Reviewer fixes

Author: jahooma

cli/src/utils/codex-oauth.ts

@@ -355,7 +355,8 @@ export function startOAuthFlowWithCallback(
       }
     })
 
-    callbackServer.listen(OAUTH_CALLBACK_PORT, async () => {
+    // Bind to loopback only for security - prevents remote access to the callback server
+    callbackServer.listen(OAUTH_CALLBACK_PORT, '127.0.0.1', async () => {
       onStatusChange?.('waiting')
       try {
         await open(authUrl)

common/src/constants/codex-oauth.ts

@@ -68,85 +68,53 @@ export const CODEX_MODEL_MAP: Record<string, string> = {
 
 /**
  * Check if a model is an OpenAI model that can use Codex OAuth.
- * Matches models in the CODEX_MODEL_MAP or with openai/ prefix.
+ * Only returns true for models explicitly in the CODEX_MODEL_MAP.
+ * This prevents unknown openai/* models from accidentally routing through Codex OAuth.
  */
 export function isOpenAIModel(model: string): boolean {
-  // Check if it's in the model map
+  // Only return true for models explicitly in the model map
+  // This is an allowlist approach - unknown models fall back to Codebuff backend
   if (CODEX_MODEL_MAP[model]) {
     return true
   }
-  // Check if it has openai/ prefix
-  if (model.startsWith('openai/')) {
-    return true
+  // Check without provider prefix
+  if (model.includes('/')) {
+    const modelId = model.split('/').pop()!
+    if (CODEX_MODEL_MAP[modelId]) {
+      return true
+    }
   }
-  // Check if it's a known Codex model
-  const modelId = model.startsWith('openai/') ? model.slice(7) : model
-  return (CODEX_OAUTH_MODELS as readonly string[]).includes(modelId)
+  return false
 }
 
 /**
  * Normalize a model ID to the Codex API format.
- * Uses the model map for known models, with fallback pattern matching.
+ * Uses the model map for known models. Returns null for unknown models
+ * to signal that the model cannot be used with Codex OAuth.
  */
-export function toCodexModelId(model: string): string {
+export function toCodexModelId(model: string): string | null {
   // Check the mapping table first
   const mapped = CODEX_MODEL_MAP[model]
   if (mapped) {
     return mapped
   }
 
-  // Strip provider prefix if present
-  const modelId = model.includes('/') ? model.split('/').pop()! : model
-
-  // Check again without prefix
-  const mappedWithoutPrefix = CODEX_MODEL_MAP[modelId]
-  if (mappedWithoutPrefix) {
-    return mappedWithoutPrefix
-  }
-
-  // Pattern-based fallback for unknown models
-  const normalized = modelId.toLowerCase()
-
-  // GPT-5.2 Codex
-  if (normalized.includes('gpt-5.2-codex') || normalized.includes('gpt 5.2 codex')) {
-    return 'gpt-5.2-codex'
-  }
-  // GPT-5.2
-  if (normalized.includes('gpt-5.2') || normalized.includes('gpt 5.2')) {
-    return 'gpt-5.2'
-  }
-  // GPT-5.1 Codex Max
-  if (normalized.includes('gpt-5.1-codex-max') || normalized.includes('codex-max')) {
-    return 'gpt-5.1-codex-max'
-  }
-  // GPT-5.1 Codex Mini
-  if (normalized.includes('gpt-5.1-codex-mini') || normalized.includes('codex-mini')) {
-    return 'gpt-5.1-codex-mini'
-  }
-  // GPT-5.1 Codex
-  if (normalized.includes('gpt-5.1-codex') || normalized.includes('gpt 5.1 codex')) {
-    return 'gpt-5.1-codex'
-  }
-  // GPT-5.1
-  if (normalized.includes('gpt-5.1') || normalized.includes('gpt 5.1')) {
-    return 'gpt-5.1'
-  }
-  // Any codex model defaults to gpt-5.1-codex
-  if (normalized.includes('codex')) {
-    return 'gpt-5.1-codex'
-  }
-  // GPT-5 family defaults to gpt-5.1
-  if (normalized.includes('gpt-5') || normalized.includes('gpt 5')) {
-    return 'gpt-5.1'
+  // Strip provider prefix if present and check again
+  if (model.includes('/')) {
+    const modelId = model.split('/').pop()!
+    const mappedWithoutPrefix = CODEX_MODEL_MAP[modelId]
+    if (mappedWithoutPrefix) {
+      return mappedWithoutPrefix
+    }
   }
 
-  // Default fallback
-  return 'gpt-5.1'
+  // Unknown model - return null to signal fallback to Codebuff backend
+  return null
 }
 
