sanook-cli 0.5.0 → 0.5.2

package/.env.example

@@ -8,12 +8,9 @@ GOOGLE_GENERATIVE_AI_API_KEY=AIzaxxx      # aistudio.google.com/apikey (restrict
 
 # ── Cloud BYOK ──
 OPENAI_API_KEY=sk-xxx                     # platform.openai.com (รวม Codex: model gpt-5-codex)
-DEEPSEEK_API_KEY=sk-xxx                   # platform.deepseek.com
 XAI_API_KEY=xai-xxx                       # console.x.ai
 MISTRAL_API_KEY=xxx                       # console.mistral.ai
 GROQ_API_KEY=gsk_xxx                      # console.groq.com
-MINIMAX_API_KEY=xxx                        # platform.minimax.io  (MINIMAX_BASE_URL สลับ region)
-ZHIPU_API_KEY=xxx                         # z.ai / open.bigmodel.cn (GLM — GLM_BASE_URL สลับ region)
 
 # ── Local (ไม่ต้อง key — ตั้ง baseURL ถ้าไม่ใช่ default) ──
 # OLLAMA_BASE_URL=http://localhost:11434/v1
@@ -40,3 +37,164 @@ SANOOK_MODEL=sonnet
 # SANOOK_DISABLE_PERSISTENCE=1        # ไม่บันทึก sessions/memory
 # SANOOK_DISABLE_WORKLOG=1            # ไม่เขียน worklog เข้า second-brain
 # SANOOK_TRUST_PROJECT=1              # trust project .sanook mcp/hooks/skills/commands ชั่วคราว
+
+# ── Messaging gateway (optional; ใช้กับ sanook gateway / sanook send) ──
+# Telegram
+# TELEGRAM_BOT_TOKEN=123:abc
+# TELEGRAM_ALLOWED_CHATS=5222385839
+
+# Discord
+# DISCORD_BOT_TOKEN=xxx
+# DISCORD_DEFAULT_CHANNEL=123456789012345678
+# DISCORD_ALLOWED_CHANNELS=123456789012345678
+
+# Slack
+# SLACK_BOT_TOKEN=xoxb-xxx
+# SLACK_APP_TOKEN=xapp-xxx              # ต้องมีถ้าจะรับข้อความผ่าน Socket Mode
+# SLACK_DEFAULT_CHANNEL=C01ABCDEF
+# SLACK_ALLOWED_CHANNELS=C01ABCDEF
+
+# Email
+# EMAIL_ADDRESS=bot@example.com
+# EMAIL_PASSWORD=app-password
+# EMAIL_IMAP_HOST=imap.example.com
+# EMAIL_SMTP_HOST=smtp.example.com
+# EMAIL_HOME_ADDRESS=you@example.com
+
+# LINE Messaging API (webhook inbound + Push/send + cron delivery)
+# LINE_CHANNEL_ACCESS_TOKEN=xxx
+# LINE_CHANNEL_SECRET=xxx              # ใช้ verify x-line-signature ของ webhook
+# LINE_HOME_CHANNEL=U1234567890abcdef  # U=user, C=group, R=room
+# LINE_ALLOWED_USERS=U1234567890abcdef
+# LINE_ALLOWED_GROUPS=C1234567890abcdef
+# LINE_ALLOWED_ROOMS=R1234567890abcdef
+# LINE_PUBLIC_URL=https://your-tunnel.example.com
+
+# SMS / Twilio (webhook inbound + REST send + cron delivery)
+# TWILIO_ACCOUNT_SID=ACxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
+# TWILIO_AUTH_TOKEN=xxx                # ใช้ส่ง SMS และ verify x-twilio-signature
+# TWILIO_PHONE_NUMBER=+15550000000
+# SMS_HOME_CHANNEL=+15551234567
+# SMS_ALLOWED_USERS=+15551234567,+15557654321
+# SMS_WEBHOOK_URL=https://your-tunnel.example.com/sms/webhook
+# SMS_INSECURE_NO_SIGNATURE=false      # local dev only; production ควร false/ไม่ตั้ง
+
+# ntfy (HTTP push + JSON stream subscribe)
+# NTFY_TOPIC=sanook-yourname-2026
+# NTFY_SERVER_URL=https://ntfy.sh
+# NTFY_TOKEN=tk_xxx                    # optional; หรือ user:pass สำหรับ Basic auth
+# NTFY_PUBLISH_TOPIC=sanook-yourname-2026
+# NTFY_ALLOWED_USERS=sanook-yourname-2026
+# NTFY_HOME_CHANNEL=sanook-yourname-2026
+# NTFY_HOME_CHANNEL_NAME=Owner phone
+# NTFY_MARKDOWN=true
