theclawbay 0.3.44 → 0.3.46

package/dist/commands/logout.js

@@ -15,7 +15,6 @@ const codex_model_cache_migration_1 = require("../lib/codex-model-cache-migratio
 const config_1 = require("../lib/managed/config");
 const errors_1 = require("../lib/managed/errors");
 const supported_models_1 = require("../lib/supported-models");
-const codex_vscode_patch_1 = require("../lib/codex-vscode-patch");
 const paths_1 = require("../lib/config/paths");
 const OPENAI_PROVIDER_ID = "openai";
 const DEFAULT_PROVIDER_ID = "theclawbay";
@@ -738,7 +737,6 @@ class LogoutCommand extends base_command_1.BaseCommand {
             let stateDbMigration;
             let authSeedCleanup;
             let modelCacheCleanup;
-            let codexVsCodePatchCleanup;
             let remoteRevokeWarning = null;
             try {
                 if (managed?.authType === "device-session" && managed.credential.trim()) {
@@ -788,7 +786,6 @@ class LogoutCommand extends base_command_1.BaseCommand {
                 authSeedCleanup = await (0, codex_auth_seeding_1.cleanupSeededCodexAuth)({
                     codexHome: paths_1.codexDir,
                 });
-                codexVsCodePatchCleanup = await (0, codex_vscode_patch_1.cleanupCodexVsCodeExtensions)();
                 modelCacheCleanup = await (0, codex_model_cache_migration_1.cleanupSeededCodexModelCache)({
                     codexHome: paths_1.codexDir,
                 });
@@ -828,7 +825,6 @@ class LogoutCommand extends base_command_1.BaseCommand {
                 stateDbMigration.updated > 0 ||
                 authSeedCleanup.action === "removed" ||
                 authSeedCleanup.action === "restored_backup" ||
-                codexVsCodePatchCleanup.action === "removed" ||
                 modelCacheCleanup.action === "removed";
             if (codexChanged)
                 revertedTargets.push("Codex");
@@ -856,8 +852,6 @@ class LogoutCommand extends base_command_1.BaseCommand {
             }
             if (authSeedCleanup.warning)
                 summaryNotes.add(authSeedCleanup.warning);
-            if (codexVsCodePatchCleanup.warning)
-                summaryNotes.add(codexVsCodePatchCleanup.warning);
             if (modelCacheCleanup.warning)
                 summaryNotes.add(modelCacheCleanup.warning);
             if (remoteRevokeWarning) {
@@ -903,7 +897,7 @@ class LogoutCommand extends base_command_1.BaseCommand {
                 this.log(`- Conversation cache: could not update local Codex history DB.${detail}`);
             }
             if (authSeedCleanup.action === "restored_backup") {
-                this.log("- Codex login state: restored the auth that existed before the The Claw Bay usage patch.");
+                this.log("- Codex login state: restored the auth that existed before an older The Claw Bay Codex auth override.");
             }
             else if (authSeedCleanup.action === "removed") {
                 this.log("- Codex login state: removed the Claw Bay auth seed.");
@@ -919,15 +913,6 @@ class LogoutCommand extends base_command_1.BaseCommand {
             else {
                 this.log("- Codex login state: no cleanup needed.");
             }
-            if (codexVsCodePatchCleanup.action === "removed") {
-                this.log(`- Codex VS Code extension: removed the The Claw Bay patch from ${codexVsCodePatchCleanup.restoredRoots.join(", ")}.`);
-            }
-            else if (codexVsCodePatchCleanup.warning) {
-                this.log(`- Codex VS Code extension: ${codexVsCodePatchCleanup.warning}`);
-            }
-            else {
-                this.log("- Codex VS Code extension: no cleanup needed.");
-            }
             if (modelCacheCleanup.action === "removed") {
                 this.log("- Codex model cache: removed the Claw Bay GPT-5.4 / GPT-5.4 Mini seed.");
             }

package/dist/commands/setup.d.ts

@@ -7,7 +7,7 @@ export default class SetupCommand extends BaseCommand {
         "device-name": import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
         clients: import("@oclif/core/lib/interfaces").OptionFlag<string | undefined, import("@oclif/core/lib/interfaces").CustomOptions>;
         yes: import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
-        "codex-usage-ui": import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
+        "migrate-conversations": import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
         "debug-output": import("@oclif/core/lib/interfaces").BooleanFlag<boolean>;
     };
     run(): Promise<void>;

package/dist/commands/setup.js

@@ -17,7 +17,6 @@ const codex_auth_seeding_1 = require("../lib/codex-auth-seeding");
 const codex_history_migration_1 = require("../lib/codex-history-migration");
 const codex_model_cache_migration_1 = require("../lib/codex-model-cache-migration");
 const paths_1 = require("../lib/config/paths");
-const codex_vscode_patch_1 = require("../lib/codex-vscode-patch");
 const api_key_1 = require("../lib/managed/api-key");
 const config_1 = require("../lib/managed/config");
 const errors_1 = require("../lib/managed/errors");
@@ -849,7 +848,7 @@ function resolveSetupClientSelection(params) {
         return Promise.resolve(defaults);
     return promptForSetupClients(setupClients);
 }
-async function promptForCodexUsageUiPatch() {
+async function promptForCodexConversationMigration() {
     if (!process.stdin.isTTY || !process.stdout.isTTY)
         return false;
     const stdin = process.stdin;
@@ -879,20 +878,20 @@ async function promptForCodexUsageUiPatch() {
                 finish(false);
             }
         };
-        process.stdout.write("\nPatch Codex to show The Claw Bay usage remaining? [y/N] ");
+        process.stdout.write("\nConvert old Codex conversations so they stay visible under The Claw Bay? [y/N] ");
         if (stdin.isTTY)
             stdin.setRawMode(true);
         stdin.on("data", onData);
     });
 }
-async function resolveCodexUsageUiSelection(params) {
+async function resolveCodexConversationMigrationSelection(params) {
     if (!params.codexSelected)
         return false;
     if (params.flagValue !== undefined)
         return params.flagValue;
     if (params.skipPrompt || !process.stdin.isTTY || !process.stdout.isTTY)
         return false;
-    return promptForCodexUsageUiPatch();
+    return promptForCodexConversationMigration();
 }
 async function resolveDeviceLabel(params) {
     const fallback = node_os_1.default.hostname().trim() || "This device";
@@ -914,6 +913,14 @@ async function resolveDeviceLabel(params) {
         rl.close();
     }
 }
+function summarizeModelFetchFailure(detail) {
+    const normalized = detail.replace(/\s+/g, " ").trim();
+    if (!normalized)
+        return "unknown error";
+    if (normalized.length <= 140)
+        return normalized;
+    return `${normalized.slice(0, 137).trimEnd()}...`;
+}
 async function fetchBackendModelIds(backendUrl, apiKey) {
     const url = `${trimTrailingSlash(backendUrl)}/api/codex-auth/v1/proxy/v1/models`;
     try {
@@ -923,18 +930,45 @@ async function fetchBackendModelIds(backendUrl, apiKey) {
                 Accept: "application/json",
                 "User-Agent": CLI_HTTP_USER_AGENT,
             },
-            signal: AbortSignal.timeout(4500),
+            signal: AbortSignal.timeout(10000),
         });
-        if (!response.ok)
-            return null;
+        if (!response.ok) {
+            const responseText = await response.text().catch(() => "");
+            let detail = responseText.trim();
+            try {
+                const parsed = JSON.parse(responseText);
+                if (typeof parsed.error === "string" && parsed.error.trim()) {
+                    detail = parsed.error.trim();
+                }
+                else if (typeof parsed.code === "string" && parsed.code.trim()) {
+                    detail = parsed.code.trim();
+                }
+            }
+            catch {
+                // Keep the raw response text when the body is not JSON.
