feat: openai codex support (#292)

* feat(web): add provider oauth management ui * feat: add OAuth callback support on port 1455 * feat: enhance reasoning effort options and support for OpenAI Codex OAuth * feat: update twilight-ai dependency to v0.3.4 * refactor: promote openai-codex to first-class client_type, remove auth_type Replace the previous openai-responses + metadata auth_type=openai-codex-oauth combo with a dedicated openai-codex client_type. OAuth requirement is now determined solely by client_type, eliminating the auth_type concept from the LLM provider domain entirely. - Add openai-codex to DB CHECK constraint (migration 0047) with data migration - Add ClientTypeOpenAICodex constant and dedicated SDK/probe branches - Remove AuthType from SDKModelConfig, ModelCredentials, TriggerConfig, etc. - Simplify supportsOAuth to check client_type == openai-codex - Add conf/providers/codex.yaml preset with Codex catalog models - Frontend: replace auth_type selector with client_type-driven OAuth UI --------- Co-authored-by: Acbox <acbox0328@gmail.com>
2026-04-25 07:00:48 +09:00 · 2026-03-27 19:30:45 +08:00
parent 44c92f198b
commit 64378d29ed
44 changed files with 1663 additions and 160 deletions
@@ -165,7 +165,7 @@ func runServe() {
 			accounts.NewService,
 			acl.NewService,
 			settings.NewService,
-			providers.NewService,
+			provideProvidersService,
 			searchproviders.NewService,
 			browsercontexts.NewService,
 			policy.NewService,
@@ -228,6 +228,7 @@ func runServe() {
 			provideServerHandler(provideSessionHandler),
 			provideServerHandler(handlers.NewSwaggerHandler),
 			provideServerHandler(handlers.NewProvidersHandler),
+			provideServerHandler(handlers.NewProviderOAuthHandler),
 			provideServerHandler(handlers.NewSearchProvidersHandler),
 			provideServerHandler(handlers.NewModelsHandler),
 			provideServerHandler(handlers.NewSettingsHandler),
@@ -765,6 +766,15 @@ func provideEmailRegistry(log *slog.Logger, tokenStore *emailpkg.DBOAuthTokenSto
 	return reg
 }

+func provideProvidersService(log *slog.Logger, queries *dbsqlc.Queries, cfg config.Config) *providers.Service {
+	_ = cfg
+	return providers.NewService(log, queries, defaultProviderOAuthCallbackURL())
+}
+
+func defaultProviderOAuthCallbackURL() string {
+	return "http://localhost:1455/auth/callback"
+}
+
 func provideEmailOAuthHandler(log *slog.Logger, service *emailpkg.Service, tokenStore *emailpkg.DBOAuthTokenStore, cfg config.Config) *handlers.EmailOAuthHandler {
 	addr := strings.TrimSpace(cfg.Server.Addr)
 	if addr == "" {
@@ -106,7 +106,7 @@ func runServe() {
 			accounts.NewService,
 			acl.NewService,
 			settings.NewService,
-			providers.NewService,
+			provideProvidersService,
 			searchproviders.NewService,
 			policy.NewService,
 			mcp.NewConnectionService,
@@ -154,6 +154,7 @@ func runServe() {
 			provideServerHandler(provideSessionHandler),
 			provideServerHandler(handlers.NewSwaggerHandler),
 			provideServerHandler(handlers.NewProvidersHandler),
+			provideServerHandler(handlers.NewProviderOAuthHandler),
 			provideServerHandler(handlers.NewSearchProvidersHandler),
 			provideServerHandler(handlers.NewModelsHandler),
 			provideServerHandler(handlers.NewSettingsHandler),
@@ -858,6 +859,15 @@ func provideEmailRegistry(log *slog.Logger, tokenStore *emailpkg.DBOAuthTokenSto
 	return reg
 }

+func provideProvidersService(log *slog.Logger, queries *dbsqlc.Queries, cfg config.Config) *providers.Service {
+	_ = cfg
+	return providers.NewService(log, queries, defaultProviderOAuthCallbackURL())
+}
+
+func defaultProviderOAuthCallbackURL() string {
+	return "http://localhost:1455/auth/callback"
+}
+
 func provideEmailOAuthHandler(log *slog.Logger, service *emailpkg.Service, tokenStore *emailpkg.DBOAuthTokenStore, cfg config.Config) *handlers.EmailOAuthHandler {
 	addr := strings.TrimSpace(cfg.Server.Addr)
 	if addr == "" {