+
+# Mattermost REST API v4 + WebSocket inbound
+# MATTERMOST_URL=https://mm.example.com
+# MATTERMOST_TOKEN=xxx                         # token ของ bot/dedicated account
+# MATTERMOST_HOME_CHANNEL=chan_home_id
+# MATTERMOST_HOME_CHANNEL_NAME=Owner Mattermost
+# MATTERMOST_ALLOWED_USERS=user_id_1,user_id_2 # fail-closed; ใช้ Mattermost user IDs
+# MATTERMOST_ALLOWED_CHANNELS=chan_home_id,chan_ops_id
+# MATTERMOST_FREE_RESPONSE_CHANNELS=chan_dm_like_id
+# MATTERMOST_REQUIRE_MENTION=true              # public/private channels ต้อง @mention; DM ตอบทุกข้อความ
+# MATTERMOST_GROUP_SESSIONS_PER_USER=true
+# MATTERMOST_REPLY_MODE=thread                 # off|thread
+# MATTERMOST_ALLOW_ALL_USERS=false             # production ควร false/ไม่ตั้ง
+
+# Home Assistant (state_changed WebSocket inbound + persistent_notification send)
+# HASS_URL=http://homeassistant.local:8123
+# HASS_TOKEN=xxx                               # Long-Lived Access Token
+# HASS_HOME_CHANNEL=sanook_agent              # persistent_notification notification_id
+# HASS_HOME_CHANNEL_NAME=Owner Home Assistant
+# HASS_WATCH_DOMAINS=light,binary_sensor,climate
+# HASS_WATCH_ENTITIES=sensor.temp,alarm_control_panel.home
+# HASS_IGNORE_ENTITIES=sensor.noisy
+# HASS_WATCH_ALL=false                         # production ควร false/ไม่ตั้ง
+# HASS_COOLDOWN_SECONDS=30
+
+# Signal via signal-cli daemon --http (JSON-RPC send + SSE inbound)
+# SIGNAL_HTTP_URL=http://127.0.0.1:8080
+# SIGNAL_ACCOUNT=+15550000000
+# SIGNAL_HOME_CHANNEL=+15551234567
+# SIGNAL_HOME_CHANNEL_NAME=Owner Signal
+# SIGNAL_ALLOWED_USERS=+15551234567,+15557654321
+# SIGNAL_GROUP_ALLOWED_USERS=groupIdBase64       # หรือ * เพื่อเปิดทุกกลุ่มโดยตั้งใจ
+# SIGNAL_REQUIRE_MENTION=false                   # true = group ต้อง mention เบอร์ account
+
+# WhatsApp Cloud API (Meta webhook inbound + Graph Messages API send)
+# WHATSAPP_CLOUD_PHONE_NUMBER_ID=123456789012345
+# WHATSAPP_CLOUD_ACCESS_TOKEN=EAA...
+# WHATSAPP_CLOUD_APP_SECRET=xxx                  # ใช้ verify x-hub-signature-256 ของ webhook
+# WHATSAPP_CLOUD_VERIFY_TOKEN=choose-a-long-random-token
+# WHATSAPP_CLOUD_HOME_CHANNEL=15551234567        # wa_id digits, ไม่ต้องมี +
+# WHATSAPP_CLOUD_HOME_CHANNEL_NAME=Owner WhatsApp
+# WHATSAPP_CLOUD_ALLOWED_USERS=15551234567,15557654321
+# WHATSAPP_CLOUD_PUBLIC_URL=https://your-tunnel.example.com
+# WHATSAPP_CLOUD_API_VERSION=v20.0
+# WHATSAPP_CLOUD_ALLOW_ALL_USERS=false           # production ควร false/ไม่ตั้ง
+
+# Matrix Client-Server API (sync inbound + room send)
+# MATRIX_HOMESERVER=https://matrix.example.org
+# MATRIX_ACCESS_TOKEN=syt_xxx                    # แนะนำ: token ของ bot account
+# MATRIX_USER_ID=@sanook:matrix.example.org      # optional ถ้าใช้ access token; required ถ้าใช้ password login
+# MATRIX_PASSWORD=xxx                            # fallback แทน access token
+# MATRIX_HOME_ROOM=!abc123:matrix.example.org
+# MATRIX_HOME_ROOM_NAME=Owner Matrix
+# MATRIX_ALLOWED_USERS=@alice:matrix.org,@bob:matrix.org
+# MATRIX_ALLOWED_ROOMS=!abc123:matrix.example.org,!ops:matrix.example.org