+            }
+            return {
+                ids: null,
+                failure: `HTTP ${response.status}${detail ? `: ${summarizeModelFetchFailure(detail)}` : ""}`,
+            };
+        }
         const body = (await response.json());
         const ids = (body.data ?? [])
             .map((entry) => (typeof entry.id === "string" ? entry.id.trim() : ""))
             .filter((id) => id.length > 0);
-        return ids.length ? ids : null;
+        if (!ids.length) {
+            return {
+                ids: null,
+                failure: "backend returned an empty model list",
+            };
+        }
+        return { ids };
     }
-    catch {
-        return null;
+    catch (error) {
+        return {
+            ids: null,
+            failure: summarizeModelFetchFailure(error instanceof Error ? error.message : String(error)),
+        };
     }
 }
 function kiloStorageCandidates() {
@@ -1043,7 +1077,7 @@ async function detectZoClient() {
     return false;
 }
 async function resolveModels(backendUrl, apiKey) {
-    const ids = await fetchBackendModelIds(backendUrl, apiKey);
+    const { ids, failure } = await fetchBackendModelIds(backendUrl, apiKey);
     const available = new Set(ids ?? []);
     let selected = DEFAULT_CODEX_MODEL;
     let note;
@@ -1058,7 +1092,9 @@ async function resolveModels(backendUrl, apiKey) {
         note = "No preferred Codex model advertised by backend; selected first available model.";
     }
     else if (!ids) {
-        note = `Unable to query backend model list; defaulted to ${DEFAULT_CODEX_MODEL}.`;
+        note = failure
+            ? `Unable to query backend model list (${failure}); defaulted to ${DEFAULT_CODEX_MODEL}.`
+            : `Unable to query backend model list; defaulted to ${DEFAULT_CODEX_MODEL}.`;
     }
     const unique = [];
     const pushUnique = (modelId) => {
@@ -1095,9 +1131,9 @@ async function writeCodexConfig(params) {
     next = removeProviderTable(next, DEFAULT_PROVIDER_ID);
     next = upsertFirstKeyLine(next, "model_provider", `"${DEFAULT_PROVIDER_ID}"`);
     next = upsertFirstKeyLine(next, "model", `"${params.model}"`);
+    next = upsertFirstKeyLine(next, "chatgpt_base_url", `"${proxyRoot}"`);
     const managedBlock = appendManagedBlock("", [
         MANAGED_START,
-        ...(params.enableUsageUiPatch ? [`chatgpt_base_url = "${proxyRoot}"`] : []),
         `[model_providers.${DEFAULT_PROVIDER_ID}]`,
         'name = "OpenAI"',
         `base_url = "${proxyRoot}/backend-api/codex"`,
@@ -1869,13 +1905,13 @@ class SetupCommand extends base_command_1.BaseCommand {
                 flagSelection: parseSetupClientFlags(flags.clients),
                 skipPrompt: flags.yes,
             });
-            const codexUsageUiEnabled = await resolveCodexUsageUiSelection({
+            const migrateCodexConversations = await resolveCodexConversationMigrationSelection({
                 codexSelected: selectedSetupClients.has("codex"),
-                flagValue: flags["codex-usage-ui"],
+                flagValue: flags["migrate-conversations"],
                 skipPrompt: flags.yes,
             });
-            if (flags["codex-usage-ui"] && !selectedSetupClients.has("codex")) {
-                throw new Error("--codex-usage-ui requires Codex to be selected for setup.");
+            if (flags["migrate-conversations"] !== undefined && !selectedSetupClients.has("codex")) {
+                throw new Error("--migrate-conversations requires Codex to be selected for setup.");
             }
             if (!authCredential) {
                 deviceLabel = await resolveDeviceLabel({
@@ -1887,7 +1923,6 @@ class SetupCommand extends base_command_1.BaseCommand {
                     backendUrl,
                     deviceLabel,
                     selectedClients: Array.from(selectedSetupClients),
-                    usagePatchRequested: codexUsageUiEnabled,
                     log: (message) => this.log(message),
                 });
                 authType = browserAuth.authType;
@@ -1905,7 +1940,6 @@ class SetupCommand extends base_command_1.BaseCommand {
             let authSeedCleanup = null;
             let stateDbMigration = null;
             let modelCacheMigration = null;
-            let codexVsCodeCleanup = null;
             let continueConfigPath = null;
             let clineConfigPaths = [];
             let openClawConfigPath = null;
@@ -1936,36 +1970,29 @@ class SetupCommand extends base_command_1.BaseCommand {
                         backendUrl,
                         model: resolved?.model ?? DEFAULT_CODEX_MODEL,
                         apiKey: authCredential,
-                        enableUsageUiPatch: codexUsageUiEnabled,
                     });
                     updatedVsCodeEnvFiles = await persistVsCodeServerEnvSource();
-                    sessionMigration = await (0, codex_history_migration_1.migrateSessionProviders)({
-                        codexHome: paths_1.codexDir,
-                        migrationStateFile: MIGRATION_STATE_FILE,
-                        neutralizeSources: HISTORY_PROVIDER_NEUTRALIZE_SOURCES,
-                    });
-                    if (codexUsageUiEnabled) {
-                        authSeed = await (0, codex_auth_seeding_1.ensureCodexUsageLimitAuth)({
+                    if (migrateCodexConversations) {
+                        sessionMigration = await (0, codex_history_migration_1.migrateSessionProviders)({
                             codexHome: paths_1.codexDir,
-                            apiKey: authCredential,
+                            migrationStateFile: MIGRATION_STATE_FILE,
+                            neutralizeSources: HISTORY_PROVIDER_NEUTRALIZE_SOURCES,
                         });
-                        codexVsCodeCleanup = await (0, codex_vscode_patch_1.cleanupCodexVsCodeExtensions)();
                     }
-                    else {
-                        authSeedCleanup = await (0, codex_auth_seeding_1.cleanupSeededCodexAuth)({
-                            codexHome: paths_1.codexDir,
-                        });
-                        authSeed = await (0, codex_auth_seeding_1.ensureCodexApiKeyAuth)({
