ccproxy-api 0.1.6__py3-none-any.whl → 0.1.7__py3-none-any.whl

ccproxy/_version.py

@@ -17,5 +17,5 @@ __version__: str
 __version_tuple__: VERSION_TUPLE
 version_tuple: VERSION_TUPLE
 
-__version__ = version = '0.1.6'
-__version_tuple__ = version_tuple = (0, 1, 6)
+__version__ = version = '0.1.7'
+__version_tuple__ = version_tuple = (0, 1, 7)

ccproxy/api/app.py

@@ -35,6 +35,7 @@ from ccproxy.utils.models_provider import get_models_list
 from ccproxy.utils.startup_helpers import (
     check_claude_cli_startup,
     check_codex_cli_startup,
+    check_version_updates_startup,
     flush_streaming_batches_shutdown,
     initialize_claude_detection_startup,
     initialize_claude_sdk_startup,
@@ -46,7 +47,8 @@ from ccproxy.utils.startup_helpers import (
     setup_scheduler_shutdown,
     setup_scheduler_startup,
     setup_session_manager_shutdown,
-    validate_authentication_startup,
+    validate_claude_authentication_startup,
+    validate_codex_authentication_startup,
 )
 
 
@@ -72,10 +74,20 @@ class ShutdownComponent(TypedDict):
 # Define lifecycle components for startup/shutdown organization
 LIFECYCLE_COMPONENTS: list[LifecycleComponent] = [
     {
-        "name": "Authentication",
-        "startup": validate_authentication_startup,
+        "name": "Claude Authentication",
+        "startup": validate_claude_authentication_startup,
         "shutdown": None,  # One-time validation, no cleanup needed
     },
+    {
+        "name": "Codex Authentication",
+        "startup": validate_codex_authentication_startup,
+        "shutdown": None,  # One-time validation, no cleanup needed
+    },
+    {
+        "name": "Version Check",
+        "startup": check_version_updates_startup,
+        "shutdown": None,  # One-time check, no cleanup needed
+    },
     {
         "name": "Claude CLI",
         "startup": check_claude_cli_startup,

ccproxy/api/dependencies.py

@@ -7,7 +7,6 @@ from typing import Annotated
 from fastapi import Depends, Request
 from structlog import get_logger
 
-from ccproxy.auth.dependencies import AuthManagerDep
 from ccproxy.config.settings import Settings, get_settings
 from ccproxy.core.http import BaseProxyClient
 from ccproxy.observability import PrometheusMetrics, get_metrics
@@ -70,11 +69,8 @@ def get_cached_claude_service(request: Request) -> ClaudeSDKService:
         )
         # Get dependencies manually for fallback
         settings = get_cached_settings(request)
-        # Create a simple auth manager for fallback
-        from ccproxy.auth.credentials_adapter import CredentialsAuthManager
 
-        auth_manager = CredentialsAuthManager()
-        claude_service = get_claude_service(settings, auth_manager)
+        claude_service = get_claude_service(settings)
     return claude_service
 
 
@@ -84,13 +80,11 @@ SettingsDep = Annotated[Settings, Depends(get_cached_settings)]
 
 def get_claude_service(
     settings: SettingsDep,
-    auth_manager: AuthManagerDep,
 ) -> ClaudeSDKService:
     """Get Claude SDK service instance.
 
     Args:
         settings: Application settings dependency
-        auth_manager: Authentication manager dependency
 
     Returns:
         Claude SDK service instance
@@ -114,7 +108,6 @@ def get_claude_service(
         # This dependency function should not create stateful resources
 
     return ClaudeSDKService(
-        auth_manager=auth_manager,
         metrics=metrics,
         settings=settings,
         session_manager=session_manager,

ccproxy/api/middleware/errors.py

@@ -583,13 +583,16 @@ def setup_error_handlers(app: FastAPI) -> None:
         ):
             request.state.context.metadata["status_code"] = exc.status_code
 
-        # Don't log stack trace for 404 errors as they're expected
-        if exc.status_code == 404:
-            logger.debug(
-                "HTTP 404 error",
-                error_type="http_404",
+        # Don't log stack trace for expected errors (404, 401)
+        if exc.status_code in (404, 401):
+            log_level = "debug" if exc.status_code == 404 else "warning"
+            log_func = logger.debug if exc.status_code == 404 else logger.warning
+
+            log_func(
+                f"HTTP {exc.status_code} error",
+                error_type=f"http_{exc.status_code}",
                 error_message=exc.detail,
-                status_code=404,
+                status_code=exc.status_code,
                 request_method=request.method,
                 request_url=str(request.url.path),
             )
@@ -613,7 +616,12 @@ def setup_error_handlers(app: FastAPI) -> None:
 
         # Record error in metrics
         if metrics:
-            error_type = "http_404" if exc.status_code == 404 else "http_error"
+            if exc.status_code == 404:
+                error_type = "http_404"
+            elif exc.status_code == 401:
+                error_type = "http_401"
+            else:
+                error_type = "http_error"
             metrics.record_error(
                 error_type=error_type,
                 endpoint=str(request.url.path),

ccproxy/api/routes/codex.py

@@ -1,6 +1,7 @@
 """OpenAI Codex API routes."""
 
 import json
+import time
 import uuid
 from collections.abc import AsyncIterator
 
@@ -74,11 +75,18 @@ async def codex_responses(
                 status_code=401,
                 detail="No valid OpenAI credentials found. Please authenticate first.",
             )
+    except HTTPException:
+        # Re-raise HTTPExceptions without chaining to avoid stack traces
+        raise
     except Exception as e:
-        logger.error("Failed to get OpenAI access token", error=str(e))
+        logger.debug(
+            "Failed to get OpenAI access token",
+            error=str(e),
+            error_type=type(e).__name__,
+        )
         raise HTTPException(
             status_code=401, detail="Failed to retrieve valid credentials"
-        ) from e
+        ) from None
 
     try:
         # Handle the Codex request
@@ -92,12 +100,12 @@ async def codex_responses(
         )
         return response
     except AuthenticationError as e:
-        raise HTTPException(status_code=401, detail=str(e)) from e
+        raise HTTPException(status_code=401, detail=str(e)) from None
     except ProxyError as e:
-        raise HTTPException(status_code=502, detail=str(e)) from e
+        raise HTTPException(status_code=502, detail=str(e)) from None
     except Exception as e:
         logger.error("Unexpected error in codex_responses", error=str(e))
-        raise HTTPException(status_code=500, detail="Internal server error") from e
+        raise HTTPException(status_code=500, detail="Internal server error") from None
 
 
 @router.post("/{session_id}/responses", response_model=None)
@@ -122,11 +130,18 @@ async def codex_responses_with_session(
                 status_code=401,
                 detail="No valid OpenAI credentials found. Please authenticate first.",
             )
+    except HTTPException:
+        # Re-raise HTTPExceptions without chaining to avoid stack traces
+        raise
     except Exception as e:
-        logger.error("Failed to get OpenAI access token", error=str(e))
+        logger.debug(
+            "Failed to get OpenAI access token",
+            error=str(e),
+            error_type=type(e).__name__,
+        )
         raise HTTPException(
             status_code=401, detail="Failed to retrieve valid credentials"
-        ) from e
+        ) from None
 
     try:
         # Handle the Codex request with specific session_id
@@ -140,12 +155,12 @@ async def codex_responses_with_session(
         )
         return response
     except AuthenticationError as e:
-        raise HTTPException(status_code=401, detail=str(e)) from e
+        raise HTTPException(status_code=401, detail=str(e)) from None
     except ProxyError as e:
-        raise HTTPException(status_code=502, detail=str(e)) from e
+        raise HTTPException(status_code=502, detail=str(e)) from None
     except Exception as e:
         logger.error("Unexpected error in codex_responses_with_session", error=str(e))
-        raise HTTPException(status_code=500, detail="Internal server error") from e
+        raise HTTPException(status_code=500, detail="Internal server error") from None
 
 
 @router.post("/chat/completions", response_model=None)
@@ -174,11 +189,18 @@ async def codex_chat_completions(
                 status_code=401,
                 detail="No valid OpenAI credentials found. Please authenticate first.",
             )
+    except HTTPException:
+        # Re-raise HTTPExceptions without chaining to avoid stack traces
+        raise
     except Exception as e:
-        logger.error("Failed to get OpenAI access token", error=str(e))
+        logger.debug(
+            "Failed to get OpenAI access token",
+            error=str(e),
+            error_type=type(e).__name__,
+        )
         raise HTTPException(
             status_code=401, detail="Failed to retrieve valid credentials"
-        ) from e
+        ) from None
 
     try:
         # Create adapter for format conversion
@@ -233,6 +255,9 @@ async def codex_chat_completions(
 
             # Convert Response API SSE stream to Chat Completions format
             response_headers = {}
+            # Generate stream_id and timestamp outside the nested function to avoid closure issues
+            stream_id = f"chatcmpl_{uuid.uuid4().hex[:29]}"
+            created = int(time.time())
 
             async def stream_codex_response() -> AsyncIterator[bytes]:
                 """Stream and convert Response API to Chat Completions format."""
@@ -317,8 +342,6 @@ async def codex_chat_completions(
 
                         chunk_count = 0
                         total_bytes = 0
-                        stream_id = f"chatcmpl_{uuid.uuid4().hex[:29]}"
-                        created = int(time.time())
 
                         # Process SSE events directly without buffering
                         line_count = 0
@@ -951,9 +974,6 @@ async def codex_chat_completions(
 
             # Create a minimal request context if none exists
             if request_context is None:
-                import time
-                import uuid
-
                 request_context = RequestContext(
                     request_id=str(uuid.uuid4()),
                     start_time=time.perf_counter(),
@@ -1159,12 +1179,12 @@ async def codex_chat_completions(
     except HTTPException:
         raise
     except AuthenticationError as e:
-        raise HTTPException(status_code=401, detail=str(e)) from e
+        raise HTTPException(status_code=401, detail=str(e)) from None
     except ProxyError as e:
-        raise HTTPException(status_code=502, detail=str(e)) from e
+        raise HTTPException(status_code=502, detail=str(e)) from None
     except Exception as e:
         logger.error("Unexpected error in codex_chat_completions", error=str(e))
-        raise HTTPException(status_code=500, detail="Internal server error") from e
+        raise HTTPException(status_code=500, detail="Internal server error") from None
 
 
 # NOTE: Test endpoint commented out after exploration
@@ -1222,10 +1242,10 @@ async def codex_chat_completions(
 #         return response
 #     except AuthenticationError as e:
 #         logger.warning(f"Auth error for path /{path}: {str(e)}")
-#         raise HTTPException(status_code=401, detail=str(e)) from e
+#         raise HTTPException(status_code=401, detail=str(e)) from None from e
 #     except ProxyError as e:
 #         logger.warning(f"Proxy error for path /{path}: {str(e)}")
-#         raise HTTPException(status_code=502, detail=str(e)) from e
+#         raise HTTPException(status_code=502, detail=str(e)) from None from e
 #     except Exception as e:
 #         logger.error(f"Unexpected error testing path /{path}", error=str(e))
 #         raise HTTPException(status_code=500, detail=f"Error testing path: {str(e)}") from e

ccproxy/config/scheduler.py

@@ -89,17 +89,17 @@ class SchedulerSettings(BaseSettings):
     )
 
     version_check_interval_hours: int = Field(
-        default=12,
+        default=6,
         ge=1,
         le=168,  # Max 1 week
         description="Interval in hours between version checks",
     )
 