+# MATRIX_FREE_RESPONSE_ROOMS=!free:matrix.example.org
+# MATRIX_REQUIRE_MENTION=true                    # shared rooms ต้อง mention bot; DM ตอบทุกข้อความ
+# MATRIX_GROUP_SESSIONS_PER_USER=true
+# MATRIX_AUTO_JOIN=true
+# MATRIX_POLL_TIMEOUT_MS=30000
+
+# Google Chat (Chat REST API outbound; Pub/Sub config saved for future inbound)
+# GOOGLE_CHAT_PROJECT_ID=my-chat-bot-123
+# GOOGLE_CHAT_SUBSCRIPTION_NAME=projects/my-chat-bot-123/subscriptions/sanook-chat-events-sub
+# GOOGLE_CHAT_SERVICE_ACCOUNT_JSON=/home/you/.sanook/google-chat-sa.json
+# GOOGLE_CHAT_API_BASE_URL=https://chat.googleapis.com
+# GOOGLE_CHAT_HOME_CHANNEL=spaces/AAAA                 # use googlechat:spaces/AAAA/threads/thread-id for thread replies
+# GOOGLE_CHAT_HOME_CHANNEL_NAME=Owner Google Chat
+# GOOGLE_CHAT_ALLOWED_USERS=you@yourdomain.com,coworker@yourdomain.com
+# GOOGLE_CHAT_ALLOWED_SPACES=spaces/AAAA,spaces/BBBB   # explicit proactive send targets; home channel is allowed by default
+# GOOGLE_CHAT_FREE_RESPONSE_SPACES=spaces/FREE
+# GOOGLE_CHAT_MAX_MESSAGES=1
+# GOOGLE_CHAT_MAX_BYTES=16777216
+# GOOGLE_CHAT_ALLOW_ALL_USERS=false
+# GOOGLE_CHAT_ALLOW_ALL_SPACES=false
+# GOOGLE_CHAT_INCOMING_WEBHOOK_URL=https://chat.googleapis.com/v1/spaces/AAAA/messages?key=xxx&token=xxx
+
+# BlueBubbles / iMessage (REST outbound now; webhook config saved for inbound parity)
+# BLUEBUBBLES_SERVER_URL=http://localhost:1234
+# BLUEBUBBLES_PASSWORD=xxx
+# BLUEBUBBLES_WEBHOOK_HOST=127.0.0.1
+# BLUEBUBBLES_WEBHOOK_PORT=8645
+# BLUEBUBBLES_WEBHOOK_PATH=/bluebubbles-webhook
+# BLUEBUBBLES_HOME_CHANNEL=user@example.com      # chat GUID, email, or +E.164 phone; raw GUID like iMessage;-;user@example.com also works
+# BLUEBUBBLES_HOME_CHANNEL_NAME=Owner iMessage
+# BLUEBUBBLES_ALLOWED_USERS=user@example.com,+15551234567
+# BLUEBUBBLES_ALLOW_ALL_USERS=false             # production ควร false/ไม่ตั้ง
+# BLUEBUBBLES_REQUIRE_MENTION=false             # group chat inbound gate for future gateway run parity
+# BLUEBUBBLES_MENTION_PATTERNS=["(?<![\\w@])@?sanook\\b[,:\\-]?"]
+
+# Microsoft Teams (Incoming Webhook delivery now; Graph delivery for chat/channel targets)
+# TEAMS_DELIVERY_MODE=incoming_webhook          # incoming_webhook|graph
+# TEAMS_INCOMING_WEBHOOK_URL=https://...
+# TEAMS_GRAPH_ACCESS_TOKEN=xxx                  # Graph mode: delegated/application token with ChatMessage.Send/ChannelMessage.Send
+# TEAMS_CHAT_ID=19:...
+# TEAMS_TEAM_ID=team-id
+# TEAMS_CHANNEL_ID=channel-id
+# TEAMS_HOME_CHANNEL=19:...                     # หรือ team/<team-id>/channel/<channel-id>
+# TEAMS_HOME_CHANNEL_NAME=Owner Teams
+# TEAMS_CLIENT_ID=app-client-id                 # สำหรับ future Bot Framework inbound parity
+# TEAMS_CLIENT_SECRET=xxx
+# TEAMS_TENANT_ID=tenant-id
+# TEAMS_ALLOWED_USERS=alice@example.com,bob@example.com
+# TEAMS_PORT=3978
+
+# Generic Webhooks (GitHub/GitLab/Jira/Stripe/etc. inbound events)
+# WEBHOOK_ENABLED=true
+# WEBHOOK_SECRET=xxx                   # global fallback HMAC secret
+# WEBHOOK_PUBLIC_URL=https://your-tunnel.example.com
+# WEBHOOK_RATE_LIMIT_PER_MINUTE=30