+                    authSeedCleanup = await (0, codex_auth_seeding_1.cleanupSeededCodexAuth)({
+                        codexHome: paths_1.codexDir,
+                    });
+                    authSeed = await (0, codex_auth_seeding_1.ensureCodexUsageLimitAuth)({
+                        codexHome: paths_1.codexDir,
+                        apiKey: authCredential,
+                    });
+                    if (migrateCodexConversations) {
+                        stateDbMigration = await (0, codex_history_migration_1.migrateStateDbProviders)({
                             codexHome: paths_1.codexDir,
-                            apiKey: authCredential,
+                            targetProvider: DEFAULT_PROVIDER_ID,
+                            sourceProviders: HISTORY_PROVIDER_DB_MIGRATE_SOURCES,
                         });
-                        codexVsCodeCleanup = await (0, codex_vscode_patch_1.cleanupCodexVsCodeExtensions)();
                     }
-                    stateDbMigration = await (0, codex_history_migration_1.migrateStateDbProviders)({
-                        codexHome: paths_1.codexDir,
-                        targetProvider: DEFAULT_PROVIDER_ID,
-                        sourceProviders: HISTORY_PROVIDER_DB_MIGRATE_SOURCES,
-                    });
                     modelCacheMigration = await (0, codex_model_cache_migration_1.ensureCodexModelCacheHasGpt54)({
                         codexHome: paths_1.codexDir,
                     });
@@ -2081,13 +2108,11 @@ class SetupCommand extends base_command_1.BaseCommand {
                 summaryNotes.add(authSeed.warning);
             if (authSeedCleanup?.warning)
                 summaryNotes.add(authSeedCleanup.warning);
-            if (codexVsCodeCleanup?.warning)
-                summaryNotes.add(codexVsCodeCleanup.warning);
             if (authSeed?.replacedExistingAuth) {
-                summaryNotes.add("Codex usage patch temporarily replaced your existing local Codex auth. `theclawbay logout` restores it.");
+                summaryNotes.add("Codex usage visibility temporarily replaced your existing local Codex auth. `theclawbay logout` restores it.");
             }
-            if (codexVsCodeCleanup?.action === "removed") {
-                summaryNotes.add("Removed an older The Claw Bay Codex VS Code patch. Reload any open Codex extension windows if the sidebar had disappeared.");
+            if (selectedSetupClients.has("codex") && !migrateCodexConversations) {
+                summaryNotes.add("Left existing Codex conversations untouched.");
             }
             if (authType === "device-session" && deviceLabel) {
                 summaryNotes.add(`This machine is linked as "${deviceLabel}". You can revoke it from the dashboard Devices section or with \`theclawbay logout\`.`);
@@ -2129,6 +2154,9 @@ class SetupCommand extends base_command_1.BaseCommand {
                 else if (sessionMigration) {
                     this.log("- Conversations: no local sessions required migration.");
                 }
+                if (!migrateCodexConversations) {
+                    this.log("- Conversations: left existing local Codex history untouched.");
+                }
                 if ((sessionMigration?.retimed ?? 0) > 0) {
                     this.log(`- Conversation ordering: repaired timestamps on ${sessionMigration?.retimed ?? 0} local sessions.`);
                 }
@@ -2160,18 +2188,6 @@ class SetupCommand extends base_command_1.BaseCommand {
                 else if (modelCacheMigration) {
                     this.log("- Codex model cache: no change.");
                 }
-                if (codexUsageUiEnabled) {
-                    this.log("- Codex usage UI: patched to show The Claw Bay usage remaining.");
-                }
-                if (codexVsCodeCleanup?.action === "removed") {
-                    this.log(`- Codex VS Code extension: removed the prior The Claw Bay patch (${codexVsCodeCleanup.restoredRoots.join(", ")})`);
-                }
-                else if (codexVsCodeCleanup?.warning) {
-                    this.log(`- Codex VS Code extension: ${codexVsCodeCleanup.warning}`);
-                }
-                else {
-                    this.log("- Codex VS Code extension: no cleanup needed.");
-                }
             }
             else if (codexDetected) {
                 this.log("- Codex: detected but skipped");
@@ -2281,22 +2297,22 @@ class SetupCommand extends base_command_1.BaseCommand {
                 this.log("- Zo: not detected (skipped)");
             }
             if (authSeed?.action === "seeded" && authSeed.mode === "chatgpt-auth-tokens") {
-                this.log("- Codex login state: seeded temporary The Claw Bay auth so the usage UI can read your remaining limits.");
+                this.log("- Codex login state: seeded local Codex auth so remaining usage can be shown.");
             }
             else if (authSeed?.action === "updated" && authSeed.mode === "chatgpt-auth-tokens") {
-                this.log("- Codex login state: refreshed the temporary The Claw Bay usage-limit auth seed.");
+                this.log("- Codex login state: refreshed the local usage-limit auth seed.");
             }
             else if (authSeed?.action === "already_seeded" && authSeed.mode === "chatgpt-auth-tokens") {
-                this.log("- Codex login state: the temporary The Claw Bay usage-limit auth was already seeded.");
+                this.log("- Codex login state: the local usage-limit auth seed was already present.");
             }
             else if (authSeed?.action === "seeded") {
-                this.log("- Codex login state: seeded local API-key auth for Codex UI.");
+                this.log("- Codex login state: seeded local API-key auth.");
             }
             else if (authSeed?.action === "updated") {
-                this.log("- Codex login state: refreshed the Claw Bay API-key auth seed.");
+                this.log("- Codex login state: refreshed the local API-key auth seed.");
             }
             else if (authSeed?.action === "already_seeded") {
-                this.log("- Codex login state: the Claw Bay API-key auth was already seeded.");