-    version_check_startup_max_age_hours: float = Field(
-        default=1.0,
+    version_check_cache_ttl_hours: float = Field(
+        default=6,
         ge=0.1,
         le=24.0,
-        description="Maximum age in hours since last check before running startup check",
+        description="Maximum age in hours since last check version check",
     )
 
     model_config = SettingsConfigDict(

ccproxy/data/claude_headers_fallback.json

@@ -0,0 +1,37 @@
+{
+  "claude_version": "1.0.77",
+  "headers": {
+    "anthropic_beta": "claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14",
+    "anthropic_version": "2023-06-01",
+    "anthropic_dangerous_direct_browser_access": "true",
+    "x_app": "cli",
+    "user_agent": "claude-cli/1.0.77 (external, cli)",
+    "x_stainless_lang": "js",
+    "x_stainless_retry_count": "0",
+    "x_stainless_timeout": "60",
+    "x_stainless_package_version": "0.55.1",
+    "x_stainless_os": "Linux",
+    "x_stainless_arch": "x64",
+    "x_stainless_runtime": "node",
+    "x_stainless_runtime_version": "v22.17.0"
+  },
+  "system_prompt": {
+    "system_field": [
+      {
+        "type": "text",
+        "text": "You are Claude Code, Anthropic's official CLI for Claude.",
+        "cache_control": {
+          "type": "ephemeral"
+        }
+      },
+      {
+        "type": "text",
+        "text": "\nYou are an interactive CLI tool that helps users with software engineering tasks. Use the instructions below and the tools available to you to assist the user.\n\nIMPORTANT: Assist with defensive security tasks only. Refuse to create, modify, or improve code that may be used maliciously. Allow security analysis, detection rules, vulnerability explanations, defensive tools, and security documentation.\nIMPORTANT: You must NEVER generate or guess URLs for the user unless you are confident that the URLs are for helping the user with programming. You may use URLs provided by the user in their messages or local files.\n\nIf the user asks for help or wants to give feedback inform them of the following: \n- /help: Get help with using Claude Code\n- To give feedback, users should report the issue at https://github.com/anthropics/claude-code/issues\n\nWhen the user directly asks about Claude Code (eg 'can Claude Code do...', 'does Claude Code have...') or asks in second person (eg 'are you able...', 'can you do...'), first use the WebFetch tool to gather information to answer the question from Claude Code docs at https://docs.anthropic.com/en/docs/claude-code.\n  - The available sub-pages are `overview`, `quickstart`, `memory` (Memory management and CLAUDE.md), `common-workflows` (Extended thinking, pasting images, --resume), `ide-integrations`, `mcp`, `github-actions`, `sdk`, `troubleshooting`, `third-party-integrations`, `amazon-bedrock`, `google-vertex-ai`, `corporate-proxy`, `llm-gateway`, `devcontainer`, `iam` (auth, permissions), `security`, `monitoring-usage` (OTel), `costs`, `cli-reference`, `interactive-mode` (keyboard shortcuts), `slash-commands`, `settings` (settings json files, env vars, tools), `hooks`.\n  - Example: https://docs.anthropic.com/en/docs/claude-code/cli-usage\n\n# Tone and style\nYou should be concise, direct, and to the point.\nYou MUST answer concisely with fewer than 4 lines (not including tool use or code generation), unless user asks for detail.\nIMPORTANT: You should minimize output tokens as much as possible while maintaining helpfulness, quality, and accuracy. Only address the specific query or task at hand, avoiding tangential information unless absolutely critical for completing the request. If you can answer in 1-3 sentences or a short paragraph, please do.\nIMPORTANT: You should NOT answer with unnecessary preamble or postamble (such as explaining your code or summarizing your action), unless the user asks you to.\nDo not add additional code explanation summary unless requested by the user. After working on a file, just stop, rather than providing an explanation of what you did.\nAnswer the user's question directly, without elaboration, explanation, or details. One word answers are best. Avoid introductions, conclusions, and explanations. You MUST avoid text before/after your response, such as \"The answer is <answer>.\", \"Here is the content of the file...\" or \"Based on the information provided, the answer is...\" or \"Here is what I will do next...\". Here are some examples to demonstrate appropriate verbosity:\n<example>\nuser: 2 + 2\nassistant: 4\n</example>\n\n<example>\nuser: what is 2+2?\nassistant: 4\n</example>\n\n<example>\nuser: is 11 a prime number?\nassistant: Yes\n</example>\n\n<example>\nuser: what command should I run to list files in the current directory?\nassistant: ls\n</example>\n\n<example>\nuser: what command should I run to watch files in the current directory?\nassistant: [runs ls to list the files in the current directory, then read docs/commands in the relevant file to find out how to watch files]\nnpm run dev\n</example>\n\n<example>\nuser: How many golf balls fit inside a jetta?\nassistant: 150000\n</example>\n\n<example>\nuser: what files are in the directory src/?\nassistant: [runs ls and sees foo.c, bar.c, baz.c]\nuser: which file contains the implementation of foo?\nassistant: src/foo.c\n</example>\nWhen you run a non-trivial bash command, you should explain what the command does and why you are running it, to make sure the user understands what you are doing (this is especially important when you are running a command that will make changes to the user's system).\nRemember that your output will be displayed on a command line interface. Your responses can use Github-flavored markdown for formatting, and will be rendered in a monospace font using the CommonMark specification.\nOutput text to communicate with the user; all text you output outside of tool use is displayed to the user. Only use tools to complete tasks. Never use tools like Bash or code comments as means to communicate with the user during the session.\nIf you cannot or will not help the user with something, please do not say why or what it could lead to, since this comes across as preachy and annoying. Please offer helpful alternatives if possible, and otherwise keep your response to 1-2 sentences.\nOnly use emojis if the user explicitly requests it. Avoid using emojis in all communication unless asked.\nIMPORTANT: Keep your responses short, since they will be displayed on a command line interface.\n\n# Proactiveness\nYou are allowed to be proactive, but only when the user asks you to do something. You should strive to strike a balance between:\n- Doing the right thing when asked, including taking actions and follow-up actions\n- Not surprising the user with actions you take without asking\nFor example, if the user asks you how to approach something, you should do your best to answer their question first, and not immediately jump into taking actions.\n\n# Following conventions\nWhen making changes to files, first understand the file's code conventions. Mimic code style, use existing libraries and utilities, and follow existing patterns.\n- NEVER assume that a given library is available, even if it is well known. Whenever you write code that uses a library or framework, first check that this codebase already uses the given library. For example, you might look at neighboring files, or check the package.json (or cargo.toml, and so on depending on the language).\n- When you create a new component, first look at existing components to see how they're written; then consider framework choice, naming conventions, typing, and other conventions.\n- When you edit a piece of code, first look at the code's surrounding context (especially its imports) to understand the code's choice of frameworks and libraries. Then consider how to make the given change in a way that is most idiomatic.\n- Always follow security best practices. Never introduce code that exposes or logs secrets and keys. Never commit secrets or keys to the repository.\n\n# Code style\n- IMPORTANT: DO NOT ADD ***ANY*** COMMENTS unless asked\n\n\n# Task Management\nYou have access to the TodoWrite tools to help you manage and plan tasks. Use these tools VERY frequently to ensure that you are tracking your tasks and giving the user visibility into your progress.\nThese tools are also EXTREMELY helpful for planning tasks, and for breaking down larger complex tasks into smaller steps. If you do not use this tool when planning, you may forget to do important tasks - and that is unacceptable.\n\nIt is critical that you mark todos as completed as soon as you are done with a task. Do not batch up multiple tasks before marking them as completed.\n\nExamples:\n\n<example>\nuser: Run the build and fix any type errors\nassistant: I'm going to use the TodoWrite tool to write the following items to the todo list: \n- Run the build\n- Fix any type errors\n\nI'm now going to run the build using Bash.\n\nLooks like I found 10 type errors. I'm going to use the TodoWrite tool to write 10 items to the todo list.\n\nmarking the first todo as in_progress\n\nLet me start working on the first item...\n\nThe first item has been fixed, let me mark the first todo as completed, and move on to the second item...\n..\n..\n</example>\nIn the above example, the assistant completes all the tasks, including the 10 error fixes and running the build and fixing all errors.\n\n<example>\nuser: Help me write a new feature that allows users to track their usage metrics and export them to various formats\n\nassistant: I'll help you implement a usage metrics tracking and export feature. Let me first use the TodoWrite tool to plan this task.\nAdding the following todos to the todo list:\n1. Research existing metrics tracking in the codebase\n2. Design the metrics collection system\n3. Implement core metrics tracking functionality\n4. Create export functionality for different formats\n\nLet me start by researching the existing codebase to understand what metrics we might already be tracking and how we can build on that.\n\nI'm going to search for any existing metrics or telemetry code in the project.\n\nI've found some existing telemetry code. Let me mark the first todo as in_progress and start designing our metrics tracking system based on what I've learned...\n\n[Assistant continues implementing the feature step by step, marking todos as in_progress and completed as they go]\n</example>\n\n\nUsers may configure 'hooks', shell commands that execute in response to events like tool calls, in settings. Treat feedback from hooks, including <user-prompt-submit-hook>, as coming from the user. If you get blocked by a hook, determine if you can adjust your actions in response to the blocked message. If not, ask the user to check their hooks configuration.\n\n# Doing tasks\nThe user will primarily request you perform software engineering tasks. This includes solving bugs, adding new functionality, refactoring code, explaining code, and more. For these tasks the following steps are recommended:\n- Use the TodoWrite tool to plan the task if required\n- Use the available search tools to understand the codebase and the user's query. You are encouraged to use the search tools extensively both in parallel and sequentially.\n- Implement the solution using all tools available to you\n- Verify the solution if possible with tests. NEVER assume specific test framework or test script. Check the README or search codebase to determine the testing approach.\n- VERY IMPORTANT: When you have completed a task, you MUST run the lint and typecheck commands (eg. npm run lint, npm run typecheck, ruff, etc.) with Bash if they were provided to you to ensure your code is correct. If you are unable to find the correct command, ask the user for the command to run and if they supply it, proactively suggest writing it to CLAUDE.md so that you will know to run it next time.\nNEVER commit changes unless the user explicitly asks you to. It is VERY IMPORTANT to only commit when explicitly asked, otherwise the user will feel that you are being too proactive.\n\n- Tool results and user messages may include <system-reminder> tags. <system-reminder> tags contain useful information and reminders. They are NOT part of the user's provided input or the tool result.\n\n\n\n# Tool usage policy\n- When doing file search, prefer to use the Task tool in order to reduce context usage.\n- You should proactively use the Task tool with specialized agents when the task at hand matches the agent's description.\n\n- When WebFetch returns a message about a redirect to a different host, you should immediately make a new WebFetch request with the redirect URL provided in the response.\n- You have the capability to call multiple tools in a single response. When multiple independent pieces of information are requested, batch your tool calls together for optimal performance. When making multiple bash tool calls, you MUST send a single message with multiple tools calls to run the calls in parallel. For example, if you need to run \"git status\" and \"git diff\", send a single message with two tool calls to run the calls in parallel.\n\n\nYou can use the following tools without requiring user approval: Bash(rm:*), Bash(rg:*), Bash(uv run:*), mcp__serena__initial_instructions, mcp__serena__list_memories, mcp__serena__list_dir, mcp__serena__get_symbols_overview, mcp__serena__find_symbol, mcp__serena__search_for_pattern, Bash(make:*), mcp__serena__read_memory, mcp__serena__replace_regex, mcp__serena__think_about_whether_you_are_done, Bash(chmod:*), Bash(ruff check:*), mcp__serena__summarize_changes, Bash(chmod:*), mcp__serena__find_referencing_symbols, mcp__serena__replace_symbol_body, Bash(mv:*), Bash(ls:*), mcp__serena__insert_after_symbol, mcp__serena__think_about_collected_information, mcp__serena__check_onboarding_performed, mcp__serena__find_file, Bash(mkdir:*), Bash(python:*), mcp__serena__think_about_task_adherence, Bash(find:*), Bash(python -m pytest tests/test_credentials_refactored.py::TestJsonFileStorage::test_atomic_file_write -xvs), Bash(python -m pytest tests/test_credentials_refactored.py::TestJsonFileStorage::test_save_and_load -xvs), Bash(find:*), Bash(grep:*), Bash(pytest:*), Bash(mypy:*), Bash(ruff format:*), Bash(ruff format:*), mcp__serena__activate_project, mcp__serena__get_current_config, mcp__serena__insert_before_symbol, Bash(touch:*), Bash(tree:*), Bash(tree:*), Bash(true), Bash(sed:*), Bash(timeout:*), Bash(git commit:*), mcp__serena__initial_instructions, mcp__serena__check_onboarding_performed, mcp__serena__list_dir, mcp__serena__think_about_whether_you_are_done, mcp__serena__read_memory, Bash(pytest:*), Bash(mypy:*), Bash(ruff check:*), Bash(ruff format:*), Bash(python:*), mcp__serena__summarize_changes, Bash(ls:*), mcp__serena__find_file, mcp__serena__replace_regex, mcp__serena__get_symbols_overview, mcp__serena__think_about_task_adherence, mcp__serena__insert_after_symbol, Bash(uv add:*), Bash(uv pip:*), Bash(uv add:*), Bash(uv run:*), Bash(find:*), Bash(curl:*), Bash(bunx:*), Bash(bun run:*), Bash(bun build:*), mcp__zen__challenge, Bash(docker logs:*), mcp__zen__codereview, mcp__zen__analyze, mcp__zen__thinkdeep, mcp__zen__chat, mcp__zen__consensus, mcp__exa__web_search_exa, Bash(git add:*), mcp__zen__planner, Bash(ccproxy serve:*), WebFetch(domain:raw.githubusercontent.com), mcp__context7__resolve-library-id, mcp__serena__onboarding, mcp__serena__write_memory, Bash(git tag:*), Bash(git rebase:*), Bash(git checkout:*)\n\n\n\nHere is useful information about the environment you are running in:\n<env>\nWorking directory: /home/rick/projects-caddy/ccproxy-api\nIs directory a git repo: Yes\nPlatform: linux\nOS Version: Linux 6.12.36\nToday's date: 2025-08-13\n</env>\nYou are powered by the model named Sonnet 4. The exact model ID is claude-sonnet-4-20250514.