feat(ai): add ChatGPT subscription provider via Codex CLI OAuth flow

[cyenxchen]

Overview

Adds a new AI provider type — OpenAI (Sign in) — letting users authenticate
with their paid ChatGPT subscription instead of supplying an API key. Internally
this reuses the Codex CLI public OAuth client
to obtain Bearer tokens, then talks to chatgpt.com/backend-api/codex/responses
with SSE streaming.

For users who already pay for ChatGPT Plus / Pro / Team this avoids the
per-token API spend and the friction of generating + rotating an API key.

Screenshots

1. New "OpenAI (Sign in)" entry in the provider type picker

2. Add Provider sheet — Authentication block before sign-in

3. Edit Provider sheet — signed in, models loaded from /backend-api/codex/models

How it works

1. User picks OpenAI (Sign in) in the Add Provider sheet.
2. Click Sign in with OpenAI → app opens the system browser at
   auth.openai.com/authorize with PKCE (RFC 7636) parameters.
3. After consent, OpenAI redirects to http://localhost:1455/auth/callback —
   a single-shot loopback HTTP listener inside the app accepts the redirect.
4. App exchanges the auth code for access_token / refresh_token /
   id_token, decodes the JWT for account metadata (email, plan), and stores
   the bundle in the macOS Keychain under ai.chatgpt.tokens.<provider-uuid>.
5. On every request, ChatGPTOAuthService.tokenBundle(...) checks exp and
   refreshes via auth.openai.com/oauth/token if within the skew window.
   Concurrent refreshes coalesce into a single Task to avoid token thrash.
6. ChatGPTProvider streams /responses SSE deltas. A 401/403 from either
   /responses or /models purges the keychain bundle and the UI reverts
   to the signed-out state.

Architecture — 4 atomic commits

Split for bisect-friendliness; each commit compiles standalone.

1. feat(ai-core) — PKCE verifier/challenge, JWT payload decoder,
   ChatGPTTokenBundle value type. No outward dependencies.
2. feat(keychain) — KeychainService extension
   (save/load/deleteChatGPTTokens) keyed by provider UUID, plus unit tests
   for the primitives + Keychain round-trip.
3. feat(ai) — ProviderType.chatGPT enum case, loopback listener,
   OAuth service with refresh coalescing, ChatGPTProvider, factory /
   registry / DI wiring.
4. feat(settings) — ProviderEditSheet Sign-in / Sign-out UI,
   AIChatView send-button gating on token presence, SettingsView
   keychain cleanup on row removal.

Risk / caveats

• Not officially supported by OpenAI. This reuses the Codex CLI's public
  OAuth client_id. If OpenAI rotates that client or changes the
  /backend-api/codex/* shape, the provider breaks until the constants in
  ChatGPTOAuthConstants.swift are updated.
• Requires a paid ChatGPT plan. Free-tier accounts cannot reach
  /backend-api/codex/responses.
• macOS-only. The loopback listener uses Network.framework;
  Windows/Linux ports would need their own implementation.
• No long-lived API key. Sign-out (manual or 401-triggered) deletes the
  Keychain bundle; users have to re-authenticate.

Tests

• ChatGPTOAuthTests.swift — PKCE / JWT / token-bundle codec / Keychain
  round-trip
• ChatGPTOAuthServiceTests.swift — URL-protocol-mocked refresh path,
  concurrent-refresh coalescing, expired-token short-circuit,
  missing-keychain throw, SSE happy path + error event, /models filter +
  401 sign-out
• 28 / 28 passing locally (swift test --filter ChatGPTOAuth, ~0.5 s)

UI (sheet state machine, send-button gating) is covered by manual exploratory
testing — see test plan below. The codebase has no precedent for SwiftUI view
unit tests, so adding ViewInspector/XCUITest scaffolding solely for this PR
felt like over-engineering.

Test plan

• swift test --filter ChatGPTOAuth — 28 / 28 green
• swift build — no new warnings
• ./scripts/build-app.sh — Gridex.app v0.0.14 builds, ~77 MB,
  ad-hoc signed
• Add Provider → pick "OpenAI (Sign in)" → Sign in → Save → AI chat works
• Add Provider → Sign in → Cancel sheet → Keychain bundle cleaned up
  (security find-generic-password -s "Gridex" | grep ai.chatgpt.tokens
  returns nothing)
• Edit existing ChatGPT row → Cancel sheet → bundle preserved
  (no rollback)
• Edit a row → switch type from API-key to ChatGPT → Sign in →
  Cancel → bundle cleaned up
• Sign out via UI → AIChatView send button greys out
• Force a 401 (revoke token elsewhere) → next message clears bundle,
  UI reverts to signed-out
• Remove provider row from Settings → both ai.apikey.<uuid> and
  ai.chatgpt.tokens.<uuid> purged

[thinhntq]

Pushed c9eb0f4 to your branch with three review fixes plus dispatch coverage. Security review came back clean (no high-confidence findings on PKCE / state / loopback bind / Keychain / JWT / token transmission), and code-quality review surfaced these three. maintainerCanModify was on, hence the direct push.