+                this.log("- Codex login state: the local API-key auth seed was already present.");
             }
             else if (authSeed?.action === "already_present") {
                 this.log("- Codex login state: preserved existing local Codex auth.");
@@ -2308,7 +2324,7 @@ class SetupCommand extends base_command_1.BaseCommand {
                 this.log("- Codex login state: no change.");
             }
             if (authSeedCleanup?.action === "restored_backup") {
-                this.log("- Codex login state: restored the auth that existed before the The Claw Bay usage patch.");
+                this.log("- Codex login state: restored the auth that existed before an older The Claw Bay Codex auth override.");
             }
             this.log("Next: restart Continue, Cline, Roo Code, Trae, or Zo only if they were already open during setup.");
         });
@@ -2340,10 +2356,10 @@ SetupCommand.flags = {
         default: false,
         description: "Accept the recommended detected setup targets without prompting",
     }),
-    "codex-usage-ui": core_1.Flags.boolean({
+    "migrate-conversations": core_1.Flags.boolean({
         required: false,
         allowNo: true,
-        description: "Patch Codex to show The Claw Bay usage remaining.",
+        description: "Convert old Codex conversations so they stay visible under The Claw Bay.",
     }),
     "debug-output": core_1.Flags.boolean({
         required: false,

package/dist/lib/device-session-auth.d.ts

@@ -2,7 +2,6 @@ export declare function createBrowserLinkedDeviceSession(params: {
     backendUrl: string;
     deviceLabel?: string | null;
     selectedClients: string[];
-    usagePatchRequested: boolean;
     log: (message: string) => void;
 }): Promise<{
     credential: string;

package/dist/lib/device-session-auth.js

@@ -8,6 +8,8 @@ const node_crypto_1 = __importDefault(require("node:crypto"));
 const node_http_1 = __importDefault(require("node:http"));
 const node_os_1 = __importDefault(require("node:os"));
 const node_child_process_1 = require("node:child_process");
+const BROWSER_SETUP_TIMEOUT_MS = 15 * 60000;
+const BROWSER_SETUP_POLL_INTERVAL_MS = 2000;
 function preferredBrowserCallbackPort() {
     const parsed = Number(process.env.THECLAWBAY_CALLBACK_PORT?.trim() || "");
     if (Number.isFinite(parsed) && parsed > 0 && parsed < 65536) {
@@ -124,10 +126,117 @@ async function createLocalCallbackServer(expectedState) {
         }),
     };
 }
+async function exchangeBrowserSetupSession(params) {
+    const exchangeResponse = await fetch(`${params.backendUrl}/api/setup/device-session/exchange`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            sessionId: params.sessionId,
+            state: params.state,
+            ...(params.code ? { code: params.code } : {}),
+        }),
+        signal: AbortSignal.timeout(20000),
+    });
+    const exchangeBody = (await exchangeResponse.json().catch(() => ({})));
+    if (!exchangeResponse.ok ||
+        exchangeBody.authType !== "device-session" ||
+        !exchangeBody.credential ||
+        !exchangeBody.deviceSessionId) {
+        throw new Error(exchangeBody.error ??
+            `failed to exchange browser setup session (HTTP ${exchangeResponse.status})`);
+    }
+    return {
+        credential: exchangeBody.credential,
+        authType: "device-session",
+        deviceSessionId: exchangeBody.deviceSessionId,
+        deviceLabel: exchangeBody.deviceLabel,
+    };
+}
+function createSetupAbortError() {
+    const error = new Error("browser setup cancelled");
+    error.name = "AbortError";
+    return error;
+}
+async function delay(ms, signal) {
+    if (signal?.aborted)
+        throw createSetupAbortError();
+    await new Promise((resolve, reject) => {
+        const timer = setTimeout(() => {
+            cleanup();
+            resolve();
+        }, ms);
+        const onAbort = () => {
+            clearTimeout(timer);
+            cleanup();
+            reject(createSetupAbortError());
+        };
+        const cleanup = () => signal?.removeEventListener("abort", onAbort);
+        signal?.addEventListener("abort", onAbort, { once: true });
+    });
+}
+async function withTimeout(promise, timeoutMs, signal) {
+    if (signal?.aborted)
+        throw createSetupAbortError();
+    return await new Promise((resolve, reject) => {
+        const timer = setTimeout(() => {
+            cleanup();
+            reject(new Error("browser setup timed out"));
+        }, timeoutMs);
+        const onAbort = () => {
+            clearTimeout(timer);
+            cleanup();
+            reject(createSetupAbortError());
+        };
+        const cleanup = () => signal?.removeEventListener("abort", onAbort);
+        signal?.addEventListener("abort", onAbort, { once: true });
+        promise.then((value) => {
+            clearTimeout(timer);
+            cleanup();
+            resolve(value);
+        }, (error) => {
+            clearTimeout(timer);
+            cleanup();
+            reject(error);
+        });
+    });
+}
+async function waitForFirstSuccessfulExchange(promises) {
+    return await new Promise((resolve, reject) => {
+        const errors = [];
+        let pending = promises.length;
+        let settled = false;
+        const fail = (error) => {
+            if (settled)
+                return;
+            if (error instanceof Error) {
+                errors.push(error);
+            }
+            else {
+                errors.push(new Error(String(error)));
+            }
+            pending -= 1;
+            if (pending <= 0) {
+                reject(errors[0] ?? new Error("browser setup timed out"));
+            }
+        };
+        for (const promise of promises) {
+            promise.then((value) => {
+                if (settled)
+                    return;
+                settled = true;
+                resolve(value);
+            }, (error) => {
+                fail(error);
+            });
+        }
+    });
+}
 async function createBrowserLinkedDeviceSession(params) {
     const label = (params.deviceLabel ?? "").trim() || node_os_1.default.hostname() || "This device";