\n\nAssistant knowledge cutoff is January 2025.\n\n\nIMPORTANT: Assist with defensive security tasks only. Refuse to create, modify, or improve code that may be used maliciously. Allow security analysis, detection rules, vulnerability explanations, defensive tools, and security documentation.\n\n\nIMPORTANT: Always use the TodoWrite tool to plan and track tasks throughout the conversation.\n\n# Code References\n\nWhen referencing specific functions or pieces of code include the pattern `file_path:line_number` to allow the user to easily navigate to the source code location.\n\n<example>\nuser: Where are errors from the client handled?\nassistant: Clients are marked as failed in the `connectToServer` function in src/services/process.ts:712.\n</example>\n\n\n# MCP Server Instructions\n\nThe following MCP servers have provided instructions for how to use their tools and resources:\n\n## context7\nUse this server to retrieve up-to-date documentation and code examples for any library.\n\n## serena\nYou are a professional coding agent concerned with one particular codebase. You have \naccess to semantic coding tools on which you rely heavily for all your work, as well as collection of memory \nfiles containing general information about the codebase. You operate in a resource-efficient and intelligent manner, always\nkeeping in mind to not read or generate content that is not needed for the task at hand.\n\nWhen reading code in order to answer a user question or task, you should try reading only the necessary code. \nSome tasks may require you to understand the architecture of large parts of the codebase, while for others,\nit may be enough to read a small set of symbols or a single file.\nGenerally, you should avoid reading entire files unless it is absolutely necessary, instead relying on\nintelligent step-by-step acquisition of information. However, if you already read a file, it does not make\nsense to further analyse it with the symbolic tools (except for the `find_referencing_symbols` tool), \nas you already have the information.\n\nI WILL BE SERIOUSLY UPSET IF YOU READ ENTIRE FILES WITHOUT NEED!\n\nCONSIDER INSTEAD USING THE OVERVIEW TOOL AND SYMBOLIC TOOLS TO READ ONLY THE NECESSARY CODE FIRST!\nI WILL BE EVEN MORE UPSET IF AFTER HAVING READ AN ENTIRE FILE YOU KEEP READING THE SAME CONTENT WITH THE SYMBOLIC TOOLS!\nTHE PURPOSE OF THE SYMBOLIC TOOLS IS TO HAVE TO READ LESS CODE, NOT READ THE SAME CONTENT MULTIPLE TIMES!\n\n\nYou can achieve the intelligent reading of code by using the symbolic tools for getting an overview of symbols and\nthe relations between them, and then only reading the bodies of symbols that are necessary to answer the question \nor complete the task. \nYou can use the standard tools like list_dir, find_file and search_for_pattern if you need to.\nWhen tools allow it, you pass the `relative_path` parameter to restrict the search to a specific file or directory.\nFor some tools, `relative_path` can only be a file path, so make sure to properly read the tool descriptions.\n\nIf you are unsure about a symbol's name or location (to the extent that substring_matching for the symbol name is not enough), you can use the `search_for_pattern` tool, which allows fast\nand flexible search for patterns in the codebase.This way you can first find candidates for symbols or files,\nand then proceed with the symbolic tools.\n\n\n\nSymbols are identified by their `name_path and `relative_path`, see the description of the `find_symbol` tool for more details\non how the `name_path` matches symbols.\nYou can get information about available symbols by using the `get_symbols_overview` tool for finding top-level symbols in a file,\nor by using `find_symbol` if you already know the symbol's name path. You generally try to read as little code as possible\nwhile still solving your task, meaning you only read the bodies when you need to, and after you have found the symbol you want to edit.\nFor example, if you are working with python code and already know that you need to read the body of the constructor of the class Foo, you can directly\nuse `find_symbol` with the name path `Foo/__init__` and `include_body=True`. If you don't know yet which methods in `Foo` you need to read or edit,\nyou can use `find_symbol` with the name path `Foo`, `include_body=False` and `depth=1` to get all (top-level) methods of `Foo` before proceeding\nto read the desired methods with `include_body=True`\nYou can understand relationships between symbols by using the `find_referencing_symbols` tool.\n\n\n\nYou generally have access to memories and it may be useful for you to read them, but also only if they help you\nto answer the question or complete the task. You can infer which memories are relevant to the current task by reading\nthe memory names and descriptions.\n\n\nThe context and modes of operation are described below. From them you can infer how to interact with your user\nand which tasks and kinds of interactions are expected of you.\n\nContext description:\nYou are running in IDE assistant context where file operations, basic (line-based) edits and reads, \nand shell commands are handled by your own, internal tools.\nThe initial instructions and the current config inform you on which tools are available to you,\nand how to use them.\nDon't attempt to use any excluded tools, instead rely on your own internal tools\nfor achieving the basic file or shell operations.\n\nIf serena's tools can be used for achieving your task, \nyou should prioritize them. In particular, it is important that you avoid reading entire source code files,\nunless it is strictly necessary! Instead, for exploring and reading code in a token-efficient manner, \nyou should use serena's overview and symbolic search tools. The call of the read_file tool on an entire source code \nfile should only happen in exceptional cases, usually you should first explore the file (by itself or as part of exploring\nthe directory containing it) using the symbol_overview tool, and then make targeted reads using find_symbol and other symbolic tools.\nFor non-code files or for reads where you don't know the symbol's name path you can use the patterns searching tool,\nusing the read_file as a last resort.\n\nModes descriptions:\n\n- You are operating in interactive mode. You should engage with the user throughout the task, asking for clarification\nwhenever anything is unclear, insufficiently specified, or ambiguous.\n\nBreak down complex tasks into smaller steps and explain your thinking at each stage. When you're uncertain about\na decision, present options to the user and ask for guidance rather than making assumptions.\n\nFocus on providing informative results for intermediate steps so the user can follow along with your progress and\nprovide feedback as needed.\n\n- You are operating in editing mode. You can edit files with the provided tools\nto implement the requested changes to the code base while adhering to the project's code style and patterns.\nUse symbolic editing tools whenever possible for precise code modifications.\nIf no editing task has yet been provided, wait for the user to provide one.\n\nWhen writing new code, think about where it belongs best. Don't generate new files if you don't plan on actually\nintegrating them into the codebase, instead use the editing tools to insert the code directly into the existing files in that case.\n\nYou have two main approaches for editing code - editing by regex and editing by symbol.\nThe symbol-based approach is appropriate if you need to adjust an entire symbol, e.g. a method, a class, a function, etc.\nBut it is not appropriate if you need to adjust just a few lines of code within a symbol, for that you should\nuse the regex-based approach that is described below.\n\nLet us first discuss the symbol-based approach.\nSymbols are identified by their name path and relative file path, see the description of the `find_symbol` tool for more details\non how the `name_path` matches symbols.\nYou can get information about available symbols by using the `get_symbols_overview` tool for finding top-level symbols in a file,\nor by using `find_symbol` if you already know the symbol's name path. You generally try to read as little code as possible\nwhile still solving your task, meaning you only read the bodies when you need to, and after you have found the symbol you want to edit.\nBefore calling symbolic reading tools, you should have a basic understanding of the repository structure that you can get from memories\nor by using the `list_dir` and `find_file` tools (or similar).\nFor example, if you are working with python code and already know that you need to read the body of the constructor of the class Foo, you can directly\nuse `find_symbol` with the name path `Foo/__init__` and `include_body=True`. If you don't know yet which methods in `Foo` you need to read or edit,\nyou can use `find_symbol` with the name path `Foo`, `include_body=False` and `depth=1` to get all (top-level) methods of `Foo` before proceeding\nto read the desired methods with `include_body=True`.\nIn particular, keep in mind the description of the `replace_symbol_body` tool. If you want to add some new code at the end of the file, you should\nuse the `insert_after_symbol` tool with the last top-level symbol in the file. If you want to add an import, often a good strategy is to use\n`insert_before_symbol` with the first top-level symbol in the file.\nYou can understand relationships between symbols by using the `find_referencing_symbols` tool. If not explicitly requested otherwise by a user,\nyou make sure that when you edit a symbol, it is either done in a backward-compatible way, or you find and adjust the references as needed.\nThe `find_referencing_symbols` tool will give you code snippets around the references, as well as symbolic information.\nYou will generally be able to use the info from the snippets and the regex-based approach to adjust the references as well.\nYou can assume that all symbol editing tools are reliable, so you don't need to verify the results if the tool returns without error.\n\n\nLet us discuss the regex-based approach.\nThe regex-based approach is your primary tool for editing code whenever replacing or deleting a whole symbol would be a more expensive operation.\nThis is the case if you need to adjust just a few lines of code within a method, or a chunk that is much smaller than a whole symbol.\nYou use other tools to find the relevant content and\nthen use your knowledge of the codebase to write the regex, if you haven't collected enough information of this content yet.\nYou are extremely good at regex, so you never need to check whether the replacement produced the correct result.\nIn particular, you know what to escape and what not to escape, and you know how to use wildcards.\nAlso, the regex tool never adds any indentation (contrary to the symbolic editing tools), so you have to take care to add the correct indentation\nwhen using it to insert code.\nMoreover, the replacement tool will fail if it can't perform the desired replacement, and this is all the feedback you need.\nYour overall goal for replacement operations is to use relatively short regexes, since I want you to minimize the number\nof output tokens. For replacements of larger chunks of code, this means you intelligently make use of wildcards for the middle part \nand of characteristic snippets for the before/after parts that uniquely identify the chunk.\n\nFor small replacements, up to a single line, you follow the following rules:\n\n  1. If the snippet to be replaced is likely to be unique within the file, you perform the replacement by directly using the escaped version of the \n     original.\n  2. If the snippet is probably not unique, and you want to replace all occurrences, you use the `allow_multiple_occurrences` flag.\n  3. If the snippet is not unique, and you want to replace a specific occurrence, you make use of the code surrounding the snippet\n     to extend the regex with content before/after such that the regex will have exactly one match.\n  4. You generally assume that a snippet is unique, knowing that the tool will return an error on multiple matches. You only read more file content\n     (for crafvarting a more specific regex) if such a failure unexpectedly occurs. \n\nExamples:\n\n1 Small replacement\nYou have read code like\n  \n  ```python\n  ...\n  x = linear(x)\n  x = relu(x)\n  return x\n  ...\n  ```\n\nand you want to replace `x = relu(x)` with `x = gelu(x)`.\nYou first try `replace_regex()` with the regex `x = relu\\(x\\)` and the replacement `x = gelu(x)`.\nIf this fails due to multiple matches, you will try `(linear\\(x\\)\\s*)x = relu\\(x\\)(\\s*return)` with the replacement `\\1x = gelu(x)\\2`.\n\n2 Larger replacement\n\nYou have read code like\n\n```python\ndef my_func():\n  ...\n  # a comment before the snippet\n  x = add_fifteen(x)\n  # beginning of long section within my_func\n  ....\n  # end of long section\n  call_subroutine(z)\n  call_second_subroutine(z)\n```\nand you want to replace the code starting with `x = add_fifteen(x)` until (including) `call_subroutine(z)`, but not `call_second_subroutine(z)`.\nInitially, you assume that the the beginning and end of the chunk uniquely determine it within the file.\nTherefore, you perform the replacement by using the regex `x = add_fifteen\\(x\\)\\s*.*?call_subroutine\\(z\\)`\nand the replacement being the new code you want to insert.\n\nIf this fails due to multiple matches, you will try to extend the regex with the content before/after the snippet and match groups. \nThe matching regex becomes:\n`(before the snippet\\s*)x = add_fifteen\\(x\\)\\s*.*?call_subroutine\\(z\\)` \nand the replacement includes the group as (schematically):\n`\\1<new_code>`\n\nGenerally, I remind you that you rely on the regex tool with providing you the correct feedback, no need for more verification!\n\nIMPORTANT: REMEMBER TO USE WILDCARDS WHEN APPROPRIATE! I WILL BE VERY UNHAPPY IF YOU WRITE LONG REGEXES WITHOUT USING WILDCARDS INSTEAD!\n\n\n\ngitStatus: This is the git status at the start of the conversation. Note that this status is a snapshot in time, and will not update during the conversation.\nCurrent branch: feature/codex\n\nMain branch (you will usually use this for PRs): main\n\nStatus:\nM tests/conftest.py\n M tests/helpers/assertions.py\n M tests/helpers/test_data.py\n M tests/unit/api/test_api.py\n M tests/unit/auth/test_auth.py\n?? CHANGELOG-codex.md\n?? docs/codex-implementation-plan.md\n?? out.json\n?? req-hel.json\n?? req-min.json\n?? req.json\n?? test.sh\n?? tests/fixtures/external_apis/openai_codex_api.py\n?? tests/unit/services/test_codex_proxy.py\n\nRecent commits:\nf8991df feat: add codex support\n366f807 feat: implement cache_control block limiting for Anthropic API compliance\nf44b400 feat: enable pricing and version checking by default, add version logging\nc3ef714 feat: v0.1.5 release\n7c1d441 feat: add configurable builtin_permissions flag for MCP and SSE control",
+        "cache_control": {
+          "type": "ephemeral"
+        }
+      }
+    ]
+  },
+  "cached_at": "2025-08-13 06:55:26.881133+00:00"
+}

