fix: OAuth providers + Codex routing cleanup (v2.1.3)#206
Merged
github-actions[bot] merged 14 commits intomainfrom Apr 8, 2026
Merged
fix: OAuth providers + Codex routing cleanup (v2.1.3)#206github-actions[bot] merged 14 commits intomainfrom
github-actions[bot] merged 14 commits intomainfrom
Conversation
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Uncomment openai-codex provider in config.yaml (model: gpt-5.4) - Add openai-codex-mini/spark/high variant providers - Add oauth backend to _SUPPORTED_BACKENDS in config.py - Add oauth default transport profile in lane_registry.py - Update _PROVIDER_LANE_BINDINGS: openai-codex canonical → gpt-5.4, add mini/spark/high bindings - Add all 20 Codex models to _CANONICAL_MODEL_LANES - Update registry.py example_model to openai-codex/gpt-5.4 - Add model_requested routing rules for codex/gpt-5.4/codex-mini/codex-high Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The Codex base_url (chatgpt.com/backend-api/codex/responses) IS the full endpoint. The openai-compat wrapper was appending /chat/completions, causing all requests to 404 → triggering degrade_to fallback → Sonnet. - Add per-provider transport bindings for openai-codex* with chat_path: "" - Remove paid providers (gpt-4o, sonnet) from openai-codex degrade_to chain Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
OAuthBackend._run_helper() parses stdout as JSON to populate TokenStore. The helper was printing human-readable text to stdout → json.JSONDecodeError → every Codex request failed before even reaching the API. Status/info messages already went to stderr; now stdout is only the JSON token. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- openai-codex-xhigh → gpt-5.3-codex-xhigh (Extra hoch) - openai-codex-low → gpt-5.3-codex-low (Niedrig) - Routing rules + lane bindings + transport bindings for both - Remove anthropic/sonnet-4.6 from openai-codex-high degrade_to Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…roviders providers.py: load extra_body from provider config as default_extra_body, injected into every request before caller's extra_body override. New providers for GPT-5.4 reasoning control: openai-codex-5.4-xhigh → reasoning_effort=extra_high openai-codex-5.4-high → reasoning_effort=high openai-codex-5.4-medium → reasoning_effort=medium openai-codex-5.4-low → reasoning_effort=low All share model=gpt-5.4 with chat_path="" transport binding. Routing rules + transport bindings + OpenCode model entries included. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- claude_code_oauth(): reads from macOS Keychain (Claude Code-credentials →
claudeAiOauth), auto-refreshes expired tokens via platform.claude.com,
writes new tokens back to keychain
- claude_code_refresh(): standalone refresh function for --refresh flag
- Activates claude-code provider in config.yaml:
- base_url: api.anthropic.com/v1, model: claude-sonnet-4-6
- extra_headers: anthropic-version + oauth-2025-04-20 beta flag (required
for Bearer OAuth on api.anthropic.com/v1/messages)
- providers.py: default_extra_headers injected in _authorization_headers()
so all request paths (complete, probe, image) get the headers
- providers.py: lazy OAuthBackend import to break circular import with
oauth/backend.py (backend.py imports ProviderBackend → was destroying
the module during import, leaving OAuthBackend = None)
- providers.py: store self.cfg for OAuthBackend._create_wrapped_backend()
- oauth/backend.py: OAuthBackend.complete() override to inject token into
_wrapped_backend.api_key before delegating (replaces non-functional
_request() override that was never called)
- oauth/backend.py: underlying_backend reads from top-level cfg first
(not just oauth sub-dict) so anthropic-compat is correctly applied
- lane_registry.py: claude-code transport binding (profile oauth-anthropic-
compat, chat_path /messages, auth_mode bearer)
- lane_registry.py: openai-codex-5.4-{xhigh,high,medium,low} lane bindings
with correct degrade_to chains (Codex-only, no paid provider fallback)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- _qwen_base_url_from_resource(): use /v1 (not /compatible-mode/v1) to match qwen-code CLI's getCurrentEndpoint() logic - config.yaml + registry.py: update qwen-portal base_url accordingly - Add require_system_message to OAuthBackend – portal.qwen.ai requires a system message in every request; inject one when absent - Add DashScope/stainless headers to qwen-portal extra_headers (X-DashScope-AuthType: qwen-oauth, X-DashScope-CacheControl: enable, x-stainless-* matching what the qwen-code CLI sends) - qwen_oauth(): raise RuntimeError on expired token instead of warning - qwen_device_code_flow(): PKCE support + form-encoded body + correct UA Inference confirmed working: 429 rate-limit response = auth + request format are accepted by portal.qwen.ai. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- providers.py: add google-codeassist backend (_complete_codeassist) that
wraps requests in cloudcode-pa's {model, project, request} envelope and
unwraps the outer {"response": ...} layer before _google_to_openai()
- config.yaml: switch antigravity from static api_key_env to OAuth backend;
add gemini-cli provider – both point at cloudcode-pa.googleapis.com/v1internal
via faigate-auth google-antigravity helper
- oauth/cli.py: antigravity_oauth() now raises RuntimeError on expired token
(instead of warning) so the CLI handler falls through to browser PKCE login;
--refresh path also falls back to antigravity_login() when refresh fails;
both antigravity_oauth() and antigravity_refresh() now include expires_at
(seconds) alongside expiry_date (ms) so token_store.is_expired() works
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
# Conflicts: # CHANGELOG.md # config.yaml # faigate/__init__.py # faigate/lane_registry.py # faigate/providers.py # pyproject.toml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Verification