     const state = node_crypto_1.default.randomUUID();
     const callbackServer = await createLocalCallbackServer(state);
+    const exchangeAbortController = new AbortController();
+    const exchangeSignal = exchangeAbortController.signal;
     try {
         const startResponse = await fetch(`${params.backendUrl}/api/setup/device-session/start`, {
             method: "POST",
@@ -137,7 +246,6 @@ async function createBrowserLinkedDeviceSession(params) {
                 state,
                 deviceLabel: label,
                 selectedClients: params.selectedClients,
-                usagePatchRequested: params.usagePatchRequested,
             }),
             signal: AbortSignal.timeout(20000),
         });
@@ -145,39 +253,64 @@ async function createBrowserLinkedDeviceSession(params) {
         if (!startResponse.ok || !startBody.authUrl || !startBody.sessionId) {
             throw new Error(startBody.error ?? `failed to start browser auth (HTTP ${startResponse.status})`);
         }
+        const setupSessionId = startBody.sessionId;
         const opened = openUrlInBrowser(startBody.authUrl);
         params.log(opened
             ? `Open browser auth if it did not appear automatically: ${startBody.authUrl}`
             : `Open this URL to continue setup: ${startBody.authUrl}`);
-        const callback = await Promise.race([
-            callbackServer.waitForCallback(),
-            new Promise((_, reject) => {
-                setTimeout(() => reject(new Error("browser setup timed out")), 15 * 60000);
-            }),
-        ]);
-        const exchangeResponse = await fetch(`${params.backendUrl}/api/setup/device-session/exchange`, {
-            method: "POST",
-            headers: { "Content-Type": "application/json" },
-            body: JSON.stringify({
+        const deadlineMs = Date.now() + BROWSER_SETUP_TIMEOUT_MS;
+        let fallbackNoticeShown = false;
+        const timeoutError = new Error("browser setup timed out");
+        const waitForLocalCallbackExchange = async () => {
+            const callback = await withTimeout(callbackServer.waitForCallback(), BROWSER_SETUP_TIMEOUT_MS, exchangeSignal);
+            return exchangeBrowserSetupSession({
+                backendUrl: params.backendUrl,
                 sessionId: callback.sessionId,
                 state: callback.state,
                 code: callback.code,
-            }),
-            signal: AbortSignal.timeout(20000),
-        });
-        const exchangeBody = (await exchangeResponse.json().catch(() => ({})));
-        if (!exchangeResponse.ok ||
-            exchangeBody.authType !== "device-session" ||
-            !exchangeBody.credential ||
-            !exchangeBody.deviceSessionId) {
-            throw new Error(exchangeBody.error ??
-                `failed to exchange browser setup session (HTTP ${exchangeResponse.status})`);
-        }
+            });
+        };
+        const waitForPolledExchange = async () => {
+            while (Date.now() < deadlineMs) {
+                if (exchangeSignal.aborted)
+                    throw createSetupAbortError();
+                try {
+                    return await exchangeBrowserSetupSession({
+                        backendUrl: params.backendUrl,
+                        sessionId: setupSessionId,
+                        state,
+                    });
+                }
+                catch (error) {
+                    const message = error.message || "";
+                    if (!message.includes("setup session is not approved")) {
+                        throw error;
+                    }
+                }
+                if (!fallbackNoticeShown) {
+                    params.log("Waiting for browser approval. If the browser cannot reach localhost, setup will still finish here after you connect the device.");
+                    fallbackNoticeShown = true;
+                }
+                await delay(BROWSER_SETUP_POLL_INTERVAL_MS, exchangeSignal);
+            }
+            throw timeoutError;
+        };
+        const linked = await (async () => {
+            try {
+                return await waitForFirstSuccessfulExchange([
+                    waitForLocalCallbackExchange(),
+                    waitForPolledExchange(),
+                ]);
+            }
+            finally {
+                exchangeAbortController.abort();
+            }
+        })();
         return {
-            credential: exchangeBody.credential,
-            authType: "device-session",
-            deviceSessionId: exchangeBody.deviceSessionId,
-            deviceLabel: exchangeBody.deviceLabel?.trim() || label,
+            credential: linked.credential,
+            authType: linked.authType,
+            deviceSessionId: linked.deviceSessionId,
+            deviceLabel: linked.deviceLabel?.trim() || label,
         };
     }
     finally {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "theclawbay",
-  "version": "0.3.44",
+  "version": "0.3.46",
   "description": "CLI for connecting Codex, Continue, Cline, OpenClaw, OpenCode, Kilo, Roo Code, Aider, experimental Trae, and experimental Zo to The Claw Bay.",
   "license": "MIT",
   "bin": {
@@ -10,7 +10,8 @@
   "types": "dist/index.d.ts",
   "scripts": {
     "build": "node -e \"require('node:fs').rmSync('dist',{recursive:true,force:true})\" && tsc -p tsconfig.json && node -e \"require('node:fs').chmodSync('dist/index.js',0o755)\"",
-    "prepublishOnly": "npm run build",
+    "verify:npm-package": "node ./scripts/verify-npm-package.js",
+    "prepublishOnly": "npm run build && npm run verify:npm-package",
     "release:patch": "./scripts/release-npm.sh patch",
     "release:minor": "./scripts/release-npm.sh minor",
     "release:major": "./scripts/release-npm.sh major",
@@ -45,6 +46,10 @@
   "preferGlobal": true,
   "dependencies": {
     "@oclif/core": "^4.8.0",
+    "lucide-react": "^1.7.0",
+    "next": "^16.2.1",
+    "react": "^19.2.4",
+    "react-dom": "^19.2.4",
     "tslib": "^2.8.1",
     "yaml": "^2.8.2"
   },

package/dist/lib/codex-vscode-patch.d.ts

@@ -1,14 +0,0 @@
-export type PatchCodexVsCodeExtensionsResult = {
-    action: "patched" | "already_patched" | "none";
-    patchedRoots: string[];
-    warning?: string;
