Atger",
+            languageCode: "en",
+            now: new Date("2026-04-27T00:00:00.000Z"),
+        });
+        assert.equal(first.role, "customer");
+        assert.equal(first.status, "active");
+        assert.equal(first.username, "atger");
+        assert.equal(first.createdAt, "2026-04-27T00:00:00.000Z");
+        repo.setUserStatus("1283361952", "blocked", new Date("2026-04-27T00:05:00.000Z"));
+        const updated = repo.upsertUser({
+            telegramUserId: "1283361952",
+            username: "new_name",
+            firstName: "New",
+            languageCode: "vi",
+            now: new Date("2026-04-27T00:10:00.000Z"),
+        });
+        assert.equal(updated.username, "new_name");
+        assert.equal(updated.firstName, "New");
+        assert.equal(updated.languageCode, "vi");
+        assert.equal(updated.status, "blocked");
+        assert.equal(updated.createdAt, "2026-04-27T00:00:00.000Z");
+        assert.equal(updated.lastSeenAt, "2026-04-27T00:10:00.000Z");
+    });
+});
+test("BotIdentityRepository creates chats and memberships", () => {
+    withRepository((repo, dbFile) => {
+        repo.upsertUser({ telegramUserId: "1" });
+        const chat = repo.upsertChat({
+            telegramChatId: "-100",
+            chatType: "supergroup",
+            title: "Customers",
+            now: new Date("2026-04-27T01:00:00.000Z"),
+        });
+        repo.upsertMembership({
+            telegramUserId: "1",
+            telegramChatId: "-100",
+            role: "member",
+            now: new Date("2026-04-27T01:00:01.000Z"),
+        });
+        assert.equal(chat.telegramChatId, "-100");
+        assert.equal(chat.chatType, "supergroup");
+        assert.equal(chat.title, "Customers");
+        const db = new BetterSqlite3(dbFile);
+        const row = db
+            .prepare(`SELECT telegram_user_id, telegram_chat_id, role
+         FROM telegram_chat_memberships
+         WHERE telegram_user_id = ? AND telegram_chat_id = ?`)
+            .get("1", "-100");
+        db.close();
+        assert.deepEqual(row, {
+            telegram_user_id: "1",
+            telegram_chat_id: "-100",
+            role: "member",
+        });
+    });
+});

package/dist/telegram-bot/callbacks.js

@@ -0,0 +1,30 @@
+export async function answerCallbackQuerySafely(ctx, payload) {
+    try {
+        await ctx.answerCallbackQuery(payload);
+    }
+    catch {
+        // Telegram callback queries can expire before the bot answers; the action itself can still continue.
+    }
+}
+export async function replyOrEditMessage(ctx, text, options) {
+    const callbackMessage = ctx.callbackQuery && "message" in ctx.callbackQuery ? ctx.callbackQuery.message : undefined;
+    if (callbackMessage) {
+        try {
+            await ctx.editMessageText(text, options);
+            return;
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            const normalized = message.toLowerCase();
+            if (normalized.includes("message is not modified")) {
+                return;
+            }
+            if (normalized.includes("message to edit not found")
+                || normalized.includes("message can't be edited")
+                || normalized.includes("message is too old")) {
+                return;
+            }
+        }
+    }
+    await ctx.reply(text, options);
+}

package/dist/telegram-bot/codex-config-delivery.js

@@ -0,0 +1,38 @@
+import { InputFile } from "grammy";
+import { buildCodexConfigFiles, buildCodexSetupCurlCommand, } from "../codex-setup.js";
+export { buildCodexConfigFiles } from "../codex-setup.js";
+export async function sendCodexConfigFiles(ctx, telegramUserId, files) {
+    const chatId = Number(telegramUserId);
+    await ctx.api.sendDocument(chatId, new InputFile(Buffer.from(files.configToml, "utf8"), "config.toml"), { caption: "Codex config.toml" });
+    await ctx.api.sendDocument(chatId, new InputFile(Buffer.from(files.authJson, "utf8"), "auth.json"), { caption: "Codex auth.json" });
+}
+export async function sendCustomerCodexSetup(ctx, input) {
+    try {
+        await ctx.api.sendMessage(Number(input.telegramUserId), [
+            input.title,
+            ...input.details,
+            "",
+            "Run this on machine that should hold Codex config:",
+            buildCodexSetupCurlCommand({
+                publicResponsesBaseUrl: input.baseUrl,
+                apiKey: input.apiKey,
+            }),
+            "",
+            "It patches ~/.codex/config.toml and ~/.codex/auth.json in place.",
+            "If you want manual paste instead, files are attached below.",
+            "Paste both files into your Codex config folder:",
+            "Mac: ~/.codex/",
+            "Windows: %USERPROFILE%\\.codex\\",
+            "If that folder does not exist, create it first.",
+        ].join("\n"));
+        await sendCodexConfigFiles(ctx, input.telegramUserId, buildCodexConfigFiles({
+            baseUrl: input.baseUrl,
+            apiKey: input.apiKey,
+            model: input.model,
+        }));
+        return true;
+    }
+    catch {
+        return false;
+    }
+}