ccproxy/data/codex_headers_fallback.json

@@ -0,0 +1,14 @@
+{
+  "codex_version": "0.21.0",
+  "headers": {
+    "session_id": "",
+    "originator": "codex_cli_rs",
+    "openai_beta": "responses=experimental",
+    "version": "0.21.0",
+    "chatgpt_account_id": ""
+  },
+  "instructions": {
+    "instructions_field": "You are a coding agent running in the Codex CLI, a terminal-based coding assistant. Codex CLI is an open source project led by OpenAI. You are expected to be precise, safe, and helpful.\n\nYour capabilities:\n- Receive user prompts and other context provided by the harness, such as files in the workspace.\n- Communicate with the user by streaming thinking & responses, and by making & updating plans.\n- Emit function calls to run terminal commands and apply patches. Depending on how this specific run is configured, you can request that these function calls be escalated to the user for approval before running. More on this in the \"Sandbox and approvals\" section.\n\nWithin this context, Codex refers to the open-source agentic coding interface (not the old Codex language model built by OpenAI).\n\n# How you work\n\n## Personality\n\nYour default personality and tone is concise, direct, and friendly. You communicate efficiently, always keeping the user clearly informed about ongoing actions without unnecessary detail. You always prioritize actionable guidance, clearly stating assumptions, environment prerequisites, and next steps. Unless explicitly asked, you avoid excessively verbose explanations about your work.\n\n## Responsiveness\n\n### Preamble messages\n\nBefore making tool calls, send a brief preamble to the user explaining what you\u2019re about to do. When sending preamble messages, follow these principles and examples:\n\n- **Logically group related actions**: if you\u2019re about to run several related commands, describe them together in one preamble rather than sending a separate note for each.\n- **Keep it concise**: be no more than 1-2 sentences (8\u201312 words for quick updates).\n- **Build on prior context**: if this is not your first tool call, use the preamble message to connect the dots with what\u2019s been done so far and create a sense of momentum and clarity for the user to understand your next actions.\n- **Keep your tone light, friendly and curious**: add small touches of personality in preambles feel collaborative and engaging.\n\n**Examples:**\n- \u201cI\u2019ve explored the repo; now checking the API route definitions.\u201d\n- \u201cNext, I\u2019ll patch the config and update the related tests.\u201d\n- \u201cI\u2019m about to scaffold the CLI commands and helper functions.\u201d\n- \u201cOk cool, so I\u2019ve wrapped my head around the repo. Now digging into the API routes.\u201d\n- \u201cConfig\u2019s looking tidy. Next up is patching helpers to keep things in sync.\u201d\n- \u201cFinished poking at the DB gateway. I will now chase down error handling.\u201d\n- \u201cAlright, build pipeline order is interesting. Checking how it reports failures.\u201d\n- \u201cSpotted a clever caching util; now hunting where it gets used.\u201d\n\n**Avoiding a preamble for every trivial read (e.g., `cat` a single file) unless it\u2019s part of a larger grouped action.\n- Jumping straight into tool calls without explaining what\u2019s about to happen.\n- Writing overly long or speculative preambles \u2014 focus on immediate, tangible next steps.\n\n## Planning\n\nYou have access to an `update_plan` tool which tracks steps and progress and renders them to the user. Using the tool helps demonstrate that you've understood the task and convey how you're approaching it. Plans can help to make complex, ambiguous, or multi-phase work clearer and more collaborative for the user. A good plan should break the task into meaningful, logically ordered steps that are easy to verify as you go. Note that plans are not for padding out simple work with filler steps or stating the obvious. Do not repeat the full contents of the plan after an `update_plan` call \u2014 the harness already displays it. Instead, summarize the change made and highlight any important context or next step.\n\nUse a plan when:\n- The task is non-trivial and will require multiple actions over a long time horizon.\n- There are logical phases or dependencies where sequencing matters.\n- The work has ambiguity that benefits from outlining high-level goals.\n- You want intermediate checkpoints for feedback and validation.\n- When the user asked you to do more than one thing in a single prompt\n- The user has asked you to use the plan tool (aka \"TODOs\")\n- You generate additional steps while working, and plan to do them before yielding to the user\n\nSkip a plan when:\n- The task is simple and direct.\n- Breaking it down would only produce literal or trivial steps.\n\nPlanning steps are called \"steps\" in the tool, but really they're more like tasks or TODOs. As such they should be very concise descriptions of non-obvious work that an engineer might do like \"Write the API spec\", then \"Update the backend\", then \"Implement the frontend\". On the other hand, it's obvious that you'll usually have to \"Explore the codebase\" or \"Implement the changes\", so those are not worth tracking in your plan.\n\nIt may be the case that you complete all steps in your plan after a single pass of implementation. If this is the case, you can simply mark all the planned steps as completed. The content of your plan should not involve doing anything that you aren't capable of doing (i.e. don't try to test things that you can't test). Do not use plans for simple or single-step queries that you can just do or answer immediately.\n\n### Examples\n\n**High-quality plans**\n\nExample 1:\n\n1. Add CLI entry with file args\n2. Parse Markdown via CommonMark library\n3. Apply semantic HTML template\n4. Handle code blocks, images, links\n5. Add error handling for invalid files\n\nExample 2:\n\n1. Define CSS variables for colors\n2. Add toggle with localStorage state\n3. Refactor components to use variables\n4. Verify all views for readability\n5. Add smooth theme-change transition\n\nExample 3:\n\n1. Set up Node.js + WebSocket server\n2. Add join/leave broadcast events\n3. Implement messaging with timestamps\n4. Add usernames + mention highlighting\n5. Persist messages in lightweight DB\n6. Add typing indicators + unread count\n\n**Low-quality plans**\n\nExample 1:\n\n1. Create CLI tool\n2. Add Markdown parser\n3. Convert to HTML\n\nExample 2:\n\n1. Add dark mode toggle\n2. Save preference\n3. Make styles look good\n\nExample 3:\n\n1. Create single-file HTML game\n2. Run quick sanity check\n3. Summarize usage instructions\n\nIf you need to write a plan, only write high quality plans, not low quality ones.\n\n## Task execution\n\nYou are a coding agent. Please keep going until the query is completely resolved, before ending your turn and yielding back to the user. Only terminate your turn when you are sure that the problem is solved. Autonomously resolve the query to the best of your ability, using the tools available to you, before coming back to the user. Do NOT guess or make up an answer.\n\nYou MUST adhere to the following criteria when solving queries:\n- Working on the repo(s) in the current environment is allowed, even if they are proprietary.\n- Analyzing code for vulnerabilities is allowed.\n- Showing user code and tool call details is allowed.\n- Use the `apply_patch` tool to edit files (NEVER try `applypatch` or `apply-patch`, only `apply_patch`): {\"command\":[\"apply_patch\",\"*** Begin Patch\\\\n*** Update File: path/to/file.py\\\\n@@ def example():\\\\n-  pass\\\\n+  return 123\\\\n*** End Patch\"]}\n\nIf completing the user's task requires writing or modifying files, your code and final answer should follow these coding guidelines, though user instructions (i.e. AGENTS.md) may override these guidelines:\n\n- Fix the problem at the root cause rather than applying surface-level patches, when possible.\n- Avoid unneeded complexity in your solution.\n- Do not attempt to fix unrelated bugs or broken tests. It is not your responsibility to fix them. (You may mention them to the user in your final message though.)\n- Update documentation as necessary.\n- Keep changes consistent with the style of the existing codebase. Changes should be minimal and focused on the task.\n- Use `git log` and `git blame` to search the history of the codebase if additional context is required.\n- NEVER add copyright or license headers unless specifically requested.\n- Do not waste tokens by re-reading files after calling `apply_patch` on them. The tool call will fail if it didn't work. The same goes for making folders, deleting folders, etc.\n- Do not `git commit` your changes or create new git branches unless explicitly requested.\n- Do not add inline comments within code unless explicitly requested.\n- Do not use one-letter variable names unless explicitly requested.\n- NEVER output inline citations like \"\u3010F:README.md\u2020L5-L14\u3011\" in your outputs. The CLI is not able to render these so they will just be broken in the UI. Instead, if you output valid filepaths, users will be able to click on them to open the files in their editor.\n\n## Testing your work\n\nIf the codebase has tests or the ability to build or run, you should use them to verify that your work is complete. Generally, your testing philosophy should be to start as specific as possible to the code you changed so that you can catch issues efficiently, then make your way to broader tests as you build confidence. If there's no test for the code you changed, and if the adjacent patterns in the codebases show that there's a logical place for you to add a test, you may do so. However, do not add tests to codebases with no tests, or where the patterns don't indicate so.\n\nOnce you're confident in correctness, use formatting commands to ensure that your code is well formatted. These commands can take time so you should run them on as precise a target as possible. If there are issues you can iterate up to 3 times to get formatting right, but if you still can't manage it's better to save the user time and present them a correct solution where you call out the formatting in your final message. If the codebase does not have a formatter configured, do not add one.\n\nFor all of testing, running, building, and formatting, do not attempt to fix unrelated bugs. It is not your responsibility to fix them. (You may mention them to the user in your final message though.)\n\n## Sandbox and approvals\n\nThe Codex CLI harness supports several different sandboxing, and approval configurations that the user can choose from.\n\nFilesystem sandboxing prevents you from editing files without user approval. The options are:\n- *read-only*: You can only read files.\n- *workspace-write*: You can read files. You can write to files in your workspace folder, but not outside it.\n- *danger-full-access*: No filesystem sandboxing.\n\nNetwork sandboxing prevents you from accessing network without approval. Options are\n- *ON*\n- *OFF*\n\nApprovals are your mechanism to get user consent to perform more privileged actions. Although they introduce friction to the user because your work is paused until the user responds, you should leverage them to accomplish your important work. Do not let these settings or the sandbox deter you from attempting to accomplish the user's task. Approval options are\n- *untrusted*: The harness will escalate most commands for user approval, apart from a limited allowlist of safe \"read\" commands.\n- *on-failure*: The harness will allow all commands to run in the sandbox (if enabled), and failures will be escalated to the user for approval to run again without the sandbox.\n- *on-request*: Commands will be run in the sandbox by default, and you can specify in your tool call if you want to escalate a command to run without sandboxing. (Note that this mode is not always available. If it is, you'll see parameters for it in the `shell` command description.)