CaddyGlow
diff --git a/‎.pre-commit-config.yaml‎
Lines changed: 4 additions & 3 deletions b/‎.pre-commit-config.yaml‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎CHANGELOG.md‎
Lines changed: 147 additions & 0 deletions b/‎CHANGELOG.md‎
Lines changed: 147 additions & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 8 additions & 0 deletions b/‎Makefile‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 68 additions & 9 deletions b/‎README.md‎
Lines changed: 68 additions & 9 deletions
diff --git a/‎ccproxy/api/app.py‎
Lines changed: 16 additions & 0 deletions b/‎ccproxy/api/app.py‎
Lines changed: 16 additions & 0 deletions
@@ -1,7 +1,7 @@
 repos:
   # Ruff linting and formatting
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.12.2
+    rev: v0.12.8
     hooks:
       # Ruff linting (matches: make lint -> uv run ruff check .)
       - id: ruff
@@ -16,7 +16,7 @@ repos:
 
   # MyPy type checking (matches: make typecheck -> uv run mypy .)
   - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v1.16.1
+    rev: v1.17.1
     hooks:
       - id: mypy
         name: mypy type check
@@ -58,6 +58,7 @@ repos:
           - textual>=3.7.1
           - aiofiles>=24.1.0
           - types-aiofiles>=24.0.0
+          - pyjwt>=2.10.0
         args: [--config-file=pyproject.toml]
         exclude: ^(docs/|examples/)
 
@@ -81,7 +82,7 @@ repos:
 
   # General file checks
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v5.0.0
+    rev: v6.0.0
     hooks:
       # Basic file checks
       - id: trailing-whitespace
 
@@ -7,6 +7,153 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [0.1.6] - 2025-08-04
 
