review 3

Author: jahooma

cli/src/components/codex-connect-banner.tsx

@@ -28,27 +28,33 @@ export const CodexConnectBanner = () => {
   const [isDisconnectHovered, setIsDisconnectHovered] = useState(false)
   const [isConnectHovered, setIsConnectHovered] = useState(false)
 
+  const onOAuthStatusChange = (callbackStatus: 'waiting' | 'success' | 'error', message?: string) => {
+    if (callbackStatus === 'success') {
+      setFlowState('connected')
+    } else if (callbackStatus === 'error') {
+      setError(message ?? 'Authorization failed')
+      setFlowState('error')
+    } else if (callbackStatus === 'waiting' && message) {
+      setManualUrl(message)
+    }
+  }
+
+  const startFlow = () => {
+    setFlowState('waiting-for-code')
+    setManualUrl(null)
+    startOAuthFlowWithCallback(onOAuthStatusChange).catch((err) => {
+      setError(err instanceof Error ? err.message : 'Failed to start OAuth flow')
+      setFlowState('error')
+    })
+  }
+
   // Check initial connection status and auto-open browser if not connected
   useEffect(() => {
     const status = getCodexOAuthStatus()
     if (status.connected) {
       setFlowState('connected')
     } else {
-      // Automatically start OAuth flow when not connected
-      setFlowState('waiting-for-code')
-      startOAuthFlowWithCallback((callbackStatus, message) => {
-        if (callbackStatus === 'success') {
-          setFlowState('connected')
-        } else if (callbackStatus === 'error') {
-          setError(message ?? 'Authorization failed')
-          setFlowState('error')
-        } else if (callbackStatus === 'waiting' && message) {
-          setManualUrl(message)
-        }
-      }).catch((err) => {
-        setError(err instanceof Error ? err.message : 'Failed to start OAuth flow')
-        setFlowState('error')
-      })
+      startFlow()
     }
 
     // Cleanup: stop the callback server when the component unmounts
@@ -57,27 +63,8 @@ export const CodexConnectBanner = () => {
     }
   }, [])
 
-  const handleConnect = async () => {
-    try {
-      setFlowState('waiting-for-code')
-      setManualUrl(null)
-      await startOAuthFlowWithCallback((callbackStatus, message) => {
-        if (callbackStatus === 'success') {
-          setFlowState('connected')
-        } else if (callbackStatus === 'error') {
-          setError(message ?? 'Authorization failed')
-          setFlowState('error')
-        } else if (callbackStatus === 'waiting' && message) {
-          setManualUrl(message)
-        }
-      })
-    } catch (err) {
-      setError(err instanceof Error ? err.message : 'Failed to start OAuth flow')
-      setFlowState('error')
-    }
-  }
-
   const handleDisconnect = () => {
+    stopCallbackServer()
     disconnectCodexOAuth()
     setFlowState('not-connected')
   }
@@ -159,7 +146,7 @@ export const CodexConnectBanner = () => {
           <text style={{ fg: theme.muted }}>Use your ChatGPT Plus/Pro subscription</text>
           <text style={{ fg: theme.muted }}>·</text>
           <Button
-            onClick={handleConnect}
+            onClick={startFlow}
             onMouseOver={() => setIsConnectHovered(true)}
             onMouseOut={() => setIsConnectHovered(false)}
           >

cli/src/utils/codex-oauth.ts

@@ -8,6 +8,7 @@ import open from 'open'
 import {
   CODEX_OAUTH_CLIENT_ID,
   CODEX_OAUTH_AUTHORIZE_URL,
+  CODEX_OAUTH_TOKEN_URL,
   CODEX_OAUTH_SCOPES,
   CODEX_OAUTH_REDIRECT_URI,
 } from '@codebuff/common/constants/codex-oauth'
@@ -22,8 +23,8 @@ import {
 import type { CodexOAuthCredentials } from '@codebuff/sdk'
 import type { Server } from 'http'
 
-// Port for the local OAuth callback server
-const OAUTH_CALLBACK_PORT = 1455
+// Port for the local OAuth callback server (derived from redirect URI)
+const OAUTH_CALLBACK_PORT = Number(new URL(CODEX_OAUTH_REDIRECT_URI).port)
 
 /**
  * Generate a nicely styled success HTML page for OAuth callback.
@@ -231,9 +232,8 @@ function generateState(): string {
   return crypto.randomBytes(16).toString('hex')
 }
 