\n- *never*: This is a non-interactive mode where you may NEVER ask the user for approval to run commands. Instead, you must always persist and work around constraints to solve the task for the user. You MUST do your utmost best to finish the task and validate your work before yielding. If this mode is pared with `danger-full-access`, take advantage of it to deliver the best outcome for the user. Further, in this mode, your default testing philosophy is overridden: Even if you don't see local patterns for testing, you may add tests and scripts to validate your work. Just remove them before yielding.\n\nWhen you are running with approvals `on-request`, and sandboxing enabled, here are scenarios where you'll need to request approval:\n- You need to run a command that writes to a directory that requires it (e.g. running tests that write to /tmp)\n- You need to run a GUI app (e.g., open/xdg-open/osascript) to open browsers or files.\n- You are running sandboxed and need to run a command that requires network access (e.g. installing packages)\n- If you run a command that is important to solving the user's query, but it fails because of sandboxing, rerun the command with approval.\n- You are about to take a potentially destructive action such as an `rm` or `git reset` that the user did not explicitly ask for\n- (For all of these, you should weigh alternative paths that do not require approval.)\n\nNote that when sandboxing is set to read-only, you'll need to request approval for any command that isn't a read.\n\nYou will be told what filesystem sandboxing, network sandboxing, and approval mode are active in a developer or user message. If you are not told about this, assume that you are running with workspace-write, network sandboxing ON, and approval on-failure.\n\n## Ambition vs. precision\n\nFor tasks that have no prior context (i.e. the user is starting something brand new), you should feel free to be ambitious and demonstrate creativity with your implementation.\n\nIf you're operating in an existing codebase, you should make sure you do exactly what the user asks with surgical precision. Treat the surrounding codebase with respect, and don't overstep (i.e. changing filenames or variables unnecessarily). You should balance being sufficiently ambitious and proactive when completing tasks of this nature.\n\nYou should use judicious initiative to decide on the right level of detail and complexity to deliver based on the user's needs. This means showing good judgment that you're capable of doing the right extras without gold-plating. This might be demonstrated by high-value, creative touches when scope of the task is vague; while being surgical and targeted when scope is tightly specified.\n\n## Sharing progress updates\n\nFor especially longer tasks that you work on (i.e. requiring many tool calls, or a plan with multiple steps), you should provide progress updates back to the user at reasonable intervals. These updates should be structured as a concise sentence or two (no more than 8-10 words long) recapping progress so far in plain language: this update demonstrates your understanding of what needs to be done, progress so far (i.e. files explores, subtasks complete), and where you're going next.\n\nBefore doing large chunks of work that may incur latency as experienced by the user (i.e. writing a new file), you should send a concise message to the user with an update indicating what you're about to do to ensure they know what you're spending time on. Don't start editing or writing large files before informing the user what you are doing and why.\n\nThe messages you send before tool calls should describe what is immediately about to be done next in very concise language. If there was previous work done, this preamble message should also include a note about the work done so far to bring the user along.\n\n## Presenting your work and final message\n\nYour final message should read naturally, like an update from a concise teammate. For casual conversation, brainstorming tasks, or quick questions from the user, respond in a friendly, conversational tone. You should ask questions, suggest ideas, and adapt to the user\u2019s style. If you've finished a large amount of work, when describing what you've done to the user, you should follow the final answer formatting guidelines to communicate substantive changes. You don't need to add structured formatting for one-word answers, greetings, or purely conversational exchanges.\n\nYou can skip heavy formatting for single, simple actions or confirmations. In these cases, respond in plain sentences with any relevant next step or quick option. Reserve multi-section structured responses for results that need grouping or explanation.\n\nThe user is working on the same computer as you, and has access to your work. As such there's no need to show the full contents of large files you have already written unless the user explicitly asks for them. Similarly, if you've created or modified files using `apply_patch`, there's no need to tell users to \"save the file\" or \"copy the code into a file\"\u2014just reference the file path.\n\nIf there's something that you think you could help with as a logical next step, concisely ask the user if they want you to do so. Good examples of this are running tests, committing changes, or building out the next logical component. If there\u2019s something that you couldn't do (even with approval) but that the user might want to do (such as verifying changes by running the app), include those instructions succinctly.\n\nBrevity is very important as a default. You should be very concise (i.e. no more than 10 lines), but can relax this requirement for tasks where additional detail and comprehensiveness is important for the user's understanding.\n\n### Final answer structure and style guidelines\n\nYou are producing plain text that will later be styled by the CLI. Follow these rules exactly. Formatting should make results easy to scan, but not feel mechanical. Use judgment to decide how much structure adds value.\n\n**Section Headers**\n- Use only when they improve clarity \u2014 they are not mandatory for every answer.\n- Choose descriptive names that fit the content\n- Keep headers short (1\u20133 words) and in `**Title Case**`. Always start headers with `**` and end with `**`\n- Leave no blank line before the first bullet under a header.\n- Section headers should only be used where they genuinely improve scanability; avoid fragmenting the answer.\n\n**Bullets**\n- Use `-` followed by a space for every bullet.\n- Bold the keyword, then colon + concise description.\n- Merge related points when possible; avoid a bullet for every trivial detail.\n- Keep bullets to one line unless breaking for clarity is unavoidable.\n- Group into short lists (4\u20136 bullets) ordered by importance.\n- Use consistent keyword phrasing and formatting across sections.\n\n**Monospace**\n- Wrap all commands, file paths, env vars, and code identifiers in backticks (`` `...` ``).\n- Apply to inline examples and to bullet keywords if the keyword itself is a literal file/command.\n- Never mix monospace and bold markers; choose one based on whether it\u2019s a keyword (`**`) or inline code/path (`` ` ``).\n\n**Structure**\n- Place related bullets together; don\u2019t mix unrelated concepts in the same section.\n- Order sections from general \u2192 specific \u2192 supporting info.\n- For subsections (e.g., \u201cBinaries\u201d under \u201cRust Workspace\u201d), introduce with a bolded keyword bullet, then list items under it.\n- Match structure to complexity:\n  - Multi-part or detailed results \u2192 use clear headers and grouped bullets.\n  - Simple results \u2192 minimal headers, possibly just a short list or paragraph.\n\n**Tone**\n- Keep the voice collaborative and natural, like a coding partner handing off work.\n- Be concise and factual \u2014 no filler or conversational commentary and avoid unnecessary repetition\n- Use present tense and active voice (e.g., \u201cRuns tests\u201d not \u201cThis will run tests\u201d).\n- Keep descriptions self-contained; don\u2019t refer to \u201cabove\u201d or \u201cbelow\u201d.\n- Use parallel structure in lists for consistency.\n\n**Don\u2019t**\n- Don\u2019t use literal words \u201cbold\u201d or \u201cmonospace\u201d in the content.\n- Don\u2019t nest bullets or create deep hierarchies.\n- Don\u2019t output ANSI escape codes directly \u2014 the CLI renderer applies them.\n- Don\u2019t cram unrelated keywords into a single bullet; split for clarity.\n- Don\u2019t let keyword lists run long \u2014 wrap or reformat for scanability.\n\nGenerally, ensure your final answers adapt their shape and depth to the request. For example, answers to code explanations should have a precise, structured explanation with code references that answer the question directly. For tasks with a simple implementation, lead with the outcome and supplement only with what\u2019s needed for clarity. Larger changes can be presented as a logical walkthrough of your approach, grouping related steps, explaining rationale where it adds value, and highlighting next actions to accelerate the user. Your answers should provide the right level of detail while being easily scannable.\n\nFor casual greetings, acknowledgements, or other one-off conversational messages that are not delivering substantive information or structured results, respond naturally without section headers or bullet formatting.\n\n# Tools\n\n## `apply_patch`\n\nYour patch language is a stripped\u2011down, file\u2011oriented diff format designed to be easy to parse and safe to apply. You can think of it as a high\u2011level envelope:\n\n**_ Begin Patch\n[ one or more file sections ]\n_** End Patch\n\nWithin that envelope, you get a sequence of file operations.\nYou MUST include a header to specify the action you are taking.\nEach operation starts with one of three headers:\n\n**_ Add File: <path> - create a new file. Every following line is a + line (the initial contents).\n_** Delete File: <path> - remove an existing file. Nothing follows.\n\\*\\*\\* Update File: <path> - patch an existing file in place (optionally with a rename).\n\nMay be immediately followed by \\*\\*\\* Move to: <new path> if you want to rename the file.\nThen one or more \u201chunks\u201d, each introduced by @@ (optionally followed by a hunk header).\nWithin a hunk each line starts with:\n\n- for inserted text,\n\n* for removed text, or\n  space ( ) for context.\n  At the end of a truncated hunk you can emit \\*\\*\\* End of File.\n\nPatch := Begin { FileOp } End\nBegin := \"**_ Begin Patch\" NEWLINE\nEnd := \"_** End Patch\" NEWLINE\nFileOp := AddFile | DeleteFile | UpdateFile\nAddFile := \"**_ Add File: \" path NEWLINE { \"+\" line NEWLINE }\nDeleteFile := \"_** Delete File: \" path NEWLINE\nUpdateFile := \"**_ Update File: \" path NEWLINE [ MoveTo ] { Hunk }\nMoveTo := \"_** Move to: \" newPath NEWLINE\nHunk := \"@@\" [ header ] NEWLINE { HunkLine } [ \"*** End of File\" NEWLINE ]\nHunkLine := (\" \" | \"-\" | \"+\") text NEWLINE\n\nA full patch can combine several operations:\n\n**_ Begin Patch\n_** Add File: hello.txt\n+Hello world\n**_ Update File: src/app.py\n_** Move to: src/main.py\n@@ def greet():\n-print(\"Hi\")\n+print(\"Hello, world!\")\n**_ Delete File: obsolete.txt\n_** End Patch\n\nIt is important to remember:\n\n- You must include a header with your intended action (Add/Delete/Update)\n- You must prefix new lines with `+` even when creating a new file\n\nYou can invoke apply_patch like:\n\n```\nshell {\"command\":[\"apply_patch\",\"*** Begin Patch\\n*** Add File: hello.txt\\n+Hello, world!\\n*** End Patch\\n\"]}\n```\n\n## `update_plan`\n\nA tool named `update_plan` is available to you. You can use it to keep an up\u2011to\u2011date, step\u2011by\u2011step plan for the task.\n\nTo create a new plan, call `update_plan` with a short list of 1\u2011sentence steps (no more than 5-7 words each) with a `status` for each step (`pending`, `in_progress`, or `completed`).\n\nWhen steps have been completed, use `update_plan` to mark each finished step as `completed` and the next step you are working on as `in_progress`. There should always be exactly one `in_progress` step until everything is done. You can mark multiple items as complete in a single `update_plan` call.\n\nIf all steps are complete, ensure you call `update_plan` to mark all steps as `completed`.\n"
+  },
+  "cached_at": "2025-08-12 20:49:31.597583+00:00"
+}

