responses-proxy 0.1.0

package/dist/chatgpt-oauth.test.js

@@ -0,0 +1,63 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import { buildChatGptAuthUrl, generateChatGptPkceCodes, normalizeChatGptTokenBundle, parseChatGptJwtClaims, } from "./chatgpt-oauth.js";
+function jwtPayload(payload) {
+    return `header.${Buffer.from(JSON.stringify(payload)).toString("base64url")}.signature`;
+}
+test("generates PKCE codes suitable for S256 OAuth", () => {
+    const pkce = generateChatGptPkceCodes();
+    assert.ok(pkce.codeVerifier.length >= 43);
+    assert.match(pkce.codeVerifier, /^[A-Za-z0-9_-]+$/);
+    assert.match(pkce.codeChallenge, /^[A-Za-z0-9_-]+$/);
+    assert.notEqual(pkce.codeVerifier, pkce.codeChallenge);
+});
+test("builds ChatGPT auth URL with CLIProxyAPI-compatible parameters", () => {
+    const url = new URL(buildChatGptAuthUrl({
+        CHATGPT_OAUTH_AUTH_URL: "https://auth.openai.com/oauth/authorize",
+        CHATGPT_OAUTH_CLIENT_ID: "client-id",
+        CHATGPT_OAUTH_REDIRECT_URI: "http://localhost:1455/auth/callback",
+    }, "state-value", {
+        codeVerifier: "verifier",
+        codeChallenge: "challenge",
+    }));
+    assert.equal(url.searchParams.get("client_id"), "client-id");
+    assert.equal(url.searchParams.get("response_type"), "code");
+    assert.equal(url.searchParams.get("redirect_uri"), "http://localhost:1455/auth/callback");
+    assert.equal(url.searchParams.get("scope"), "openid email profile offline_access");
+    assert.equal(url.searchParams.get("state"), "state-value");
+    assert.equal(url.searchParams.get("code_challenge"), "challenge");
+    assert.equal(url.searchParams.get("code_challenge_method"), "S256");
+    assert.equal(url.searchParams.get("prompt"), "login");
+    assert.equal(url.searchParams.get("id_token_add_organizations"), "true");
+    assert.equal(url.searchParams.get("codex_cli_simplified_flow"), "true");
+});
+test("parses account id and email from ChatGPT id token claims", () => {
+    const claims = parseChatGptJwtClaims(jwtPayload({
+        email: "user@example.com",
+        "https://api.openai.com/auth": {
+            account_id: "acct_123",
+        },
+    }));
+    assert.deepEqual(claims, {
+        email: "user@example.com",
+        accountId: "acct_123",
+    });
+});
+test("normalizes token response into persisted bundle", () => {
+    const now = new Date("2026-04-27T00:00:00.000Z");
+    const bundle = normalizeChatGptTokenBundle({
+        id_token: jwtPayload({
+            email: "user@example.com",
+            account_id: "acct_123",
+        }),
+        access_token: "access-token",
+        refresh_token: "refresh-token",
+        expires_in: 60,
+    }, now);
+    assert.equal(bundle.email, "user@example.com");
+    assert.equal(bundle.accountId, "acct_123");
+    assert.equal(bundle.accessToken, "access-token");
+    assert.equal(bundle.refreshToken, "refresh-token");
+    assert.equal(bundle.expiresAt, "2026-04-27T00:01:00.000Z");
+    assert.equal(bundle.lastRefreshAt, "2026-04-27T00:00:00.000Z");
+});

package/dist/chatgpt-provider-auth.js

@@ -0,0 +1,60 @@
+import { refreshChatGptTokens } from "./chatgpt-oauth.js";
+const refreshLocks = new Map();
+const accountCursors = new Map();
+export class AccountPoolAuthError extends Error {
+    statusCode = 409;
+    body;
+    constructor(code, message) {
+        super(message);
+        this.body = {
+            type: "authentication_error",
+            code,
+            message,
+        };
+    }
+}
+export async function resolveChatGptAccessToken(args) {
+    const account = args.provider.chatgptAccountId?.trim()
+        ? args.store.getAccount(args.provider.chatgptAccountId.trim())
+        : selectNextChatGptAccount(args.provider.id, args.store, args.rotationMode ?? "round_robin");
+    if (!account || account.disabled) {
+        throw new AccountPoolAuthError("ACCOUNT_POOL_UNAVAILABLE", "No connected accounts are available for this provider.");
+    }
+    const now = args.now ?? new Date();
+    const refreshLeadMs = args.config.CHATGPT_OAUTH_REFRESH_LEAD_DAYS * 24 * 60 * 60 * 1000;
+    if (Date.parse(account.expiresAt) - now.getTime() > refreshLeadMs) {
+        return account.accessToken;
+    }
+    const existingLock = refreshLocks.get(account.id);
+    if (existingLock) {
+        return existingLock;
+    }
+    const refreshPromise = refreshChatGptTokens(args.config, account.refreshToken, fetch, now)
+        .then((bundle) => args.store.updateTokens(account.id, bundle, now).accessToken)
+        .finally(() => {
+        refreshLocks.delete(account.id);
+    });
+    refreshLocks.set(account.id, refreshPromise);
+    return refreshPromise;
+}
+function selectNextChatGptAccount(providerId, store, rotationMode) {
+    const accounts = store.listAvailableAccounts();
+    if (!accounts.length) {
+        return undefined;
+    }
+    if (rotationMode === "first_available") {
+        return accounts[0];
+    }
+    if (rotationMode === "random") {
+        return accounts[Math.floor(Math.random() * accounts.length)];
+    }
+    const cursor = accountCursors.get(providerId) ?? 0;
+    const account = accounts[cursor % accounts.length];
+    accountCursors.set(providerId, (cursor + 1) % accounts.length);
+    return account;
+}
+export function buildChatGptCodexHeaders() {
+    return {
+        Originator: "codex-tui",
+    };
+}