-// Store the code verifier and state during the OAuth flow
+// Store the code verifier during the OAuth flow
 let pendingCodeVerifier: string | null = null
-let pendingState: string | null = null
 let callbackServer: Server | null = null
 
 /**
@@ -246,9 +246,8 @@ export function startOAuthFlow(): { codeVerifier: string; state: string; authUrl
   const codeChallenge = generateCodeChallenge(codeVerifier)
   const state = generateState()
 
-  // Store the code verifier and state for later use
+  // Store the code verifier for later use
   pendingCodeVerifier = codeVerifier
-  pendingState = state
 
   // Build the authorization URL
   const authUrl = new URL(CODEX_OAUTH_AUTHORIZE_URL)
@@ -354,6 +353,7 @@ export function startOAuthFlowWithCallback(
     })
 
     callbackServer.on('error', (err) => {
+      stopCallbackServer()
       const nodeErr = err as NodeJS.ErrnoException
       if (nodeErr.code === 'EADDRINUSE') {
         onStatusChange?.('error', `Port ${OAUTH_CALLBACK_PORT} is already in use`)
@@ -377,16 +377,6 @@ export function startOAuthFlowWithCallback(
   })
 }
 
-/**
- * Open the browser to start OAuth flow (legacy - for manual code entry).
- * @deprecated Use startOAuthFlowWithCallback instead for automatic callback handling.
- */
-export async function openOAuthInBrowser(): Promise<string> {
-  const { authUrl, codeVerifier } = startOAuthFlow()
-  await open(authUrl)
-  return codeVerifier
-}
-
 /**
  * Exchange an authorization code for access and refresh tokens.
  */
@@ -423,7 +413,7 @@ export async function exchangeCodeForTokens(
     redirect_uri: CODEX_OAUTH_REDIRECT_URI,
   })
 
-  const response = await fetch('https://auth.openai.com/oauth/token', {
+  const response = await fetch(CODEX_OAUTH_TOKEN_URL, {
     method: 'POST',
     headers: {
       'Content-Type': 'application/x-www-form-urlencoded',
@@ -438,9 +428,8 @@ export async function exchangeCodeForTokens(
 
   const data = await response.json()
 
-  // Clear the pending code verifier and state
+  // Clear the pending code verifier
   pendingCodeVerifier = null
-  pendingState = null
 
   const credentials: CodexOAuthCredentials = {
     accessToken: data.access_token,

common/src/constants/codex-oauth.ts

@@ -11,9 +11,6 @@ export const CODEX_OAUTH_CLIENT_ID = 'app_EMoamEEZ73f0CkXaXp7hrann'
 export const CODEX_OAUTH_AUTHORIZE_URL = 'https://auth.openai.com/oauth/authorize'
 export const CODEX_OAUTH_TOKEN_URL = 'https://auth.openai.com/oauth/token'
 
-// OpenAI API endpoint for direct calls (standard API, not ChatGPT backend)
-export const OPENAI_API_BASE_URL = 'https://api.openai.com'
-
 // ChatGPT backend API endpoint for Codex requests
 export const CHATGPT_BACKEND_API_URL = 'https://chatgpt.com/backend-api'
 
@@ -112,9 +109,3 @@ export function toCodexModelId(model: string): string | null {
   return null
 }
 
-/**
- * @deprecated Use toCodexModelId instead
- */
-export function toOpenAIModelId(openrouterModel: string): string | null {
-  return toCodexModelId(openrouterModel)
-}

sdk/src/credentials.ts

@@ -4,7 +4,7 @@ import os from 'os'
 
 import { env } from '@codebuff/common/env'
 import { CLAUDE_OAUTH_CLIENT_ID } from '@codebuff/common/constants/claude-oauth'
-import { CODEX_OAUTH_CLIENT_ID } from '@codebuff/common/constants/codex-oauth'
+import { CODEX_OAUTH_CLIENT_ID, CODEX_OAUTH_TOKEN_URL } from '@codebuff/common/constants/codex-oauth'
 import { userSchema } from '@codebuff/common/util/credentials'
 import { z } from 'zod/v4'
 
@@ -461,7 +461,7 @@ export const refreshCodexOAuthToken = async (
       })
 
       const response = await fetch(
-        'https://auth.openai.com/oauth/token',
+        CODEX_OAUTH_TOKEN_URL,
         {
           method: 'POST',
           headers: {

sdk/src/impl/codex-transform.ts

@@ -111,7 +111,10 @@ export function transformMessagesToCodexInput(
       if (msg.content) {
         const textContent = typeof msg.content === 'string' 
           ? msg.content 
-          : msg.content.map(p => (p as TextContentPart).text).filter(Boolean).join('')
+          : msg.content
+              .filter((p): p is TextContentPart => p.type === 'text')
+              .map(p => p.text)
+              .join('')
 
         if (textContent) {
           result.push({

sdk/src/impl/model-provider.ts

@@ -394,24 +394,41 @@ function createCodexFetch(
       try {
         const originalBody = JSON.parse(init.body)
 