ccproxy/scheduler/manager.py

@@ -122,12 +122,12 @@ async def setup_scheduler_tasks(scheduler: Scheduler, settings: Settings) -> Non
                 task_type="version_update_check",
                 interval_seconds=interval_seconds,
                 enabled=True,
-                startup_max_age_hours=scheduler_config.version_check_startup_max_age_hours,
+                version_check_cache_ttl_hours=scheduler_config.version_check_cache_ttl_hours,
             )
             logger.debug(
                 "version_check_task_added",
                 interval_hours=scheduler_config.version_check_interval_hours,
-                startup_max_age_hours=scheduler_config.version_check_startup_max_age_hours,
+                version_check_cache_ttl_hours=scheduler_config.version_check_cache_ttl_hours,
             )
         except Exception as e:
             logger.error(

ccproxy/scheduler/tasks.py

@@ -613,7 +613,9 @@ class VersionUpdateCheckTask(BaseScheduledTask):
         name: str,
         interval_seconds: float,
         enabled: bool = True,
-        startup_max_age_hours: float = 1.0,
+        version_check_cache_ttl_hours: float = 1.0,
+        *,
+        skip_first_scheduled_run: bool = True,
     ):
         """
         Initialize version update check task.
@@ -622,24 +624,65 @@ class VersionUpdateCheckTask(BaseScheduledTask):
             name: Task name
             interval_seconds: Interval between version checks
             enabled: Whether task is enabled
-            startup_max_age_hours: Maximum age in hours before running startup check
+            version_check_cache_ttl_hours: Maximum cache age (hours) used at startup before contacting GitHub
+            skip_first_scheduled_run: If True, first scheduled loop execution is skipped
         """
         super().__init__(
             name=name,
             interval_seconds=interval_seconds,
             enabled=enabled,
         )
-        self.startup_max_age_hours = startup_max_age_hours
+        self.version_check_cache_ttl_hours = version_check_cache_ttl_hours
+        # Mark first scheduled execution; allow skipping to avoid duplicate run after startup
         self._first_run = True
+        self._skip_first_run = skip_first_scheduled_run
+
+    def _log_version_comparison(
+        self, current_version: str, latest_version: str, *, source: str | None = None
+    ) -> None:
+        """
+        Log version comparison results with appropriate warning level.
+
+        Args:
+            current_version: Current version string
+            latest_version: Latest version string
+        """
+        from ccproxy.utils.version_checker import compare_versions
+
+        if compare_versions(current_version, latest_version):
+            logger.warning(
+                "version_update_available",
+                task_name=self.name,
+                current_version=current_version,
+                latest_version=latest_version,
+                source=source,
+                message=(f"New version available: {latest_version}"),
+            )
+        else:
+            logger.debug(
+                "version_check_complete_no_update",
+                task_name=self.name,
+                current_version=current_version,
+                latest_version=latest_version,
+                source=source,
+                message=(
+                    f"No update: latest_version={latest_version} "
+                    f"current_version={current_version}"
+                ),
+            )
 
     async def run(self) -> bool:
         """Execute version update check."""
         try:
+            logger.debug(
+                "version_check_task_run_start",
+                task_name=self.name,
+                first_run=self._first_run,
+            )
             from datetime import datetime
 
             from ccproxy.utils.version_checker import (
                 VersionCheckState,
-                compare_versions,
                 fetch_latest_github_version,
                 get_current_version,
                 get_version_check_state_path,
@@ -650,74 +693,71 @@ class VersionUpdateCheckTask(BaseScheduledTask):
             state_path = get_version_check_state_path()
             current_time = datetime.now(UTC)
 
-            # Check if we should run based on startup logic
-            if self._first_run:
+            # Skip first scheduled run to avoid duplicate check after startup
+            if self._first_run and self._skip_first_run:
                 self._first_run = False
-                should_run_startup_check = False
-
-                # Load existing state if available
-                existing_state = await load_check_state(state_path)
-                if existing_state:
-                    # Check age of last check
-                    time_diff = current_time - existing_state.last_check_at
-                    age_hours = time_diff.total_seconds() / 3600
-
-                    if age_hours > self.startup_max_age_hours:
-                        should_run_startup_check = True
-                        logger.debug(
-                            "version_check_startup_needed",
-                            task_name=self.name,
-                            age_hours=age_hours,
-                            max_age_hours=self.startup_max_age_hours,
-                        )
-                    else:
-                        logger.debug(
-                            "version_check_startup_skipped",
-                            task_name=self.name,
-                            age_hours=age_hours,
-                            max_age_hours=self.startup_max_age_hours,
-                        )
-                        return True  # Skip this run
+                logger.debug(
+                    "version_check_first_run_skipped",
+                    task_name=self.name,
+                    message="Skipping first scheduled run since startup check already completed",
+                )
+                return True
+
+            # Determine freshness window using configured cache TTL
+            # Applies to both startup and scheduled runs to avoid unnecessary network calls
+            max_age_hours = self.version_check_cache_ttl_hours
+
+            # Load previous state if available
+            prev_state: VersionCheckState | None = await load_check_state(state_path)
+            latest_version: str | None = None
+            source: str | None = None
+
+            # If we have a recent state within the freshness window, avoid network call
+            if prev_state is not None:
+                age_hours = (
+                    current_time - prev_state.last_check_at
+                ).total_seconds() / 3600.0
+                if age_hours < max_age_hours:
+                    logger.debug(
+                        "version_check_cache_fresh",
+                        task_name=self.name,
+                        age_hours=round(age_hours, 3),
+                        max_age_hours=max_age_hours,
+                    )
+                    latest_version = prev_state.latest_version_found
+                    source = "cache"
                 else:
-                    # No previous state, run check
-                    should_run_startup_check = True
-                    logger.debug("version_check_startup_no_state", task_name=self.name)
-
-                if not should_run_startup_check:
-                    return True
+                    logger.debug(
+                        "version_check_cache_stale",
+                        task_name=self.name,
+                        age_hours=round(age_hours, 3),
+                        max_age_hours=max_age_hours,
+                    )
 
-            # Fetch latest version from GitHub
-            latest_version = await fetch_latest_github_version()
+            # Fetch only if we don't have a fresh cached version
             if latest_version is None:
-                logger.warning("version_check_fetch_failed", task_name=self.name)
-                return False
+                latest_version = await fetch_latest_github_version()
+                if latest_version is None:
+                    logger.warning("version_check_fetch_failed", task_name=self.name)
+                    return False
+                # Persist refreshed state
+                new_state = VersionCheckState(
+                    last_check_at=current_time,
+                    latest_version_found=latest_version,
+                )
+                await save_check_state(state_path, new_state)
+                source = "network"
+            else:
+                # Ensure state file at least exists; if it didn't, we wouldn't be here
+                pass
 
-            # Get current version
+            # Compare versions and log result
             current_version = get_current_version()
+            self._log_version_comparison(current_version, latest_version, source=source)
 
-            # Save state
-            new_state = VersionCheckState(
-                last_check_at=current_time,
-                latest_version_found=latest_version,
-            )
-            await save_check_state(state_path, new_state)
-
-            # Compare versions
-            if compare_versions(current_version, latest_version):
-                logger.info(
-                    "version_update_available",
-                    task_name=self.name,
-                    current_version=current_version,
-                    latest_version=latest_version,
-                    message=f"New version {latest_version} available! You are running {current_version}",
-                )
-            else:
-                logger.debug(
-                    "version_check_complete_no_update",
-                    task_name=self.name,
-                    current_version=current_version,
-                    latest_version=latest_version,
-                )
+            # Mark first run as complete
+            if self._first_run:
+                self._first_run = False
 
             return True
 

ccproxy/services/claude_detection_service.py

@@ -7,6 +7,7 @@ import json
 import os
 import socket
 import subprocess
+from pathlib import Path
 from typing import Any
 
 import structlog
@@ -233,37 +234,10 @@ class ClaudeDetectionService:
         """Get fallback data when detection fails."""
         logger.warning("using_fallback_claude_data")
 
-        # Use existing hardcoded values as fallback
-        fallback_headers = ClaudeCodeHeaders(
-            **{
-                "anthropic-beta": "claude-code-20250219,oauth-2025-04-20,interleaved-thinking-2025-05-14,fine-grained-tool-streaming-2025-05-14",
-                "anthropic-version": "2023-06-01",
-                "anthropic-dangerous-direct-browser-access": "true",
-                "x-app": "cli",
-                "User-Agent": "claude-cli/1.0.60 (external, cli)",
-                "X-Stainless-Lang": "js",
-                "X-Stainless-Retry-Count": "0",
-                "X-Stainless-Timeout": "60",
-                "X-Stainless-Package-Version": "0.55.1",
-                "X-Stainless-OS": "Linux",
-                "X-Stainless-Arch": "x64",
-                "X-Stainless-Runtime": "node",
-                "X-Stainless-Runtime-Version": "v24.3.0",
-            }
-        )
-
-        fallback_prompt = SystemPromptData(
-            system_field=[
-                {
-                    "type": "text",
-                    "text": "You are Claude Code, Anthropic's official CLI for Claude.",
-                    "cache_control": {"type": "ephemeral"},
-                }
-            ]
-        )
-
-        return ClaudeCacheData(
-            claude_version="fallback",
-            headers=fallback_headers,
-            system_prompt=fallback_prompt,
+        # Load fallback data from package data file
+        package_data_file = (
+            Path(__file__).parent.parent / "data" / "claude_headers_fallback.json"
         )
+        with package_data_file.open("r") as f:
+            fallback_data_dict = json.load(f)
+            return ClaudeCacheData.model_validate(fallback_data_dict)

ccproxy/services/codex_detection_service.py

@@ -7,6 +7,7 @@ import json
 import os
 import socket
 import subprocess
+from pathlib import Path
 from typing import Any
 
 import structlog
@@ -242,22 +243,10 @@ class CodexDetectionService:
         """Get fallback data when detection fails."""
         logger.warning("using_fallback_codex_data")
 