+## Added OpenAI Codex Provider with Full Proxy Support
+
+### Overview
+
+Implemented comprehensive support for OpenAI Codex CLI integration, enabling users to proxy requests through their OpenAI subscription via the ChatGPT backend API. This feature provides an alternative to the Claude provider while maintaining full compatibility with the existing proxy architecture. The implementation uses the OpenAI Responses API endpoint as documented at https://platform.openai.com/docs/api-reference/responses/get.
+
+### Key Features
+
+**Complete Codex API Proxy**
+
+- Full reverse proxy to `https://chatgpt.com/backend-api/codex`
+- Support for both `/codex/responses` and `/codex/{session_id}/responses` endpoints
+- Compatible with Codex CLI 0.21.0 and authentication flow
+- Implements OpenAI Responses API protocol
+
+**OAuth PKCE Authentication Flow**
+
+- Implements complete OpenAI OAuth 2.0 PKCE flow matching official Codex CLI
+- Local callback server on port 1455 for authorization code exchange
+- Token refresh and credential management with persistent storage
+- Support for `~/.openai.toml` configuration file format
+
+**Intelligent Request/Response Handling**
+
+- Automatic detection and injection of Codex CLI instructions field
+- Smart streaming behavior based on user's explicit `stream` parameter
+- Session management with flexible session ID handling (auto-generated, persistent, header-forwarded)
+- Request transformation preserving Codex CLI identity headers
+
+**Advanced Configuration**
+
+- Environment variable support: `CODEX__BASE_URL`
+- Configurable via TOML: `[codex]` section in configuration files
+- Debug logging with request/response capture capabilities
+- Comprehensive error handling with proper HTTP status codes
+- Enabled by default
+
+### Technical Implementation
+
+**New Components Added:**
+
+- `ccproxy/auth/openai.py` - OAuth token management and credential storage
+- `ccproxy/core/codex_transformers.py` - Request/response transformation for Codex format
+- `ccproxy/api/routes/codex.py` - FastAPI routes for Codex endpoints
+- `ccproxy/models/detection.py` - Codex CLI detection and header management
+- `ccproxy/services/codex_detection_service.py` - Runtime detection of Codex CLI requests
+
+**Enhanced Proxy Service:**
+
+- Extended `ProxyService.handle_codex_request()` with full Codex support
+- Intelligent streaming response conversion when user doesn't explicitly request streaming
+- Comprehensive request/response logging for debugging
+- Error handling with proper OpenAI-compatible error responses
+
+### Streaming Behavior Fix
+
+**Problem Resolved:** Fixed issue where requests without explicit `stream` field were incorrectly returning streaming responses.
+
+**Solution Implemented:**
+
+- When `"stream"` field is missing: Inject `"stream": true` for upstream (Codex requirement) but return JSON response to client
+- When `"stream": true` explicitly set: Return streaming response to client
+- When `"stream": false` explicitly set: Return JSON response to client
+- Smart response conversion: collects streaming data and converts to single JSON response when user didn't request streaming
+
+### Usage Examples
+
+**Basic Request (JSON Response):**
+
+```bash
+curl -X POST "http://127.0.0.1:8000/codex/responses" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "input": [{"type": "message", "role": "user", "content": [{"type": "input_text", "text": "Hello!"}]}],
+    "model": "gpt-5",
+    "store": false
+  }'
+```
+
+**Streaming Request:**
+
+```bash
+curl -X POST "http://127.0.0.1:8000/codex/responses" \
+  -H "Content-Type: application/json" \
+  -d '{
+    "input": [{"type": "message", "role": "user", "content": [{"type": "input_text", "text": "Hello!"}]}],
+    "model": "gpt-5",
+    "stream": true,
+    "store": false
+  }'
+```
+
+### Authentication Setup
+
+**Environment Variables:**
+
+```bash
+export CODEX__BASE_URL="https://chatgpt.com/backend-api/codex"
+```
+
+**Configuration File (`~/.ccproxy.toml`):**
+
+```toml
+[codex]
+base_url = "https://chatgpt.com/backend-api/codex"
+```
+
+### Compatibility
+
+- Codex CLI: Full compatibility with `codex-cli 0.21.0`
+- OpenAI OAuth: Complete PKCE flow implementation
+- Session Management: Supports persistent and auto-generated sessions
+- Model Support: All Codex-supported models (`gpt-5`, `gpt-4`, etc.)
+- Streaming: Both streaming and non-streaming responses
+- Error Handling: Proper HTTP status codes and OpenAI-compatible errors
+- API Compliance: Follows OpenAI Responses API specification
+
+### Files Modified/Added
+
+**New Files:**
+
+- `ccproxy/auth/openai.py` - OpenAI authentication management
+- `ccproxy/core/codex_transformers.py` - Codex request/response transformation
+- `ccproxy/api/routes/codex.py` - Codex API endpoints
+- `ccproxy/models/detection.py` - Codex detection models
+- `ccproxy/services/codex_detection_service.py` - Codex CLI detection service
+
+**Modified Files:**
+
+- `ccproxy/services/proxy_service.py` - Added `handle_codex_request()` method
+- `ccproxy/config/settings.py` - Added Codex configuration section
+- `ccproxy/api/app.py` - Integrated Codex routes
+- `ccproxy/api/routes/health.py` - Added Codex health checks
+
+### Breaking Changes
+
+None. This is a purely additive feature that doesn't affect existing Claude provider functionality.
+
+### Migration Notes
+
+For users wanting to use Codex provider:
+
+1. Authenticate: Use existing OpenAI credentials or run Codex CLI login
+2. Update endpoints: Change from `/v1/messages` to `/codex/responses`
+
+This implementation provides a complete, production-ready OpenAI Codex proxy solution that maintains the same standards as the existing Claude provider while offering users choice in their AI provider preferences.
+
 ## [0.1.5] - 2025-08-03
 
 ### Added
 
@@ -81,6 +81,14 @@ clean:
 #   - 'unit': Fast unit tests (< 1s each, no external dependencies)
 #   - Tests without 'real_api' marker are considered unit tests by default
 