+        // Extract system message for instructions and separate non-system messages
+        const allMessages = originalBody.messages || []
+        const systemMessage = allMessages.find(
+          (m: { role: string }) => m.role === 'system',
+        )
+        const nonSystemMessages = allMessages.filter(
+          (m: { role: string }) => m.role !== 'system',
+        )
+
+        // Extract instructions from system message (Codex API REQUIRES this field)
+        let instructions = 'You are a helpful assistant.'
+        if (systemMessage) {
+          instructions =
+            typeof systemMessage.content === 'string'
+              ? systemMessage.content
+              : systemMessage.content
+                  ?.map((p: { text?: string }) => p.text)
+                  .filter(Boolean)
+                  .join('\n') || 'You are a helpful assistant.'
+        }
+
         // Transform from OpenAI chat format to Codex format
         const codexBody: Record<string, unknown> = {
           model: modelId,
-          // Transform messages to Codex input format
-          input: transformMessagesToCodexInput(originalBody.messages || []),
-          // Codex-specific required fields
+          instructions,
+          input: transformMessagesToCodexInput(nonSystemMessages),
           store: false, // ChatGPT backend REQUIRES store=false
           stream: true, // Always stream
-          // Reasoning configuration
           reasoning: {
-            effort: 'medium',
+            effort: 'high',
             summary: 'auto',
           },
-          // Text verbosity
           text: {
             verbosity: 'medium',
           },
-          // Include reasoning in response
           include: ['reasoning.encrypted_content'],
         }
 
@@ -428,38 +445,13 @@ function createCodexFetch(
                 name: fn.name,
                 description: fn.description,
                 parameters: fn.parameters,
-                // Preserve any additional properties
                 ...(fn.strict !== undefined && { strict: fn.strict }),
               }
             }
-            // Already in Codex format or unknown format, pass through
             return tool
           })
         }
 
-        // Extract system message for instructions (required by Codex API)
-        const systemMessage = (originalBody.messages || []).find(
-          (m: { role: string }) => m.role === 'system',
-        )
-        if (systemMessage) {
-          codexBody.instructions =
-            typeof systemMessage.content === 'string'
-              ? systemMessage.content
-              : systemMessage.content
-                  ?.map((p: { text?: string }) => p.text)
-                  .filter(Boolean)
-                  .join('\n') || 'You are a helpful assistant.'
-          // Remove system message from input (it's now in instructions)
-          codexBody.input = transformMessagesToCodexInput(
-            (originalBody.messages || []).filter(
-              (m: { role: string }) => m.role !== 'system',
-            ),
-          )
-        } else {
-          // Codex API REQUIRES instructions field - provide default if no system message
-          codexBody.instructions = 'You are a helpful assistant.'
-        }
-
         transformedBody = JSON.stringify(codexBody)
       } catch {
         // If parsing fails, use original body
@@ -471,6 +463,7 @@ function createCodexFetch(
       `${CHATGPT_BACKEND_API_URL}/codex/responses`,
       {
         method: 'POST',
+        signal: init?.signal,
         headers: {
           'Content-Type': 'application/json',
           Authorization: `Bearer ${oauthToken}`,
@@ -510,10 +503,10 @@ function createCodexFetch(
 
         for (const line of lines) {
           const trimmed = line.trim()
-          if (!trimmed) continue
+          // Only parse SSE data: lines, skip event:/id:/retry: and blank lines
+          if (!trimmed.startsWith('data:')) continue
 
-          // Parse the SSE data line
-          const data = trimmed.startsWith('data: ') ? trimmed.slice(6) : trimmed
+          const data = trimmed.slice(5).trim()
           if (data === '[DONE]') continue
 
           try {
@@ -533,9 +526,9 @@ function createCodexFetch(
           const lines = buffer.split('\n')
           for (const line of lines) {
             const trimmed = line.trim()
-            if (!trimmed) continue
+            if (!trimmed.startsWith('data:')) continue
 
-            const data = trimmed.startsWith('data: ') ? trimmed.slice(6) : trimmed
+            const data = trimmed.slice(5).trim()
             if (data === '[DONE]') continue
 
             try {