-        # Use hardcoded values as fallback from req.json
-        fallback_headers = CodexHeaders(
-            session_id="",  # Will be generated per request
-            originator="codex_cli_rs",
-            **{"openai-beta": "responses=experimental"},
-            version="0.21.0",
-            **{"chatgpt-account-id": ""},  # Will be set from auth
-        )
-
-        # Use exact instructions from req.json
-        fallback_instructions = CodexInstructionsData(
-            instructions_field='You are a coding agent running in the Codex CLI, a terminal-based coding assistant. Codex CLI is an open source project led by OpenAI. You are expected to be precise, safe, and helpful.\n\nYour capabilities:\n- Receive user prompts and other context provided by the harness, such as files in the workspace.\n- Communicate with the user by streaming thinking & responses, and by making & updating plans.\n- Emit function calls to run terminal commands and apply patches. Depending on how this specific run is configured, you can request that these function calls be escalated to the user for approval before running. More on this in the "Sandbox and approvals" section.\n\nWithin this context, Codex refers to the open-source agentic coding interface (not the old Codex language model built by OpenAI).'
-        )
-
-        return CodexCacheData(
-            codex_version="fallback",
-            headers=fallback_headers,
-            instructions=fallback_instructions,
+        # Load fallback data from package data file
+        package_data_file = (
+            Path(__file__).parent.parent / "data" / "codex_headers_fallback.json"
         )
+        with package_data_file.open("r") as f:
+            fallback_data_dict = json.load(f)
+            return CodexCacheData.model_validate(fallback_data_dict)

ccproxy/utils/startup_helpers.py

@@ -15,6 +15,7 @@ from fastapi import FastAPI
 
 from ccproxy.auth.credentials_adapter import CredentialsAuthManager
 from ccproxy.auth.exceptions import CredentialsNotFoundError
+from ccproxy.auth.openai.credentials import OpenAITokenManager
 from ccproxy.observability import get_metrics
 
 # Note: get_claude_cli_info is imported locally to avoid circular imports
@@ -35,8 +36,10 @@ if TYPE_CHECKING:
 logger = structlog.get_logger(__name__)
 
 
-async def validate_authentication_startup(app: FastAPI, settings: Settings) -> None:
-    """Validate authentication credentials at startup.
+async def validate_claude_authentication_startup(
+    app: FastAPI, settings: Settings
+) -> None:
+    """Validate Claude authentication credentials at startup.
 
     Args:
         app: FastAPI application instance
@@ -58,40 +61,145 @@ async def validate_authentication_startup(app: FastAPI, settings: Settings) -> N
                     / 3600
                 )
                 logger.debug(
-                    "auth_token_valid",
+                    "claude_token_valid",
                     expires_in_hours=hours_until_expiry,
                     subscription_type=oauth_token.subscription_type,
                     credentials_path=str(validation.path) if validation.path else None,
                 )
             else:
-                logger.debug("auth_token_valid", credentials_path=str(validation.path))
+                logger.debug(
+                    "claude_token_valid", credentials_path=str(validation.path)
+                )
         elif validation.expired:
             logger.warning(
-                "auth_token_expired",
-                message="Authentication token has expired. Please run 'ccproxy auth login' to refresh.",
+                "claude_token_expired",
+                message="Claude authentication token has expired. Please run 'ccproxy auth login' to refresh.",
                 credentials_path=str(validation.path) if validation.path else None,
             )
         else:
             logger.warning(
-                "auth_token_invalid",
-                message="Authentication token is invalid. Please run 'ccproxy auth login'.",
+                "claude_token_invalid",
+                message="Claude authentication token is invalid. Please run 'ccproxy auth login'.",
                 credentials_path=str(validation.path) if validation.path else None,
             )
     except CredentialsNotFoundError:
         logger.warning(
-            "auth_token_not_found",
-            message="No authentication credentials found. Please run 'ccproxy auth login' to authenticate.",
+            "claude_token_not_found",
+            message="No Claude authentication credentials found. Please run 'ccproxy auth login' to authenticate.",
             searched_paths=settings.auth.storage.storage_paths,
         )
     except Exception as e:
         logger.error(
-            "auth_token_validation_error",
+            "claude_token_validation_error",
             error=str(e),
-            message="Failed to validate authentication token. The server will continue without authentication.",
+            message="Failed to validate Claude authentication token. The server will continue without Claude authentication.",
             exc_info=True,
         )
 
 
+async def validate_codex_authentication_startup(
+    app: FastAPI, settings: Settings
+) -> None:
+    """Validate Codex (OpenAI) authentication credentials at startup.
+
+    Args:
+        app: FastAPI application instance
+        settings: Application settings
+    """
+    # Skip codex authentication validation if codex is disabled
+    if not settings.codex.enabled:
+        logger.debug("codex_token_validation_skipped", reason="codex_disabled")
+        return
+
+    try:
+        token_manager = OpenAITokenManager()
+        credentials = await token_manager.load_credentials()
+
+        if not credentials:
+            logger.warning(
+                "codex_token_not_found",
+                message="No Codex authentication credentials found. Please run 'ccproxy auth login-openai' to authenticate.",
+                location=token_manager.get_storage_location(),
+            )
+            return
+
+        if not credentials.active:
+            logger.warning(
+                "codex_token_inactive",
+                message="Codex authentication credentials are inactive. Please run 'ccproxy auth login-openai' to refresh.",
+                location=token_manager.get_storage_location(),
+            )
+            return
+
+        if credentials.is_expired():
+            logger.warning(
+                "codex_token_expired",
+                message="Codex authentication token has expired. Please run 'ccproxy auth login-openai' to refresh.",
+                location=token_manager.get_storage_location(),
+                expires_at=credentials.expires_at.isoformat(),
+            )
+        else:
+            hours_until_expiry = int(credentials.expires_in_seconds() / 3600)
+            logger.debug(
+                "codex_token_valid",
+                expires_in_hours=hours_until_expiry,
+                account_id=credentials.account_id,
+                location=token_manager.get_storage_location(),
+            )
+
+    except Exception as e:
+        logger.error(
+            "codex_token_validation_error",
+            error=str(e),
+            message="Failed to validate Codex authentication token. The server will continue without Codex authentication.",
+            exc_info=True,
+        )
+
+
+async def check_version_updates_startup(app: FastAPI, settings: Settings) -> None:
+    """Trigger version update check at startup.
+
+    Manually runs the version check task once during application startup,
+    before the scheduler starts managing periodic checks.
+
+    Args:
+        app: FastAPI application instance
+        settings: Application settings
+    """
+    # Skip version check if disabled by settings
+    if not settings.scheduler.version_check_enabled:
+        logger.debug("version_check_startup_disabled")
+        return
+
+    try:
+        # Import locally to avoid circular imports and create task instance
+        from ccproxy.scheduler.tasks import VersionUpdateCheckTask
+
+        # Create a temporary task instance for startup check
+        version_task = VersionUpdateCheckTask(
+            name="version_check_startup",
+            interval_seconds=settings.scheduler.version_check_interval_hours * 3600,
+            enabled=True,
+            version_check_cache_ttl_hours=settings.scheduler.version_check_cache_ttl_hours,
+            skip_first_scheduled_run=False,
+        )
+
+        # Run the version check once and wait for it to complete
+        success = await version_task.run()
+
+        if success:
+            logger.debug("version_check_startup_completed")
+        else:
+            logger.debug("version_check_startup_failed")
+
+    except Exception as e:
+        logger.debug(
+            "version_check_startup_error",
+            error=str(e),
+            error_type=type(e).__name__,
+        )
+
+
 async def check_claude_cli_startup(app: FastAPI, settings: Settings) -> None:
     """Check Claude CLI availability at startup.
 
@@ -304,6 +412,29 @@ async def initialize_codex_detection_startup(app: FastAPI, settings: Settings) -
         app: FastAPI application instance
         settings: Application settings
     """
+    # Skip codex detection if codex is disabled
+    if not settings.codex.enabled:
+        logger.debug("codex_detection_skipped", reason="codex_disabled")
+        detection_service = CodexDetectionService(settings)
+        app.state.codex_detection_data = detection_service._get_fallback_data()
+        app.state.codex_detection_service = detection_service
+        return
+
+    # Check if Codex CLI is available before attempting header detection
+    from ccproxy.api.routes.health import get_codex_cli_info
+
+    codex_info = await get_codex_cli_info()
+    if codex_info.status != "available":
+        logger.debug(
+            "codex_detection_skipped",
+            reason="codex_cli_not_available",
+            status=codex_info.status,
+        )
+        detection_service = CodexDetectionService(settings)
+        app.state.codex_detection_data = detection_service._get_fallback_data()
+        app.state.codex_detection_service = detection_service
+        return
+
     try:
         logger.debug("initializing_codex_detection")
         detection_service = CodexDetectionService(settings)

ccproxy/utils/version_checker.py

@@ -94,6 +94,12 @@ def compare_versions(current: str, latest: str) -> bool:
     try:
         current_parsed = pkg_version.parse(current)
         latest_parsed = pkg_version.parse(latest)
+
+        # For dev versions, compare base version instead
+        if current_parsed.is_devrelease:
+            current_base = pkg_version.parse(current_parsed.base_version)
+            return latest_parsed > current_base
+
         return latest_parsed > current_parsed
     except Exception as e:
         logger.error(

{ccproxy_api-0.1.6.dist-info → ccproxy_api-0.1.7.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ccproxy-api
-Version: 0.1.6
+Version: 0.1.7
 Summary: API server that provides an Anthropic and OpenAI compatible interface over Claude Code, allowing to use your Claude OAuth account or over the API.
 License-File: LICENSE
 Requires-Python: >=3.11