-};
-export type CleanupCodexVsCodeExtensionsResult = {
-    action: "removed" | "none";
-    restoredRoots: string[];
-    warning?: string;
-};
-export declare function patchCodexVsCodeExtensions(params: {
-    logoutCommandPath?: string | null;
-}): Promise<PatchCodexVsCodeExtensionsResult>;
-export declare function cleanupCodexVsCodeExtensions(): Promise<CleanupCodexVsCodeExtensionsResult>;

package/dist/lib/codex-vscode-patch.js

@@ -1,510 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.patchCodexVsCodeExtensions = patchCodexVsCodeExtensions;
-exports.cleanupCodexVsCodeExtensions = cleanupCodexVsCodeExtensions;
-const promises_1 = __importDefault(require("node:fs/promises"));
-const node_os_1 = __importDefault(require("node:os"));
-const node_path_1 = __importDefault(require("node:path"));
-const EXTENSION_PREFIX = "openai.chatgpt-";
-const BACKUP_SUFFIX = ".theclawbay-managed-backup";
-const EXTENSION_PATCH_MARKER = "theclawbay-codex-extension-host-patch";
-const WEBVIEW_PATCH_MARKER = "theclawbay-codex-webview-patch";
-const LOGOUT_COMMAND_ID = "chatgpt.theClawBayLogout";
-function uniqueStrings(values) {
-    const output = [];
-    const seen = new Set();
-    for (const value of values) {
-        const normalized = value.trim();
-        if (!normalized || seen.has(normalized))
-            continue;
-        seen.add(normalized);
-        output.push(normalized);
-    }
-    return output;
-}
-async function pathExists(filePath) {
-    try {
-        await promises_1.default.access(filePath);
-        return true;
-    }
-    catch {
-        return false;
-    }
-}
-async function readFileIfExists(filePath) {
-    try {
-        return await promises_1.default.readFile(filePath, "utf8");
-    }
-    catch (error) {
-        const err = error;
-        if (err.code === "ENOENT")
-            return null;
-        throw error;
-    }
-}
-function extensionSearchRoots() {
-    const home = node_os_1.default.homedir();
-    return uniqueStrings([
-        node_path_1.default.join(home, ".vscode", "extensions"),
-        node_path_1.default.join(home, ".vscode-insiders", "extensions"),
-        node_path_1.default.join(home, ".vscode-server", "extensions"),
-        node_path_1.default.join(home, ".vscode-server-insiders", "extensions"),
-        node_path_1.default.join(home, ".cursor", "extensions"),
-        node_path_1.default.join(home, ".windsurf", "extensions"),
-        node_path_1.default.join(home, ".vscode-oss", "extensions"),
-    ]);
-}
-async function findCodexExtensionRoots() {
-    const roots = [];
-    for (const extensionsDir of extensionSearchRoots()) {
-        if (!(await pathExists(extensionsDir)))
-            continue;
-        const entries = await promises_1.default.readdir(extensionsDir, { withFileTypes: true });
-        for (const entry of entries) {
-            if (!entry.isDirectory())
-                continue;
-            if (!entry.name.toLowerCase().startsWith(EXTENSION_PREFIX))
-                continue;
-            roots.push(node_path_1.default.join(extensionsDir, entry.name));
-        }
-    }
-    return uniqueStrings(roots).sort();
-}
-async function resolveWebviewEntryScriptPath(extensionRoot) {
-    const indexHtmlPath = node_path_1.default.join(extensionRoot, "webview", "index.html");
-    const indexHtml = await readFileIfExists(indexHtmlPath);
-    if (!indexHtml)
-        return null;
-    const match = indexHtml.match(/<script[^>]+src="\.\/([^"]+index-[^"]+\.js)"/i);
-    if (!match?.[1])
-        return null;
-    return node_path_1.default.join(extensionRoot, "webview", match[1]);
-}
-function backupPath(filePath) {
-    return `${filePath}${BACKUP_SUFFIX}`;
-}
-async function patchFile(params) {
-    const existing = await readFileIfExists(params.filePath);
-    if (existing === null) {
-        throw new Error(`required Codex extension file is missing: ${params.filePath}`);
-    }
-    const fileBackupPath = backupPath(params.filePath);
-    const backupExists = await pathExists(fileBackupPath);
-    const baseSource = backupExists ? ((await readFileIfExists(fileBackupPath)) ?? existing) : existing;
-    const next = params.transform(baseSource);
-    if (!backupExists) {
-        await promises_1.default.writeFile(fileBackupPath, existing, "utf8");
-    }
-    if (next === existing && existing.includes(params.marker)) {
-        return "already_patched";
-    }
-    await promises_1.default.writeFile(params.filePath, next, "utf8");
-    return "patched";
-}
-function buildExtensionHostPatch(logoutCommandPath) {
-    const embeddedCommandPath = JSON.stringify(logoutCommandPath);
-    return `
-;/* ${EXTENSION_PATCH_MARKER}:start */
-(()=> {
-  const vscode = require("vscode");
-  const childProcess = require("node:child_process");
-  const os = require("node:os");
-  const commandId = ${JSON.stringify(LOGOUT_COMMAND_ID)};
-  const embeddedCommandPath = ${embeddedCommandPath};
-
-  function quoteShellArg(value) {
-    if (process.platform === "win32") {
-      return '"' + String(value).replace(/"/g, '""') + '"';
-    }
-    return "'" + String(value).replace(/'/g, "'\\\\''") + "'";
-  }
-
-  function buildLogoutCommands() {
-    const commands = [];
-    if (embeddedCommandPath) {
-      commands.push(\`\${quoteShellArg(embeddedCommandPath)} logout\`);
-    }
-    commands.push("theclawbay logout");
-    return commands;
-  }
-
-  function runLogoutCommand(commandLine, cwd, outputChannel) {
-    return new Promise((resolve, reject) => {
-      childProcess.exec(
-        commandLine,
-        {
-          cwd,
-          windowsHide: true,
-          maxBuffer: 1024 * 1024,
-          shell: process.platform === "win32" ? (process.env.ComSpec || "cmd.exe") : (process.env.SHELL || "/bin/sh"),
-        },
-        (error, stdout, stderr) => {
-          if (stdout) outputChannel.append(stdout);
-          if (stderr) outputChannel.append(stderr);
-          if (error) {
-            reject(error);
-            return;
-          }
-          resolve();
-        },
-      );
-    });
-  }
-
-  async function executeLogout(outputChannel) {
-    const workspaceFolder = vscode.workspace.workspaceFolders?.[0]?.uri.fsPath;
