Add new login command for codex to use port forward

[nezhar]

Adds support for publishing the Codex OAuth callback port during the codex login OAuth flow, ensuring the browser callback works correctly when running Codex in Docker. It introduces detection logic to determine when the OAuth flow is needed, configures container port publishing, and adds tests for the new behavior.

Codex OAuth callback support:

• Added constants CODEX_OAUTH_CALLBACK_PORT and CODEX_OAUTH_FORWARD_PORT to define the callback and forwarder ports for Codex OAuth login.
• Implemented _is_codex_oauth_login to detect when the codex login OAuth flow requires port publishing.
• Modified run in run.py to set environment variables and publish the correct ports when the OAuth flow is detected. [1] [2] [3]
• Updated run_agent in docker.py to accept and handle a ports argument, mapping container ports to host ports for the callback forwarder. [1] [2]

Testing:

• Added tests to verify that run_agent publishes ports correctly and that _is_codex_oauth_login accurately detects when the OAuth flow is needed.

Summary by CodeRabbit

• New Features

  • Added support for Codex OAuth localhost callback authentication flow.
  • Implemented automatic port forwarding configuration for OAuth login callbacks.
  • Enhanced compatibility with multiple authentication methods including OAuth, device-auth, and API-key flows.

• Tests

  • Added unit tests to verify port forwarding and authentication flow detection.

[augmentcode]

🤖 Augment PR Summary

Summary: Enable Codex OAuth login callbacks to work when running Codex inside Docker via vp run.

Changes:

• Adds Codex OAuth callback/forwarder port constants and _is_codex_oauth_login detection.
• On browser-based codex login, sets VIBEPOD_OAUTH_FORWARD_PORT and publishes container port 1456 to host port 1455.
• Extends DockerManager.run_agent to accept/forward a Docker ports mapping.
• Adds tests for port publishing and OAuth-flow detection.

_{🤖 Was this summary useful? React with 👍 or 👎}

[augmentcode]

Review completed. 1 suggestion posted.

Comment augment review to trigger a new review at any time.

[coderabbitai]

📝 Walkthrough

Walkthrough

This PR adds OAuth callback port forwarding for Codex login flows. It introduces detection logic to identify when vp run codex login uses localhost OAuth (excluding device-auth and API-key flows), configures Docker port mapping to expose the internal forwarder port, updates DockerManager to accept and apply port configurations, and wires the ports through to container startup.

Changes

Codex OAuth Callback Port Forwarding

Layer / File(s)	Summary
OAuth detection and port constants src/vibepod/commands/run.py	Module constants CODEX_OAUTH_CALLBACK_PORT and CODEX_OAUTH_FORWARD_PORT are defined, and _is_codex_oauth_login() helper identifies when the invocation is a Codex login using localhost OAuth callback (excluding device-auth and API-key variants).
OAuth port forwarding setup in run() src/vibepod/commands/run.py	run() calls the detection helper to compute codex_oauth_login, and when true, initializes agent_ports with a TCP port mapping, sets the VIBEPOD_OAUTH_FORWARD_PORT environment variable, and prints the expected localhost callback URL.
Docker manager port forwarding interface src/vibepod/core/docker.py	DockerManager.run_agent() signature is updated to accept an optional ports parameter, which is conditionally passed to run_kwargs["ports"] during Docker container startup.
Port configuration wiring src/vibepod/commands/run.py	The computed agent_ports mapping is passed to manager.run_agent() via the ports= parameter, enabling OAuth callback port publishing when applicable.
Port forwarding and OAuth detection tests tests/test_run.py	Two tests validate that run_agent forwards the ports argument unchanged while preserving the network, and that _is_codex_oauth_login correctly distinguishes localhost OAuth flows from device-auth and API-key variants.

Sequence Diagram

sequenceDiagram
  participant User
  participant RunCommand
  participant OAuthHelper
  participant DockerManager
  participant Container

  User->>RunCommand: vp run codex login
  RunCommand->>OAuthHelper: _is_codex_oauth_login(agent, args)
  OAuthHelper-->>RunCommand: true (localhost OAuth detected)
  RunCommand->>RunCommand: Set VIBEPOD_OAUTH_FORWARD_PORT env var
  RunCommand->>RunCommand: Create port mapping
  RunCommand->>DockerManager: run_agent(ports=mapping, ...)
  DockerManager->>Container: Start with ports configuration
  Container-->>User: OAuth callback available on localhost

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A forwarder hops through ports so grand,
OAuth callbacks now have a land,
Localhost listens, the browser calls home,
Login flows dance where they're meant to roam!
✨🔌

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 16.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly describes the main change: adding support for Codex login to use port forwarding for OAuth callback flow, which aligns with the primary objective.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex-oauth

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/vibepod/commands/run.py`:
- Around line 90-95: The OAuth-detection logic in _is_codex_oauth_login treats
only "--device-auth" and "--with-api-key" as non-localhost flows, so
"--with-access-token" calls are misclassified; update the non_oauth_flags tuple
in src/vibepod/commands/run.py (the non_oauth_flags variable used by
_is_codex_oauth_login) to include "--with-access-token" so the existing
generator expression (arg == flag or arg.startswith(f"{flag}=")) will correctly
detect and exclude that flow from triggering the localhost callback/port
forwarding.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 28c44727-2292-4628-9b1f-ac76354f801c

📥 Commits

Reviewing files that changed from the base of the PR and between bab5c26 and aa7d598.

📒 Files selected for processing (3)

• src/vibepod/commands/run.py
• src/vibepod/core/docker.py
• tests/test_run.py