package/CHANGELOG.md

@@ -1,6 +1,85 @@
 # Changelog
 
-## Unreleased
+## 0.5.2
+
+### Token reduction — selective context compression for stale tool output
+
+- **`contextCompression: "selective" | "headroom" | "off"`** (env `SANOOK_CONTEXT_COMPRESSION`) — default `"selective"` is a zero-LLM, per-step compressor inspired by Selective Context, LongLLMLingua-style query awareness, and Headroom-style context pruning. It keeps the latest tool results full, but compresses older huge tool outputs with recency-aware budgets and preserves anchors plus high-information lines (current-query matches, errors, paths, diffs, code structure, rare terms) before the next model request. `"headroom"` optionally wraps the Vercel AI SDK model with the `headroom-ai` GitHub/npm framework when a Headroom proxy/cloud setup is available; `"off"` disables compression.
+
+### MCP registry UX — discover, install, and diagnose servers
+
+- **`sanook mcp search/info/install`** — browse the official MCP registry, inspect transports/packages/secret requirements, and write a ready-to-use stdio or Streamable-HTTP config into `~/.sanook/mcp.json` (or trusted project config with `--project`).
+- **`sanook mcp test` / `sanook mcp doctor` / `sanook mcp list --tools`** — probe configured MCP servers, show advertised tools, and fail clearly when a server is missing credentials, unreachable, or misconfigured.
+- **`sanook mcp preset`** — curated starter bundles (`dev`, `research`, `pm`, `ops`) for common Sanook workflows.
+
+### Second-brain CLI tooling — doctor, context, eval
+
+- **`sanook brain context [--task "..."]`** — shows the exact `<brain_vault>` context Sanook injects from `Shared/AI-Context-Index.md`, `current-state.md`, and Memory-Inbox, with source char counts and stale/missing index warnings. With `--task`, it also runs focused retrieval over vault/session/skill hits.
+- **`sanook brain eval`** — turns `Evals/second-brain-benchmarks.md` into a lightweight runner: static vault sanity checks, context-size/missing-source checks, index freshness, and retrieval probes for key rules/ledgers.
+- **`sanook brain review`** — curator-style vault review for Memory-Inbox duplicates/possible contradictions, stale or incomplete context packs, session notes missing from the search manifest, eval freshness after framework changes, and markdown routing hygiene.
+- **`sanook brain final [--task "..."] [--from-diff] [--lite]`** — creates an evidence-backed final gate note in `Sessions/`, optionally prefilled from the current git diff, and links it from `Sessions/_Index.md`. `brain review` now validates final gates for missing evidence/TODO placeholders, while `brain eval` keeps the full and lite templates covered.
+- **Context assembly is inspectable without drift**: `buildBrainContext()` now exposes typed source parts and renders from the same parts used by the agent prompt.
+- **Fresh scaffold discoverability**: generated `Shared/Context-Packs/_Index.md` now links the bundled context packs, so review/search can find them immediately.
+
+### Whole-codebase audit — confirmed bugs fixed across the CLI
+
+A multi-agent review swept every subsystem (agent loop, tools, providers, gateway, MCP, search, orchestration) and adversarially verified each finding. The ones fixed here:
+
+**High**
+- **`edit_file` silently stripped indentation.** The whitespace-flexible match tier matched an indented block by trimmed lines but spliced the (un-indented) replacement verbatim — de-indenting code and breaking Python/YAML, invisibly. It now re-applies the file's indentation to the replacement.
+- **Codex delegate could never edit files + ran in the wrong directory.** `sanook -m codex` ran with `--sandbox read-only` unconditionally (a "coding agent" that silently couldn't write) and ignored worktree `cwd`. It now uses `workspace-write` in auto mode (read-only under plan/ask), threads `cwd`, and passes prior conversation so REPL turns aren't contextless.
+- **Worktree rollback could lose a renamed file.** The pre-apply snapshot only captured destination paths, so a failed 3-way apply of a rename didn't restore the deleted source. Snapshots now cover both sides of renames/copies (and parse git-quoted paths).
+