 /**
  * @deprecated Use toCodexModelId instead
  */
-export function toOpenAIModelId(openrouterModel: string): string {
+export function toOpenAIModelId(openrouterModel: string): string | null {
   return toCodexModelId(openrouterModel)
 }

sdk/src/__tests__/codex-message-transform.test.ts

@@ -653,9 +653,10 @@ describe('transformMessagesToCodexInput', () => {
 // ============================================================================
 
 describe('transformCodexEventToOpenAI', () => {
-  const createToolCallState = (): ToolCallState => ({
+  const createToolCallState = (modelId = 'gpt-5.1'): ToolCallState => ({
     currentToolCallId: null,
     currentToolCallIndex: 0,
+    modelId,
   })
 
   describe('text delta events', () => {

sdk/src/credentials.ts

@@ -45,7 +45,7 @@ const credentialsFileSchema = z.object({
 
 const ensureDirectoryExistsSync = (dir: string) => {
   if (!fs.existsSync(dir)) {
-    fs.mkdirSync(dir, { recursive: true })
+    fs.mkdirSync(dir, { recursive: true, mode: 0o700 })
   }
 }
 
@@ -180,7 +180,7 @@ export const saveClaudeOAuthCredentials = (
     claudeOAuth: credentials,
   }
 
-  fs.writeFileSync(credentialsPath, JSON.stringify(updatedData, null, 2))
+  fs.writeFileSync(credentialsPath, JSON.stringify(updatedData, null, 2), { mode: 0o600 })
 }
 
 /**
@@ -391,7 +391,7 @@ export const saveCodexOAuthCredentials = (
     codexOAuth: credentials,
   }
 
-  fs.writeFileSync(credentialsPath, JSON.stringify(updatedData, null, 2))
+  fs.writeFileSync(credentialsPath, JSON.stringify(updatedData, null, 2), { mode: 0o600 })
 }
 
 /**

sdk/src/impl/llm.ts

@@ -749,6 +749,7 @@ export async function promptAiSdk(
     apiKey: params.apiKey,
     model: params.model,
     skipClaudeOAuth: true, // Always use Codebuff backend for non-streaming
+    skipCodexOAuth: true, // Always use Codebuff backend for non-streaming
   }
   const { model: aiSDKModel } = await getModelForRequest(modelParams)
 
@@ -806,6 +807,7 @@ export async function promptAiSdkStructured<T>(
     apiKey: params.apiKey,
     model: params.model,
     skipClaudeOAuth: true, // Always use Codebuff backend for non-streaming
+    skipCodexOAuth: true, // Always use Codebuff backend for non-streaming
   }
   const { model: aiSDKModel } = await getModelForRequest(modelParams)
 

sdk/src/impl/model-provider.ts

@@ -551,6 +551,7 @@ export function transformMessagesToCodexInput(
 export interface ToolCallState {
   currentToolCallId: string | null
   currentToolCallIndex: number
+  modelId: string
 }
 
 /**
@@ -566,13 +567,15 @@ export function transformCodexEventToOpenAI(
   event: Record<string, unknown>,
   toolCallState: ToolCallState,
 ): string | null {
+  const { modelId } = toolCallState
+
   // Handle text delta events - these contain the actual content
   if (event.type === 'response.output_text.delta' && event.delta) {
     const transformed = {
       id: event.response_id || 'chatcmpl-codex',
       object: 'chat.completion.chunk',
       created: Math.floor(Date.now() / 1000),
-      model: 'gpt-5.2',
+      model: modelId,
       choices: [
         {
           index: 0,
@@ -595,7 +598,7 @@ export function transformCodexEventToOpenAI(
         id: 'chatcmpl-codex',
         object: 'chat.completion.chunk',
         created: Math.floor(Date.now() / 1000),
-        model: 'gpt-5.2',
+        model: modelId,
         choices: [
           {
             index: 0,
@@ -626,7 +629,7 @@ export function transformCodexEventToOpenAI(
       id: 'chatcmpl-codex',
       object: 'chat.completion.chunk',
       created: Math.floor(Date.now() / 1000),
-      model: 'gpt-5.2',
+      model: modelId,
       choices: [
         {
           index: 0,
@@ -669,7 +672,7 @@ export function transformCodexEventToOpenAI(
       id: response?.id || 'chatcmpl-codex',
       object: 'chat.completion.chunk',
       created: Math.floor(Date.now() / 1000),
-      model: response?.model || 'gpt-5.2',
+      model: (response?.model as string) || modelId,
       choices: [
         {
           index: 0,
@@ -808,6 +811,7 @@ function createCodexFetch(
     const toolCallState: ToolCallState = {
       currentToolCallId: null,
       currentToolCallIndex: 0,
+      modelId,
     }
 
     const transformStream = new TransformStream({
@@ -887,6 +891,10 @@ function createCodexOAuthModel(
 ): LanguageModel | null {
   // Convert to normalized Codex model ID
   const codexModelId = toCodexModelId(model)
+  if (!codexModelId) {
+    // Unknown model - fall back to Codebuff backend
+    return null
+  }
 
   // Extract the ChatGPT account ID from the JWT token
   // This is REQUIRED for the chatgpt-account-id header