+# Fix code with unsafe fixes
+fix-hard:
+	uv run ruff check . --fix --unsafe-fixes
+	uv run uv run ruff check . --select F401 --fix --unsafe-fixes # Used variable import
+	uv run uv run ruff check . --select I --fix --unsafe-fixes  # Import order
+	uv run ruff format .
+
+
 fix: format lint-fix
 	ruff check . --fix --unsafe-fixes
 
 
@@ -1,12 +1,24 @@
 # CCProxy API Server
 
-`ccproxy` is a local reverse proxy server for Anthropic Claude LLM at `api.anthropic.com/v1/messages`. It allows you to use your existing Claude Max subscription to interact with the Anthropic API, bypassing the need for separate API key billing.
+`ccproxy` is a local reverse proxy server that provides unified access to multiple AI providers through a single interface. It supports both Anthropic Claude and OpenAI Codex backends, allowing you to use your existing subscriptions without separate API key billing.
+
+## Supported Providers
+
+### Anthropic Claude
+Access Claude via your Claude Max subscription at `api.anthropic.com/v1/messages`.
 
 The server provides two primary modes of operation:
 *   **SDK Mode (`/sdk`):** Routes requests through the local `claude-code-sdk`. This enables access to tools configured in your Claude environment and includes an integrated MCP (Model Context Protocol) server for permission management.
 *   **API Mode (`/api`):** Acts as a direct reverse proxy, injecting the necessary authentication headers. This provides full access to the underlying API features and model settings.
 
-It includes a translation layer to support both Anthropic and OpenAI-compatible API formats for requests and responses, including streaming.
+### OpenAI Codex (Experimental)
+Access OpenAI models via your ChatGPT subscription at `chatgpt.com/backend-api/codex`.
+
+*   **Codex Routes (`/codex`):** Direct reverse proxy to ChatGPT backend with session management
+*   **Session Management:** Supports both auto-generated and persistent session IDs
+*   **OpenAI OAuth:** Integrated authentication flow matching Codex CLI
+
+The server includes a translation layer to support both Anthropic and OpenAI-compatible API formats for requests and responses, including streaming.
 
 ## Installation
 
@@ -36,7 +48,9 @@ For dev version replace `ccproxy-api` with `git+https://github.com/caddyglow/ccp
 
 ## Authentication
 
-The proxy uses two different authentication mechanisms depending on the mode.
+The proxy uses different authentication mechanisms depending on the provider and mode.
+
+### Claude Authentication
 
 1.  **Claude CLI (`sdk` mode):**
     This mode relies on the authentication handled by the `claude-code-sdk`.
@@ -46,9 +60,9 @@ The proxy uses two different authentication mechanisms depending on the mode.
 
     It's also possible now to get a long live token to avoid renewing issues
     using
-    ```sh
     ```bash
-    claude setup-token`
+    claude setup-token
+    ```
 
 2.  **ccproxy (`api` mode):**
     This mode uses its own OAuth2 flow to obtain credentials for direct API access.
@@ -58,9 +72,33 @@ The proxy uses two different authentication mechanisms depending on the mode.
 
     If you are already connected with Claude CLI the credentials should be found automatically
 
-You can check the status of these credentials with `ccproxy auth validate` and `ccproxy auth info`.
+### OpenAI Codex Authentication (Experimental)
+
+For OpenAI Codex routes, use the dedicated OpenAI OAuth flow:
+
+```bash
+# Enable Codex provider
+ccproxy config codex --enable
+
+# Login with OpenAI OAuth (opens browser)
+ccproxy auth login-openai
+
+# Check authentication status for all providers
+ccproxy auth status
+```
+
+The OpenAI authentication uses the same OAuth flow as the official Codex CLI, storing credentials in `~/.openai.toml`.
 
-Warning is show on start up if no credentials are setup.
+### Authentication Status
+
+You can check the status of all credentials with:
+```bash
+ccproxy auth status       # All providers
+ccproxy auth validate     # Claude only
+ccproxy auth info         # Claude only
+```
+
+Warning is shown on startup if no credentials are setup.
 
 ## Usage
 
@@ -76,7 +114,7 @@ The server will start on `http://127.0.0.1:8000` by default.
 