+**Medium** — git tools now run in the sub-agent's worktree (`git_commit --addAll` no longer commits the main repo); LSP child process no longer leaks on init failure/timeout (+ init timeout, + Windows `.cmd` shell, + Windows-critical env); Codex no longer crashes the CLI on an EPIPE; the model-fallback path no longer duplicates streamed output; MCP server stderr is drained (was hanging when the pipe filled); an untrusted project can no longer disable the budget cap or spoof pricing; the Telegram bot skips its backlog on startup (no replaying old commands); hooks get Windows-critical env.
+
+**Low** — `replace_all` reports the real replacement count; the multi-match hint no longer suggests `replace_all` for flex matches (dead-end); a malformed trusted-project `hooks.json` no longer crashes the run; frontmatter-only notes with no trailing newline no longer leak the frontmatter into the indexed body; the gateway returns 400/413 (not 500) for bad/oversized request bodies.
+
+**Follow-up medium fixes** — `sanook index` now builds and saves the semantic vector sidecar, so `--mode semantic|hybrid` no longer silently degrades to BM25 after a reindex; subagent fan-out has a global process-wide concurrency cap; `budgetUsd` is shared across the whole agent tree instead of resetting per subagent; isolated write subagents no longer inherit the interactive approval loop inside their temp worktree after the parent approved `task_parallel`; `/v1/chat/completions` now supports OpenAI-style `stream:true` SSE chunks.
+
+**Follow-up low fixes** — protected path checks resolve symlink ancestors before allowing writes; search chunk ids use a stronger SHA-256-derived path hash; oversized MCP tool text is capped before entering model context; malformed search manifests are sanitized on load without discarding a valid index; a setup-wizard timing test now waits for the rendered validation frame instead of flaking under full-suite load.
+
+### Fix: couldn't type in the REPL after first-run setup
+
+The setup wizard and the REPL were two separate Ink renders (`render(SetupWizard)` → `unmount` → `render(App)`). After the first Ink instance unmounted, stdin raw-mode/keypress handling didn't reattach to the second, so the chat input was dead — you couldn't type anything. Now the wizard, the brain wizard, and the REPL live under **one Ink render** (a `Root` component swaps screens), so stdin stays continuous and input works the moment the REPL appears. (Regression-tested with ink-testing-library: typed characters reach the input box; phase routing verified.)
+
+### Setup/first-run audit — 8 bugs found by adversarial review, all fixed
+
+A multi-agent review of the first-run + setup + REPL flow surfaced (and independently verified) eight real, user-facing bugs — now fixed and regression-tested:
+
+- **Empty API key silently completed setup.** `@inkjs/ui` PasswordInput fires `onSubmit` on Enter even when empty, so pressing Enter on a blank key advanced the wizard, finished, and saved *no key* — the first message then failed with "no API key" and no way back. The key step now rejects an empty submit (stays put, shows an inline error).
+- **Wizard accepted OAuth/malformed keys it explicitly warned against.** The key step now runs the same `assertDirectApiKey` policy the runtime uses — paste a `sk-ant-oat…` subscription token and it's rejected *at the input* with a clear message, instead of being saved and blowing up later.
+- **No way back from the key/model steps.** Picking the wrong provider dead-ended you into typing a key for the wrong service (Ctrl+C was the only escape). **Esc now returns to provider selection** from any step.
+- **First-run env-detect trusted banned tokens.** An exported OAuth token (`ANTHROPIC_API_KEY=sk-ant-oat…`) made sanook print "✅ ready" and skip the wizard, then error on every message. `detectEnvProvider` now validates the key against policy (new `hasUsableEnvKey`) and falls through to the wizard when it's unusable.
+- **First-run ignored an explicit `-m` flag.** `sanook -m groq` on a machine with only `OPENAI_API_KEY` printed "OpenAI ready" and ran a keyless Groq session. First-run now keys off the `-m` provider when given.
+- **Codex auth step could wedge.** `detectCodex` had no timeout, so a hung `codex` binary left the step with no way forward. Added a 5s timeout (+ Esc always backs out).
+- **Brain wizard name fields were pre-filled with the literal default** (`Owner` / `ผู้ช่วย`), so typing a custom name produced `OwnerPick`. Switched to a placeholder so the field starts empty (Enter still accepts the default).
+- **Banner showed a stale model after `/model`.** It now tracks the live model.
+
+### Fix: duplicate / empty model choices in the setup wizard