package/dist/telegram-bot/codex-config-delivery.test.js

@@ -0,0 +1,75 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import { buildCodexConfigFiles, sendCustomerCodexSetup } from "./codex-config-delivery.js";
+test("buildCodexConfigFiles creates plug-and-play Codex config files", () => {
+    const files = buildCodexConfigFiles({
+        baseUrl: "https://proxy.example.com/v1",
+        apiKey: "sk-customer-secret",
+        model: "gpt-5.5",
+    });
+    assert.match(files.configToml, /model = "gpt-5\.5"/);
+    assert.match(files.configToml, /model_provider = "resproxy"/);
+    assert.match(files.configToml, /base_url = "https:\/\/proxy\.example\.com\/v1"/);
+    assert.match(files.configToml, /api_key = "sk-customer-secret"/);
+    assert.match(files.configToml, /wire_api = "responses"/);
+    assert.deepEqual(JSON.parse(files.authJson), {
+        auth_mode: "apikey",
+        OPENAI_API_KEY: "sk-customer-secret",
+    });
+});
+test("sendCustomerCodexSetup includes Mac and Windows paste locations", async () => {
+    const sentMessages = [];
+    const sentDocuments = [];
+    const ctx = {
+        api: {
+            async sendMessage(_chatId, text) {
+                sentMessages.push(text);
+                return {};
+            },
+            async sendDocument(_chatId, document) {
+                sentDocuments.push({
+                    filename: document.filename,
+                    content: document.fileData ? Buffer.from(document.fileData).toString("utf8") : "",
+                });
+                return {};
+            },
+        },
+    };
+    const ok = await sendCustomerCodexSetup(ctx, {
+        telegramUserId: "42",
+        baseUrl: "https://proxy.example.com/v1",
+        apiKey: "sk-customer-secret",
+        title: "Your access is active",
+        details: ["• Plan ID: basic"],
+    });
+    assert.equal(ok, true);
+    assert.equal(sentMessages[0]?.includes("Mac: ~/.codex/"), true);
+    assert.equal(sentMessages[0]?.includes("Windows: %USERPROFILE%\\.codex\\"), true);
+    assert.deepEqual(sentDocuments.map((document) => document.filename), ["config.toml", "auth.json"]);
+    assert.match(sentDocuments[0]?.content ?? "", /base_url = "https:\/\/proxy\.example\.com\/v1"/);
+});
+test("sendCustomerCodexSetup includes curl patch command for customer machine", async () => {
+    const sentMessages = [];
+    const ctx = {
+        api: {
+            async sendMessage(_chatId, text) {
+                sentMessages.push(text);
+                return {};
+            },
+            async sendDocument() {
+                return {};
+            },
+        },
+    };
+    const ok = await sendCustomerCodexSetup(ctx, {
+        telegramUserId: "42",
+        baseUrl: "https://proxy.example.com/v1",
+        apiKey: "sk-customer-secret",
+        title: "Your access is active",
+        details: [],
+    });
+    assert.equal(ok, true);
+    assert.equal(sentMessages[0]?.includes("curl -fsSL"), true);
+    assert.equal(sentMessages[0]?.includes("https://proxy.example.com/api/customer/codex/setup.sh"), true);
+    assert.equal(sentMessages[0]?.includes("Authorization: Bearer sk-customer-secret"), true);
+});