-    const cwd = workspaceFolder || os.homedir();
-    const errors = [];
-    for (const commandLine of buildLogoutCommands()) {
-      outputChannel.appendLine(\`$ \${commandLine}\`);
-      try {
-        await runLogoutCommand(commandLine, cwd, outputChannel);
-        return;
-      } catch (error) {
-        const message = error instanceof Error ? error.message : String(error);
-        errors.push(\`\${commandLine}: \${message}\`);
-        outputChannel.appendLine(message);
-      }
-    }
-    throw new Error(errors.join("\\n"));
-  }
-
-  function patchActivate(exportsObject) {
-    if (!exportsObject || typeof exportsObject.activate !== "function" || exportsObject.__theclawbayPatched) {
-      return;
-    }
-    const originalActivate = exportsObject.activate;
-    exportsObject.activate = async function patchedActivate(context, ...rest) {
-      const result = await originalActivate.apply(this, [context, ...rest]);
-      if (context && !context.__theclawbayLogoutRegistered) {
-        context.__theclawbayLogoutRegistered = true;
-        const outputChannel = vscode.window.createOutputChannel("The Claw Bay");
-        context.subscriptions.push(outputChannel);
-        context.subscriptions.push(
-          vscode.commands.registerCommand(commandId, async () => {
-            const confirmed = await vscode.window.showWarningMessage(
-              "Run The Claw Bay logout and remove the Codex usage/UI patch?",
-              { modal: true },
-              "Log out",
-            );
-            if (confirmed !== "Log out") return;
-
-            try {
-              await vscode.window.withProgress(
-                {
-                  location: vscode.ProgressLocation.Notification,
-                  title: "Removing The Claw Bay Codex patch…",
-                },
-                async () => {
-                  await executeLogout(outputChannel);
-                },
-              );
-              const reloadChoice = await vscode.window.showInformationMessage(
-                "The Claw Bay logout completed. Reload this window to finish removing the Codex patch.",
-                "Reload Window",
-                "Show Output",
-              );
-              if (reloadChoice === "Reload Window") {
-                await vscode.commands.executeCommand("workbench.action.reloadWindow");
-              } else if (reloadChoice === "Show Output") {
-                outputChannel.show(true);
-              }
-            } catch (error) {
-              outputChannel.show(true);
-              const message = error instanceof Error ? error.message : String(error);
-              await vscode.window.showErrorMessage(\`The Claw Bay logout failed: \${message}\`, "Show Output");
-            }
-          }),
-        );
-      }
-      return result;
-    };
-    exportsObject.__theclawbayPatched = true;
-  }
-
-  patchActivate(module.exports);
-})();
-/* ${EXTENSION_PATCH_MARKER}:end */
-`;
-}
-function buildWebviewPatch() {
-    return `
-;/* ${WEBVIEW_PATCH_MARKER}:start */
-(()=> {
-  const cardId = "theclawbay-codex-settings-card";
-  const styleId = "theclawbay-codex-settings-style";
-  const commandId = ${JSON.stringify(LOGOUT_COMMAND_ID)};
-  const vscodeApi = typeof acquireVsCodeApi === "function" ? acquireVsCodeApi() : null;
-
-  function currentRoute() {
-    return \`\${window.location.pathname}\${window.location.hash}\`;
-  }
-
-  function isAgentSettingsRoute() {
-    return currentRoute().includes("/settings/general") || currentRoute().includes("/settings/agent");
-  }
-
-  function ensureStyle() {
-    if (document.getElementById(styleId)) return;
-    const style = document.createElement("style");
-    style.id = styleId;
-    style.textContent = \`
-      #\${cardId} {
-        margin: 20px 0 28px;
-        border: 1px solid var(--vscode-panel-border, rgba(255,255,255,0.12));
-        border-radius: 12px;
-        background: var(--vscode-editorWidget-background, rgba(255,255,255,0.03));
-        color: var(--vscode-foreground, inherit);
-        overflow: hidden;
-      }
-      #\${cardId} .theclawbay-header {
-        display: flex;
-        align-items: center;
-        justify-content: space-between;
-        gap: 12px;
-        padding: 14px 16px;
-      }
-      #\${cardId} .theclawbay-title {
-        font-size: 14px;
-        font-weight: 700;
-        color: var(--vscode-foreground, inherit);
-      }
-      #\${cardId} .theclawbay-topline {
-        display: flex;
-        align-items: center;
-        gap: 10px;
-      }
-      #\${cardId} .theclawbay-badge {
-        border-radius: 999px;
-        padding: 2px 8px;
-        font-size: 12px;
-        font-weight: 600;
-        color: var(--vscode-button-foreground, white);
-        background: var(--vscode-button-background, #0e639c);
-      }
-      #\${cardId} .theclawbay-body {
-        padding: 0 16px 16px;
-        display: flex;
-        flex-direction: column;
-        gap: 12px;
-      }
-      #\${cardId} .theclawbay-copy {
-        font-size: 13px;
-        line-height: 1.5;
-        color: var(--vscode-descriptionForeground, var(--vscode-foreground, inherit));
-      }
-      #\${cardId} .theclawbay-button {
-        width: fit-content;
-        border: 1px solid transparent;
-        border-radius: 8px;
-        padding: 8px 12px;
-        cursor: pointer;
-        font: inherit;
-        font-weight: 600;
-        color: var(--vscode-button-foreground, white);
-        background: var(--vscode-button-background, #0e639c);
-      }
-      #\${cardId} .theclawbay-button:hover {
-        background: var(--vscode-button-hoverBackground, #1177bb);
-      }
-      #\${cardId} .theclawbay-row {
-        display: flex;
-        align-items: center;
-        justify-content: space-between;
-        gap: 16px;
-        flex-wrap: wrap;
-      }
-      #\${cardId} .theclawbay-toggle {
-        display: inline-flex;
-        align-items: center;
-        gap: 10px;
-        font-size: 13px;
-        font-weight: 600;
-        color: var(--vscode-foreground, inherit);
-      }
-      #\${cardId} .theclawbay-toggle input {
-        width: 34px;
-        height: 18px;
-        accent-color: var(--vscode-button-background, #0e639c);