package/dist/chatgpt-provider-auth.test.js

@@ -0,0 +1,101 @@
+import assert from "node:assert/strict";
+import { mkdtempSync, rmSync } from "node:fs";
+import { tmpdir } from "node:os";
+import path from "node:path";
+import test from "node:test";
+import { resolveChatGptAccessToken } from "./chatgpt-provider-auth.js";
+import { ChatGptOAuthStore } from "./chatgpt-oauth-store.js";
+const config = {
+    CHATGPT_OAUTH_REFRESH_LEAD_DAYS: 1,
+    CHATGPT_OAUTH_TOKEN_URL: "https://auth.openai.com/oauth/token",
+    CHATGPT_OAUTH_CLIENT_ID: "client",
+};
+const provider = {
+    id: "chatgpt-oauth",
+    name: "ChatGPT OAuth",
+    baseUrl: "https://chatgpt.com/backend-api/codex",
+    responsesUrl: "https://chatgpt.com/backend-api/codex/responses",
+    authMode: "chatgpt_oauth",
+    providerApiKeys: [],
+    clientApiKeys: [],
+    capabilities: {
+        usageCheckEnabled: false,
+        stripMaxOutputTokens: false,
+        requestParameterPolicy: {},
+        sanitizeReasoningSummary: false,
+        stripModelPrefixes: [],
+    },
+};
+test("ChatGPT OAuth shared provider rotates through available accounts", async () => {
+    const dir = mkdtempSync(path.join(tmpdir(), "responses-proxy-oauth-pool-"));
+    try {
+        const store = ChatGptOAuthStore.create(path.join(dir, "app.db"));
+        const now = new Date("2026-04-27T00:00:00.000Z");
+        store.upsertAccount({
+            idToken: "id-token-a",
+            accessToken: "access-token-a",
+            refreshToken: "refresh-token-a",
+            accountId: "acct_a",
+            email: "a@example.com",
+            expiresAt: "2026-05-27T00:00:00.000Z",
+            lastRefreshAt: now.toISOString(),
+        }, now);
+        store.upsertAccount({
+            idToken: "id-token-b",
+            accessToken: "access-token-b",
+            refreshToken: "refresh-token-b",
+            accountId: "acct_b",
+            email: "b@example.com",
+            expiresAt: "2026-05-27T00:00:00.000Z",
+            lastRefreshAt: now.toISOString(),
+        }, now);
+        assert.equal(await resolveChatGptAccessToken({ provider, store, config, now }), "access-token-a");
+        assert.equal(await resolveChatGptAccessToken({ provider, store, config, now }), "access-token-b");
+        assert.equal(await resolveChatGptAccessToken({ provider, store, config, now }), "access-token-a");
+    }
+    finally {
+        rmSync(dir, { recursive: true, force: true });
+    }
+});
+test("ChatGPT OAuth shared provider can use first available rotation", async () => {
+    const dir = mkdtempSync(path.join(tmpdir(), "responses-proxy-oauth-pool-"));
+    try {
+        const store = ChatGptOAuthStore.create(path.join(dir, "app.db"));
+        const now = new Date("2026-04-27T00:00:00.000Z");
+        store.upsertAccount({
+            idToken: "id-token-a",
+            accessToken: "first-token",
+            refreshToken: "refresh-token-a",
+            accountId: "acct_a",
+            email: "a@example.com",
+            expiresAt: "2026-05-27T00:00:00.000Z",
+            lastRefreshAt: now.toISOString(),
+        }, now);
+        store.upsertAccount({
+            idToken: "id-token-b",
+            accessToken: "second-token",
+            refreshToken: "refresh-token-b",
+            accountId: "acct_b",
+            email: "b@example.com",
+            expiresAt: "2026-05-27T00:00:00.000Z",
+            lastRefreshAt: now.toISOString(),
+        }, now);
+        assert.equal(await resolveChatGptAccessToken({
+            provider,
+            store,
+            config,
+            rotationMode: "first_available",
+            now,
+        }), "first-token");
+        assert.equal(await resolveChatGptAccessToken({
+            provider,
+            store,
+            config,
+            rotationMode: "first_available",
+            now,
+        }), "first-token");
+    }
+    finally {
+        rmSync(dir, { recursive: true, force: true });
+    }
+});

package/dist/client/app-icon.svg

@@ -0,0 +1,17 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 256 256" fill="none">
+  <defs>
+    <linearGradient id="iconBg" x1="38" y1="22" x2="212" y2="234" gradientUnits="userSpaceOnUse">
+      <stop stop-color="#60A5FA"/>
+      <stop offset="1" stop-color="#06B6D4"/>
+    </linearGradient>
+    <linearGradient id="iconLine" x1="58" y1="70" x2="202" y2="182" gradientUnits="userSpaceOnUse">
+      <stop stop-color="#F8FBFF"/>
+      <stop offset="1" stop-color="#A5F3FC"/>
+    </linearGradient>
+  </defs>
+  <rect width="256" height="256" rx="64" fill="#07111F"/>
+  <rect x="18" y="18" width="220" height="220" rx="52" fill="url(#iconBg)" fill-opacity=".16" stroke="url(#iconBg)" stroke-width="8"/>
+  <path d="M56 148h38l24-52 34 86 26-44h22" stroke="url(#iconLine)" stroke-width="18" stroke-linecap="round" stroke-linejoin="round"/>
+  <circle cx="56" cy="148" r="12" fill="#E0F2FE"/>
+  <circle cx="200" cy="138" r="12" fill="#67E8F9"/>
+</svg>