What changed

1. defaultModel was an invented slug — would 400 on first request

ProviderType.swift:107 had case .chatGPT: return "gpt-5.4". That slug doesn't exist server-side, and the surrounding comment at line 171–174 explicitly says ChatGPT slugs come from the live /backend-api/codex/models fetch — the default contradicted that.

Repro: create a ChatGPT provider, sign in, fire the first request before the live models picker resolves → model: nil defaults to gpt-5.4 → HTTP 400 from /responses.

Switched to gpt-5-codex, which is what Codex CLI itself defaults to.

2. preconditionFailure violated the GridexError invariant

ProviderFactory.swift:35 crashed the process when chatGPTOAuthService was nil for a .chatGPT config. Reachable via the legacy make(type:apiKey:baseURL:) overload (used by DependencyContainer.makeLLMService at DependencyContainer.swift:119) — that overload can't thread an OAuth service through.

Replaced with a private MisconfiguredChatGPTProvider stub. Misconfig now surfaces as a normal in-band GridexError.aiProviderError(...) on the first call rather than a process-wide crash. Matches the AGENTS.md §0 invariant: "Errors are GridexError. Never throw raw NSError or crash."

3. Type-switch out of .chatGPT left a zombie OAuth task

ProviderEditSheet.applyTypeDefaults only reset state when switching INTO .chatGPT. Scenario: user opens Add Provider → picks ChatGPT → taps Sign in with OpenAI → browser is slow → user changes their mind → switches Type back to OpenAI. The in-flight OAuth task kept running with stale isSigningIn / signInError / chatGPTStatus / dirtyChatGPTSignIn, and a tardy browser callback could still write tokens to ai.chatgpt.tokens.<uuid> after the form had moved on.

The keychain still converged via the Save/Cancel cleanup paths, but the user-visible state was incoherent. Now the non-.chatGPT branch cancels the task and resets the four flags.

Tests

Added ProviderFactoryTests.swift (6 cases) covering the dispatch matrix:

• .chatGPT with OAuth service → ChatGPTProvider ✓
• .chatGPT without OAuth service → MisconfiguredChatGPTProvider whose stream() and availableModels() both throw GridexError.aiProviderError ✓
• .anthropic → AnthropicProvider, .openAI → OpenAIProvider ✓
• Regression assert pinning the literal "gpt-5.4" out and a gpt-5* / gpt-4o slug in ✓

Result: 34 / 34 AI tests pass (28 existing OAuth + 6 new factory). Full suite also green after a routine TLS-cert renewal on the local PG :55435 fixture (1-day expiry on a self-signed cert — unrelated to this PR).

swift test --filter "ChatGPTOAuth|ProviderFactoryTests"
…
Executed 34 tests, with 0 failures (0 unexpected) in 0.392s

Still open (PR description's own checkboxes)

The four manual UI items in your test plan are unchecked — these now matter more, especially the last two:

• Add Provider → pick ChatGPT → Sign in → Save → AI chat works
• Add Provider → Sign in → Cancel sheet → Keychain bundle cleaned up
• Edit existing ChatGPT row → Cancel sheet → bundle preserved
• Edit a row → switch type from API-key to ChatGPT → Sign in → Cancel → bundle cleaned up ← this is exactly the zombie-state path fix (3) addresses; please verify

Suggested but not pushed (your call)

• ChatGPTProvider.swift:81, :254 — error-body logged with privacy: .public. Server-controlled body can echo prompt content; consider .private for symmetry with the request-side logging at line 202–205.
• ChatGPTProvider.swift:67-71 — silent signOut on every 401/403. A transient 401 wipes the user's tokens and forces a full re-sign-in. Codex CLI's own behavior is closer to "refresh first, signOut only on invalid_grant". A one-line clarifying comment ("by the time we hit stream(), tokenBundle() has already refreshed; a 401 here means the new token was rejected → genuine signOut") would also work if you'd rather keep the current shape.

ToS / Compliance — non-code, but worth surfacing

Reusing the public Codex CLI client_id to hit chatgpt.com/backend-api/codex/responses is a gray area against OpenAI's terms. The author's own caveats already note "OpenAI may revoke at any time" and "/backend-api/codex shape may change" — it'd be worth a small "Unofficial — uses Codex CLI OAuth client; may break or violate ToS, use at your own risk" disclaimer in the Settings sheet next to the Sign in button. Not a code blocker; just protects users (account suspension risk) and the project (C&D risk). Happy to add the disclaimer in a follow-up if you'd like.

From my side

With the three fixes pushed, this is good to merge once you've ticked the four manual UI items above, particularly the type-switch flow. Excellent work overall — security review was textbook clean and the 4-commit split is bisect-friendly.