-        cursor: pointer;
-      }
-    \`;
-    document.head.appendChild(style);
-  }
-
-  function findMount() {
-    const selectors = [
-      "div.min-w-0.flex-1.overflow-visible",
-      "div.min-w-0.flex-1",
-      "main",
-    ];
-    for (const selector of selectors) {
-      const matches = Array.from(document.querySelectorAll(selector));
-      for (let index = matches.length - 1; index >= 0; index -= 1) {
-        const match = matches[index];
-        if (!(match instanceof HTMLElement)) continue;
-        if (match.closest("#root") || match.id === "root") {
-          return match;
-        }
-      }
-    }
-    return document.getElementById("root");
-  }
-
-  function buildCard() {
-    const wrapper = document.createElement("section");
-    wrapper.id = cardId;
-
-    const header = document.createElement("div");
-    header.className = "theclawbay-header";
-
-    const topline = document.createElement("div");
-    topline.className = "theclawbay-topline";
-    const title = document.createElement("span");
-    title.className = "theclawbay-title";
-    title.textContent = "The Claw Bay";
-    const badge = document.createElement("span");
-    badge.className = "theclawbay-badge";
-    badge.textContent = "Patched";
-    topline.append(title, badge);
-    header.appendChild(topline);
-
-    const body = document.createElement("div");
-    body.className = "theclawbay-body";
-
-    const copy = document.createElement("p");
-    copy.className = "theclawbay-copy";
-    copy.textContent = "Shows The Claw Bay usage remaining inside Codex.";
-
-    const row = document.createElement("div");
-    row.className = "theclawbay-row";
-
-    const toggleLabel = document.createElement("label");
-    toggleLabel.className = "theclawbay-toggle";
-
-    const toggle = document.createElement("input");
-    toggle.type = "checkbox";
-    toggle.checked = true;
-    toggle.addEventListener("change", () => {
-      if (!toggle.checked) {
-        vscodeApi?.postMessage({ type: "open-vscode-command", command: commandId, args: [] });
-      }
-      window.setTimeout(() => {
-        toggle.checked = true;
-      }, 0);
-    });
-
-    const toggleText = document.createElement("span");
-    toggleText.textContent = "Usage remaining patch";
-    toggleLabel.append(toggle, toggleText);
-
-    const button = document.createElement("button");
-    button.type = "button";
-    button.className = "theclawbay-button";
-    button.textContent = "Remove patch";
-    button.addEventListener("click", () => {
-      vscodeApi?.postMessage({ type: "open-vscode-command", command: commandId, args: [] });
-    });
-
-    row.append(toggleLabel, button);
-    body.append(copy, row);
-    wrapper.append(header, body);
-    return wrapper;
-  }
-
-  function syncCard() {
-    const existing = document.getElementById(cardId);
-    if (!isAgentSettingsRoute()) {
-      existing?.remove();
-      return;
-    }
-    ensureStyle();
-    if (existing) return;
-    const mount = findMount();
-    if (!mount) return;
-    mount.appendChild(buildCard());
-  }
-
-  let lastRoute = currentRoute();
-  const observer = new MutationObserver(() => {
-    const nextRoute = currentRoute();
-    if (nextRoute !== lastRoute) {
-      lastRoute = nextRoute;
-    }
-    syncCard();
-  });
-
-  if (document.body) {
-    observer.observe(document.body, { childList: true, subtree: true });
-  } else {
-    window.addEventListener("DOMContentLoaded", () => {
-      if (document.body) observer.observe(document.body, { childList: true, subtree: true });
-      syncCard();
-    }, { once: true });
-  }
-
-  window.addEventListener("popstate", syncCard);
-  window.setInterval(syncCard, 1500);
-  syncCard();
-})();
-/* ${WEBVIEW_PATCH_MARKER}:end */
-`;
-}
-async function patchCodexVsCodeExtensions(params) {
-    void params;
-    return {
-        action: "none",
-        patchedRoots: [],
-        warning: "The Codex VS Code bundle patch has been disabled for safety. Run `theclawbay setup` or `theclawbay logout` to remove any older The Claw Bay VS Code patch.",
-    };
-}
-async function cleanupCodexVsCodeExtensions() {
-    try {
-        const extensionRoots = await findCodexExtensionRoots();
-        if (extensionRoots.length === 0) {
-            return { action: "none", restoredRoots: [] };
-        }
-        const restoredRoots = new Set();
-        for (const extensionRoot of extensionRoots) {
-            const candidates = [
-                node_path_1.default.join(extensionRoot, "out", "extension.js"),
-            ];
-            const webviewAssetsDir = node_path_1.default.join(extensionRoot, "webview", "assets");
-            if (await pathExists(webviewAssetsDir)) {
-                const webviewFiles = await promises_1.default.readdir(webviewAssetsDir);
-                for (const fileName of webviewFiles) {
-                    if (!fileName.startsWith("index-") || !fileName.endsWith(".js"))
-                        continue;
-                    candidates.push(node_path_1.default.join(webviewAssetsDir, fileName));
-                }
-            }
-            for (const filePath of candidates) {
-                const fileBackupPath = backupPath(filePath);
-                const backup = await readFileIfExists(fileBackupPath);
-                if (backup === null)
-                    continue;
-                const existing = await readFileIfExists(filePath);
-                if (existing !== null &&
-                    (existing.includes(EXTENSION_PATCH_MARKER) || existing.includes(WEBVIEW_PATCH_MARKER))) {
-                    await promises_1.default.writeFile(filePath, backup, "utf8");
-                    restoredRoots.add(extensionRoot);
-                }
-                await promises_1.default.unlink(fileBackupPath).catch(() => { });
-            }
-        }
-        return {
-            action: restoredRoots.size > 0 ? "removed" : "none",
-            restoredRoots: Array.from(restoredRoots).sort(),
-        };
-    }
-    catch (error) {
-        return {
-            action: "none",
-            restoredRoots: [],
-            warning: `Could not clean up the Codex VS Code extension patch: ${error.message}`,
-        };
-    }
-}