 Point your existing tools and applications to the local proxy instance by setting the appropriate environment variables. A dummy API key is required by most client libraries but is not used by the proxy itself.
 
-**For OpenAI-compatible clients:**
+**For Claude (OpenAI-compatible clients):**
 ```bash
 # For SDK mode
 export OPENAI_BASE_URL="http://localhost:8000/sdk/v1"
@@ -86,7 +124,7 @@ export OPENAI_BASE_URL="http://localhost:8000/api/v1"
 export OPENAI_API_KEY="dummy-key"
 ```
 
-**For Anthropic-compatible clients:**
+**For Claude (Anthropic-compatible clients):**
 ```bash
 # For SDK mode
 export ANTHROPIC_BASE_URL="http://localhost:8000/sdk"
@@ -96,6 +134,27 @@ export ANTHROPIC_BASE_URL="http://localhost:8000/api"
 export ANTHROPIC_API_KEY="dummy-key"
 ```
 
+**For OpenAI Codex:**
+```bash
+# Direct API calls to Codex endpoints
+curl -X POST http://localhost:8000/codex/responses \
+  -H "Content-Type: application/json" \
+  -d '{"model": "gpt-5", "messages": [{"role": "user", "content": "Hello"}]}'
+
+# With specific session ID
+curl -X POST http://localhost:8000/codex/my_session_123/responses \
+  -H "Content-Type: application/json" \
+  -d '{"model": "gpt-5", "messages": [{"role": "user", "content": "Hello"}]}'
+```
+
+### Codex Session Management
+
+The Codex provider supports flexible session management:
+
+- **Auto-generated sessions**: `POST /codex/responses` - New session ID per request
+- **Persistent sessions**: `POST /codex/{session_id}/responses` - Use specific session ID
+- **Header forwarding**: `session_id` header is always forwarded when present
+
 
 ## MCP Server Integration & Permission System
 
 
@@ -18,6 +18,7 @@
 from ccproxy.api.middleware.request_id import RequestIDMiddleware
 from ccproxy.api.middleware.server_header import ServerHeaderMiddleware
 from ccproxy.api.routes.claude import router as claude_router
+from ccproxy.api.routes.codex import router as codex_router
 from ccproxy.api.routes.health import router as health_router
 from ccproxy.api.routes.mcp import setup_mcp
 from ccproxy.api.routes.metrics import (
@@ -33,9 +34,11 @@
 from ccproxy.utils.models_provider import get_models_list
 from ccproxy.utils.startup_helpers import (
     check_claude_cli_startup,
+    check_codex_cli_startup,
     flush_streaming_batches_shutdown,
     initialize_claude_detection_startup,
     initialize_claude_sdk_startup,
+    initialize_codex_detection_startup,
     initialize_log_storage_shutdown,
     initialize_log_storage_startup,
     initialize_permission_service_startup,
@@ -78,11 +81,21 @@ class ShutdownComponent(TypedDict):
         "startup": check_claude_cli_startup,
         "shutdown": None,  # Detection only, no cleanup needed
     },
+    {
+        "name": "Codex CLI",
+        "startup": check_codex_cli_startup,
+        "shutdown": None,  # Detection only, no cleanup needed
+    },
     {
         "name": "Claude Detection",
         "startup": initialize_claude_detection_startup,
         "shutdown": None,  # No cleanup needed
     },
+    {
+        "name": "Codex Detection",
+        "startup": initialize_codex_detection_startup,
+        "shutdown": None,  # No cleanup needed
+    },
     {
         "name": "Claude SDK",
         "startup": initialize_claude_sdk_startup,
@@ -282,6 +295,9 @@ def create_app(settings: Settings | None = None) -> FastAPI:
 
     app.include_router(oauth_router, prefix="/oauth", tags=["oauth"])
 
+    # Codex routes for OpenAI integration
+    app.include_router(codex_router, tags=["codex"])
+
     # New /sdk/ routes for Claude SDK endpoints
     app.include_router(claude_router, prefix="/sdk", tags=["claude-sdk"])