package/dist/telegram-bot/commands/accounts.js

@@ -0,0 +1,140 @@
+import { InlineKeyboard } from "grammy";
+import { renderAdminScreen } from "../admin-actions.js";
+import { isAdmin } from "../auth.js";
+import { answerCallbackQuerySafely } from "../callbacks.js";
+import { formatOauthStatus } from "../format.js";
+import { getProxyErrorMessage } from "../actions.js";
+function buildAccountsKeyboard(payload, stateStore, admin) {
+    const keyboard = new InlineKeyboard();
+    for (const account of payload?.accounts ?? []) {
+        const accountActionToken = stateStore.issueCallbackToken({
+            kind: "account_action",
+            action: "refresh",
+            accountId: account.id,
+        });
+        const label = (account.email || account.accountId || account.id).slice(0, 18);
+        keyboard.text(`↻ ${label}`, `v1:acct:refresh:${accountActionToken}`);
+        if (account.disabled) {
+            keyboard.text("🟢 Enable", `v1:acct:enable:${accountActionToken}`);
+        }
+        else {
+            keyboard.text("🟡 Disable", `v1:acct:disable:${accountActionToken}`);
+        }
+        if (admin) {
+            keyboard.text("🔴 Delete", `v1:acct:delete-confirm:${accountActionToken}`);
+        }
+        keyboard.row();
+    }
+    return (payload?.accounts?.length ?? 0) > 0 ? keyboard : undefined;
+}
+export function registerAccountsCommand(bot, deps, stateStore) {
+    bot.command("accounts", async (ctx) => {
+        await renderAccountsScreen(ctx, deps, stateStore);
+    });
+    bot.callbackQuery("v1:acct:list", async (ctx) => {
+        await answerCallbackQuerySafely(ctx, { text: "Loaded" });
+        await renderAccountsScreen(ctx, deps, stateStore);
+    });
+    bot.callbackQuery(/^v1:acct:(refresh|disable|enable):([A-Za-z0-9_-]+)$/, async (ctx) => {
+        const action = ctx.match[1];
+        const token = ctx.match[2];
+        try {
+            const callbackState = stateStore.readCallbackToken(token);
+            const accountId = callbackState?.kind === "account_action" ? callbackState.accountId : undefined;
+            if (!accountId) {
+                await answerCallbackQuerySafely(ctx, { text: "Action expired. Refresh /accounts.", show_alert: true });
+                return;
+            }
+            if (action === "refresh") {
+                await deps.proxyClient.refreshAccount(accountId);
+            }
+            else if (action === "disable") {
+                await deps.proxyClient.disableAccount(accountId);
+            }
+            else if (action === "enable") {
+                await deps.proxyClient.enableAccount(accountId);
+            }
+            await answerCallbackQuerySafely(ctx, { text: `${action} ok` });
+            await renderAccountsScreen(ctx, deps, stateStore);
+        }
+        catch (error) {
+            await answerCallbackQuerySafely(ctx);
+            await renderAdminScreen(ctx, {
+                text: getProxyErrorMessage(error),
+                loop: "accounts",
+            });
+        }
+    });
+    bot.callbackQuery(/^v1:acct:delete-confirm:([A-Za-z0-9_-]+)$/, async (ctx) => {
+        if (!isAdmin(ctx, deps.config)) {
+            await answerCallbackQuerySafely(ctx, { text: "Admin only", show_alert: true });
+            return;
+        }
+        const token = ctx.match[1];
+        const callbackState = stateStore.readCallbackToken(token);
+        const accountId = callbackState?.kind === "account_action" ? callbackState.accountId : undefined;
+        if (!accountId) {
+            await answerCallbackQuerySafely(ctx, { text: "Action expired. Refresh /accounts.", show_alert: true });
+            return;
+        }
+        const deleteToken = stateStore.issueCallbackToken({
+            kind: "account_action",
+            action: "delete",
+            accountId,
+        });
+        await answerCallbackQuerySafely(ctx);
+        await renderAdminScreen(ctx, {
+            text: "Confirm account deletion?",
+            loop: "accounts",
+            primaryKeyboard: new InlineKeyboard()
+                .text("Delete account", `v1:acct:delete:${deleteToken}`)
+                .text("Cancel", "v1:acct:delete-cancel"),
+        });
+    });
+    bot.callbackQuery("v1:acct:delete-cancel", async (ctx) => {
+        await answerCallbackQuerySafely(ctx, { text: "Cancelled" });
+        await renderAccountsScreen(ctx, deps, stateStore);
+    });
+    bot.callbackQuery(/^v1:acct:delete:([A-Za-z0-9_-]+)$/, async (ctx) => {
+        if (!isAdmin(ctx, deps.config)) {
+            await answerCallbackQuerySafely(ctx, { text: "Admin only", show_alert: true });
+            return;
+        }
+        try {
+            const token = ctx.match[1];
+            const callbackState = stateStore.readCallbackToken(token);
+            const accountId = callbackState?.kind === "account_action" ? callbackState.accountId : undefined;
+            if (!accountId) {
+                await answerCallbackQuerySafely(ctx, { text: "Action expired. Refresh /accounts.", show_alert: true });
+                return;
+            }
+            stateStore.clearCallbackToken(token);
+            await deps.proxyClient.deleteAccount(accountId);
+            await answerCallbackQuerySafely(ctx, { text: "delete ok" });
+            await renderAccountsScreen(ctx, deps, stateStore);
+        }
+        catch (error) {
+            await answerCallbackQuerySafely(ctx);
+            await renderAdminScreen(ctx, {
+                text: getProxyErrorMessage(error),
+                loop: "accounts",
+            });
+        }
+    });
+}
+async function renderAccountsScreen(ctx, deps, stateStore) {
+    try {
+        const payload = await deps.proxyClient.getOauthStatus();
+        await renderAdminScreen(ctx, {
+            text: formatOauthStatus(payload),
+            loop: "accounts",
+            primaryKeyboard: buildAccountsKeyboard(payload, stateStore, isAdmin(ctx, deps.config)),
+        });
+    }
+    catch (error) {
+        await renderAdminScreen(ctx, {
+            text: getProxyErrorMessage(error),
+            loop: "accounts",
+        });
+    }
+}