+
+`mergeModelOptions` only deduped *remote* model ids against the curated list — never the curated list against itself. So aliases pointing at the same id rendered as **two identical-looking choices** (e.g. `haiku — claude-haiku-4-5` and `fast — claude-haiku-4-5`; OpenAI's `smart`/`gpt` both → `gpt-5.5`), which also collided on React keys (`Encountered two children with the same key` → options could duplicate or vanish). It now groups by model id and merges the alias names into one option (`haiku / fast — claude-haiku-4-5`). Separately, the old code dropped the `default` alias entirely, which **emptied the model list for LM Studio** (`{ default: 'local-model' }`) and hid Ollama's default model — those models are now selectable again. Locked in with tests (every provider yields unique option values; LM Studio/Ollama are non-empty).
+
+### CLI audit follow-ups
+
+- **`--continue-any` actually works as a resume flag now.** The headless arg parser forgot to consume it, so `sanook --continue-any` became a literal prompt instead of opening the REPL with the latest cross-project session. The parser is now split into a tested module and consumes all resume/headless aliases.
+- **Search flags are validated.** `sanook search q --mode nope` used to silently fall back to FTS, and `--limit -5` could produce odd slice behavior. Search args now reject invalid modes, sources, missing queries, and non-positive limits with a clear usage line.
+- **`sanook serve --port` missing values now report a human-readable error.** Empty or missing port values now surface `ต้องระบุค่า` instead of leaking `"undefined"` into the validation message.
+- **`SANOOK_DISABLE_PERSISTENCE=1` now includes second-brain worklogs.** Sessions, auto-memory, prompt history, and worklogs all honor the global persistence kill switch; `SANOOK_DISABLE_WORKLOG=1` remains available for worklog-only opt-out.
+- **First-run Codex readiness is real.** `sanook -m codex` no longer skips setup just because Codex does not use an API key; it only skips when the official `codex` CLI is installed and logged in.
+- **Existing broken model config now reopens setup instead of entering a dead REPL.** If `~/.sanook/config.json` points at OpenAI without a usable key (or Codex without a logged-in CLI), interactive `sanook` brings back the setup wizard so the recovery hint is actually actionable.
+- **Provider menu env-key labels now use the same key policy as runtime.** Malformed/OAuth env keys show as unusable instead of a misleading ready checkmark.
+- **`/model gpt` no longer leaves the REPL in a raw alias state.** Slash-command model changes now store canonical `provider:model-id` specs (for example `openai:gpt-5.5`), and missing OpenAI-key messages point ChatGPT-plan users to `/model codex` + `codex login`.
+- **The REPL banner no longer redraws after every command on terminals that keep Ink frames in scrollback.** The welcome banner renders only before history exists; the live model stays visible in the footer.
+- **`config set embeddingModel ...` is now supported.** The README documented this semantic-search setting, but the config allowlist/schema did not accept it.
+- **Help/docs cleanup.** The CLI help no longer points at the deprecated OpenAI Codex model id, and the README test badge was refreshed.
+
+### Setup wizard — better provider selection + working OpenAI Codex login
+
+- **Provider menu**: each option now shows a one-line hint — `✓ key ใน env ใช้ได้`, `key ใน env ใช้ไม่ได้`, `local · ไม่ต้อง key`, `login ChatGPT · ไม่ใช้ API key`, or `ต้องมี API key` — and the list is ordered (popular cloud → others → local → Codex). The API-key step shows the expected key format.
+- **OpenAI Codex (ChatGPT plan)**: picking Codex used to skip straight past auth. It now runs a dedicated step that detects whether the `codex` CLI is installed and logged in (reads `~/.codex/auth.json` — robust inside sandboxes where `codex login status` can panic), and guides you: `npm i -g @openai/codex` → `codex login` → re-check, then continues automatically once you're signed in. No API key required.
+- **Codex runs**: `codex exec` now runs through the current non-interactive JSON CLI surface, uses the requested sandbox (`read-only` by default, `workspace-write` in auto mode), and removes `OPENAI_API_KEY` from the child env so it can't fight the ChatGPT-plan login (codex #2733/#3286). Verified against the installed Codex CLI surface.
+
+## 0.5.0
 