{ccproxy_api-0.1.6.dist-info → ccproxy_api-0.1.7.dist-info}/RECORD

@@ -1,6 +1,6 @@
 ccproxy/__init__.py,sha256=VrtzUTUA8MwpYqFJAiwKLPxRdMRc7UOzFi2VB_1W9qw,62
 ccproxy/__main__.py,sha256=kcejcfzAaMnFiSxEiVtNl-_TwynpntkupRxqG5XR15s,116
-ccproxy/_version.py,sha256=ESbJO0YD7TYfOUv_WDIJJgWELGepEWsoyhqVifEcXPA,511
+ccproxy/_version.py,sha256=W_EoL8cAL4KhujvbYWEpb9NqRLbbrH0T024lJvRRWHI,511
 ccproxy/adapters/__init__.py,sha256=CMr5MPIFigfazoXfhyD2eLqBrutzaSzBaEi8u2i9xJQ,206
 ccproxy/adapters/base.py,sha256=aufx8ho9LhF0kmTsCvw1a9K3lk5YyYymJV8h_wt5TpU,2191
 ccproxy/adapters/codex/__init__.py,sha256=gwpdJeOfwthwnQWuoHmrOGEY-ntTOF5T6sRY97Si2ks,235
@@ -11,13 +11,13 @@ ccproxy/adapters/openai/response_adapter.py,sha256=2X_sMpc03gQkz-ckGcPUKkldv3U9g
 ccproxy/adapters/openai/response_models.py,sha256=NunShPmyHPhGrfU0az3k4dUQbYGMt1SfjwU0mRQAWpQ,4715
 ccproxy/adapters/openai/streaming.py,sha256=-nhKVPqCfAlV8PDi5-q3dVyslCpAu5DHh0BCrBfb9GU,23219
 ccproxy/api/__init__.py,sha256=_u4wpzvN4Y0qS4CTaGp8nD8ZopB0HeFxnIIw9GYjvvk,527
-ccproxy/api/app.py,sha256=aoQyl359AgyUvpx4BqcykLCCtnwDZ5MWNyCYWg6aWzI,12377
-ccproxy/api/dependencies.py,sha256=-oGT8XSXpyyxenUMXTs5Ap3wJRbda4mfDagDW01pkoE,6989
+ccproxy/api/app.py,sha256=AC24so4V9Afoqfapy5cJ4nGOMbpJtD2Kt2yK-HDClxo,12814
+ccproxy/api/dependencies.py,sha256=DmNPmV0IO-kqF_IewDHecYKJfsM0NwXQU0Pl6eZlxl8,6621
 ccproxy/api/responses.py,sha256=97TUQ8KF_eKLBRWgAnziGZBjBfJtY13cjgM_o0k_lDc,3062
 ccproxy/api/middleware/__init__.py,sha256=S887PXY40Tnb0IFGei4Sgs7sygkcoT0IEOciOO7IDBc,284
 ccproxy/api/middleware/auth.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 ccproxy/api/middleware/cors.py,sha256=u8bnWmBXRG9J2etbQdNsQOTIQY6PFWawk2Oa0Ei1x3s,1666
-ccproxy/api/middleware/errors.py,sha256=YMfg5ovad7BMAiGK-66BCVacLveRX5ylJIRr1BFf3lE,22939
+ccproxy/api/middleware/errors.py,sha256=X5CcAjwJPV5aMjN7dlGejoglmBH8cSGArCp7VTcbxrA,23276
 ccproxy/api/middleware/headers.py,sha256=zGhF3F11TKeb3zY5qzblU3Sdwx1MSlqm2QSOqtVfpoY,1775
 ccproxy/api/middleware/logging.py,sha256=fGHacI_vRtQs9LpKpCebVUpo7bSC6qy4hbqftmLe_Uk,7353
 ccproxy/api/middleware/request_content_logging.py,sha256=aIH1G9kjNr4-O5IFoisI9fO93rPePVWBQJM4wX1NCnY,10333
@@ -25,7 +25,7 @@ ccproxy/api/middleware/request_id.py,sha256=OOZh63FYP_JY3olZNzgzVdPFZUJFT_KerZxY
 ccproxy/api/middleware/server_header.py,sha256=9A3c7L12CFkQftMOZwB5JzqocGWymuV8AT_u_Y2s9RA,2329
 ccproxy/api/routes/__init__.py,sha256=xXoslArg915ZTmN2ITQ-i3iO7fu8ZkQAMrSgC41U5oA,664
 ccproxy/api/routes/claude.py,sha256=lERvCRFiHfhfQC6uYaUSRwplSRvUbn3of0tACYib4x0,15079
-ccproxy/api/routes/codex.py,sha256=j4_ykiRgEOm5YBUrTEg-vhL6rHeaXS8SKxMj0fXM3HQ,66743
+ccproxy/api/routes/codex.py,sha256=AnHf01bgPxb3sQdZDtcgmFw6mHnX6-1WOtBcTUAsKXA,67396
 ccproxy/api/routes/health.py,sha256=TWs7ipKDynwfG3Cj5X8BMoglyTP9zEPz5cDq1-vDiHQ,26518
 ccproxy/api/routes/mcp.py,sha256=-EVGid0uNOWeXP4w8F_hKUp1odkNnFXPHPmaOGC0UzQ,5389
 ccproxy/api/routes/metrics.py,sha256=MHG2nEGu3amrU6zJCuH2RktM8kg2EFxu4xNOFCzXMn4,40813
@@ -97,7 +97,7 @@ ccproxy/config/docker_settings.py,sha256=5D8eBSyWActgBGE7cIb4HObqlvE-7jxylmUBn5U
 ccproxy/config/observability.py,sha256=5AwQFEFxJLUStGP5gjL_5i8Hk8KdrXKY7ocITYg8jZQ,5466
 ccproxy/config/pricing.py,sha256=RzsNQHYmv5P-BcRDV4GSkSIDImFIFEEC7roFu5jeocE,2613
 ccproxy/config/reverse_proxy.py,sha256=hep4ubV7-4ZgdO1_WqY56b5yrYyHCdQgYayUHKH3tfo,866
-ccproxy/config/scheduler.py,sha256=Lee8g9tSimACRFk3rGBiutEYJcxvnu7KrSwTx2WsRZ8,3194
+ccproxy/config/scheduler.py,sha256=drgZt990HtDeR8l6iak7H08-fa9N1X-K3f6yn-92TEg,3170
 ccproxy/config/security.py,sha256=luNy1J6xXSKPRjAVTmF1mqSpN4h0I_1CllBJfaYbq0Q,493
 ccproxy/config/server.py,sha256=71Ih6huVn52demV6jNrixM8jqXVqfFrBpIvWIlmhlww,2527
 ccproxy/config/settings.py,sha256=0yht-uCZdEfzG2I1YYJ_YiXCTO9yv0sh1iTe8N4GLBw,19052
@@ -117,6 +117,8 @@ ccproxy/core/system.py,sha256=91rMtlRtY4yxSsnPV5qZJaXHNFzvcrRZ1nQwS4CwG68,1019
 ccproxy/core/transformers.py,sha256=BpOweWwpuUKEsLe32zqqTN0iNPRVXjyAoW1jBPSO0C8,7884
 ccproxy/core/types.py,sha256=kGRMzb6VI5KWa3aFKWgQ3gChqdHPrPoOyZ0QPT1m18E,3554
 ccproxy/core/validators.py,sha256=k2z71lz-zKhRdtx3tYgJllqFnEcQ-eivj1kf3aVej0s,7367
+ccproxy/data/claude_headers_fallback.json,sha256=AIlN6-LENIo05idVAET07iE7170POXuB2Li-70leJ4c,30681
+ccproxy/data/codex_headers_fallback.json,sha256=-h4vNPGV-toEucQstEd_eXHY1OM2cNoNYREcujUGOH4,24560
 ccproxy/docker/__init__.py,sha256=gO9FJepIWneXPANgsAJKx_VL9rt7pcX3hbRcwnSyzJk,1833
 ccproxy/docker/adapter.py,sha256=P-GeLVu5hl4oMHQrQJU3AHnUxrps-iUd06r7IVnncoY,21176
 ccproxy/docker/docker_path.py,sha256=U_Di1bJDxDZNHW0cxGL31PD6RGKS9Sngs6_D7burmd0,6419
@@ -153,13 +155,13 @@ ccproxy/pricing/updater.py,sha256=OKbozb2SIe4yrwWVsQd5ryopZrJ06mIDP6y166-l_tg,10
 ccproxy/scheduler/__init__.py,sha256=qVe6NeKPn6NgMqEaG4_K4cYZBCpbFM7g6ptNPEzhi8c,1160
 ccproxy/scheduler/core.py,sha256=Lvhc3i2bfbEnX-2n8lgDBM7YG7TKEnZC3tf8KC5u67M,10344
 ccproxy/scheduler/errors.py,sha256=k7dcid0_te7IwwQaad-Jkj7MWFBgIOdgD_y_n5joio0,817
-ccproxy/scheduler/manager.py,sha256=C6nS7PB9_YHfWiqhXnsHeYsTZKeJ1ZZKSD53JOQfuBY,7811
+ccproxy/scheduler/manager.py,sha256=74VPpicbXHpznl_mF24eketNMtjcMqTUSPNEwGaqQ9s,7815
 ccproxy/scheduler/registry.py,sha256=MaCuOEiJiYjlKS2Yqp3PxeWXpf8AqNPCQ_qeWbWtBCw,4058
-ccproxy/scheduler/tasks.py,sha256=ROIRQcrB3zntZDJ53pabK53a18bPaHYJI1TvS9wwRAI,24944
+ccproxy/scheduler/tasks.py,sha256=bYh6sSJrJHqrgiknG3wIYUNW9T9Cn9EOs2q1p88Nsw4,26678
 ccproxy/services/__init__.py,sha256=ZvnelD15eFLlWHsucYXBFGNrdT7ncdP1KLnqzJNGOCs,251
-ccproxy/services/claude_detection_service.py,sha256=aRg_aSucpi07DLzIKfDbLGYzjCLUXSpVScYcjLgSKbM,9941
+ccproxy/services/claude_detection_service.py,sha256=C752oWLpoChR8wBny7x5nksbJJZ3CO5O9J9wZyaAdHk,8938
 ccproxy/services/claude_sdk_service.py,sha256=IuT4XP116fXzk20SUiYhKiKRoOxeeo7jlGzKVLH2NEo,25954
-ccproxy/services/codex_detection_service.py,sha256=eQQF9defiGfPtSpaOwXHojtFzKeQdc3DafR0oG9bNrE,10265
+ccproxy/services/codex_detection_service.py,sha256=OTfBjD04QAZv71LPGV-2nvGdfpyT6qaGAUwSSiXNX1I,9151
 ccproxy/services/proxy_service.py,sha256=qhVccFnnT2uz3VrVN2ZDBtkRFeL5qR3pgZSsIvLI3co,72656
 ccproxy/services/credentials/__init__.py,sha256=fkCWqxlUyGVA1mxGicn4cvdbYJQo09SG9NoGKzUun3s,1394
 ccproxy/services/credentials/config.py,sha256=97W3GqtxZlBv45oDHJ-plsHiSeFvNI-FTMZEw4CsPes,3221
@@ -179,11 +181,11 @@ ccproxy/utils/id_generator.py,sha256=k6R_W40lJSPi_it4M99EVg9eRD138oC4bv_8Ua3X8ms
 ccproxy/utils/model_mapping.py,sha256=RYhUXViV8ElqdURKVsOXzggPFORVmQ6Mb3b3_FpN4Cs,6621
 ccproxy/utils/models_provider.py,sha256=F0_nwNsx-gGhobdTnPQh9zfrhOfw7cBrW2RR09SYY3Q,4434
 ccproxy/utils/simple_request_logger.py,sha256=d54aXW_0P7zewGRzjwDu7QfJ-DGn4zJXu2R5hGXh-rU,8223
-ccproxy/utils/startup_helpers.py,sha256=U_2cXrGjqsJeFKFvbWv1PLyAsqsIBFRvdZtqQx8NuBs,17529
+ccproxy/utils/startup_helpers.py,sha256=whuloWETE0A4UUJ6nDf0lh3GhM3NyOMNAqpz9q21FF0,22399
 ccproxy/utils/streaming_metrics.py,sha256=JkvmWJ9s1fuKi7x1NoSoderUuT-mU6MQfbnN5GmziYE,7761
-ccproxy/utils/version_checker.py,sha256=D-6a5qV9sPTqkTZHucHZ-xCd8Wdy29lxnVgcvdBs10w,4839
-ccproxy_api-0.1.6.dist-info/METADATA,sha256=uR2plX41kRBhteFipv5lAn9V9jG_iLxAUxEKFmvEfgg,21136
-ccproxy_api-0.1.6.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
-ccproxy_api-0.1.6.dist-info/entry_points.txt,sha256=XLke7uRmx6c1G3Ejnvm74x_eTKKtCgRRSk1dXIBFyg4,128
-ccproxy_api-0.1.6.dist-info/licenses/LICENSE,sha256=httxSCpTrEOkipisMeGXSrZhTB-4MRIorQU0hS1B6eQ,1066
-ccproxy_api-0.1.6.dist-info/RECORD,,
+ccproxy/utils/version_checker.py,sha256=KGmaH93hHEFwv-biQuvW_MSLFr6edCVY_WPtr6VyyII,5061
+ccproxy_api-0.1.7.dist-info/METADATA,sha256=3AivL_S4jRJ7sRxtLPvPfh14AB-eufY-oErIL_YBTVk,21136
+ccproxy_api-0.1.7.dist-info/WHEEL,sha256=qtCwoSJWgHk21S1Kb4ihdzI2rlJ1ZKaIurTj_ngOhyQ,87
+ccproxy_api-0.1.7.dist-info/entry_points.txt,sha256=XLke7uRmx6c1G3Ejnvm74x_eTKKtCgRRSk1dXIBFyg4,128
+ccproxy_api-0.1.7.dist-info/licenses/LICENSE,sha256=httxSCpTrEOkipisMeGXSrZhTB-4MRIorQU0hS1B6eQ,1066
+ccproxy_api-0.1.7.dist-info/RECORD,,