 ### Install UX — `sanook doctor` + post-install guidance (the "`sanook` is not recognized" fix)
 
@@ -144,20 +223,19 @@ A Node-native search subsystem (`src/search/`) over the second-brain vault **plu
 
 - Tests: remote-MCP, sandbox, repo map, prompt-caching/system-preservation, rate-limit classification, tool timeout, checkpoint restore, cost merge, custom commands (≈200 total).
 
-## 0.4.0 — second brain, GLM Coding Plan, Telegram, hardening
+## 0.4.0 — second brain, Telegram, hardening
 
 - **Second brain**: `sanook brain init` scaffolds a portable Obsidian "second-brain" workspace — full folder taxonomy (each with `_Index.md`), a central `Vault Structure Map.md`, seed memory files, and a portable AI operating constitution (`CLAUDE/GEMINI/AGENTS.md`). Research-backed rules: context-assembly (anti context-rot), intake quarantine + injection-scan, bi-temporal fact validity, provenance tracking, a verification-gated `Skills/` library, sleep-time consolidation. The agent now **loads the vault** into context, and `brain init` **auto-wires a filesystem MCP** to it. First-run wizard offers to create one (personalized).
-- **GLM Coding Plan**: GLM routes through the Anthropic-compatible endpoint (`/api/anthropic`), so Coding Plan keys work; curated ids `glm-4.6 / glm-5.1 / glm-4.5-air`.
 - **Telegram channel**: drive the agent from your phone (long-polling, fail-closed allowlist, private-only). Remote surface defaults to ask-mode (mutations denied) unless `TELEGRAM_ALLOW_WRITE=1`.
 - **Auto-compaction**: token-aware sliding window keeps long sessions under the limit.
 - **Interactive approval** (`ask` mode) + capability-based gating — any non-read-only tool (incl. MCP) is confirmed before running.
 - **REPL resume** (`sanook -c`), **stdin piping** (`git diff | sanook "review"`), gateway multi-turn history, and `sanook config` / `sanook mcp` management commands.
-- **Provider audit**: corrected stale model ids (OpenAI `gpt-5.3-codex`, DeepSeek `v4-flash/pro`, xAI `grok-4.3`).
+- **Provider audit**: corrected stale model ids (OpenAI `gpt-5.3-codex`, xAI `grok-4.3`).
 - **Hardening**: budget cap now actually fires on the default fast model; write paths confined (no `~/.sanook` / shell-rc / ssh backdoors); MCP child processes get a minimal env (no secret leakage); provider errors surface a clean one-line message; versions read from `package.json`. Added tests for the BYOK/redaction core and budget cap.
 
 ## 0.3.0 — providers, memory, gateway, MCP, git
 
-- **Providers**: data-driven registry, now 12 providers (added MiniMax, GLM, and OpenAI Codex via the official CLI). Per-provider model picker that fetches the live model list.
+- **Providers**: data-driven registry, now 9 providers (including OpenAI Codex via the official CLI). Per-provider model picker that fetches the live model list.
 - **Memory**: auto-memory (`remember` / `recall`), session resume (`--continue`), and in-session REPL conversation history.
 - **Gateway + cron**: `sanook serve` runs a loopback HTTP endpoint (OpenAI-compatible) plus a cron scheduler with natural-language scheduling, backed by a file-locked JSON task ledger.
 - **Skills**: load `SKILL.md` files on demand; the agent can author its own with `create_skill`.