9 Commits

Author SHA1 Message Date
QLHazyCoder a41997325d Use direct SUB2API admin API flow 2026-05-14 08:03:55 +08:00
朴圣佑 2bb34f9064 fix(tabs): lock automation to selected window 2026-05-12 11:24:12 +08:00
QLHazyCoder 6f9a9913b5 fix: update API URLs and improve error handling for SUB2API configuration 2026-05-08 09:11:19 +08:00
initiatione 5014cb4de3 Add configurable SUB2API account priority 2026-05-06 18:19:43 +08:00
cnxwzy f9f8df19d3 fix: harden CPA auth flow with API callback/state checks
Move CPA oauth url/callback handling to management API first, persist state/origin runtime keys, and fail fast on invalid callback or missing management auth to reduce flaky panel-driven auth failures.
2026-04-27 19:13:22 +08:00
initiatione f8b919e883 Add codex2api as a protocol-first OAuth source
This keeps the existing CPA, SUB2API, and contribution flows intact
while introducing codex2api as a separate source that plugs into
Step 7 and Step 10 through backend APIs instead of page DOM.

The sidepanel now exposes codex2api settings, preserves the built-in
local default through placeholder-only UI, and accepts user-provided
public admin URLs. Step 7 now treats missing or invalid management
secrets as terminal config errors so the flow stops instead of retrying
needlessly.

Constraint: New source must be additive and must not break existing CPA/SUB2API/contribution paths
Rejected: Drive codex2api through admin page button clicks | too brittle against frontend DOM changes
Rejected: Reuse contribution mode as a source surface | violates existing panelMode/runtime-mode boundary
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep codex2api on the protocol path unless its API becomes insufficient; do not add a panel content script without proving the protocol path cannot work
Tested: npm test; targeted codex2api/auth retry loops repeated 40 times; full suite repeated 5 times
Not-tested: Real browser run against a live codex2api instance with a real Admin Secret and OpenAI authorization
2026-04-22 13:57:21 +08:00
QLHazyCoder 7cb1bda672 feat: 更新 OAuth 流程,调整步骤 6 和步骤 7 的逻辑,添加相关测试 2026-04-19 18:59:32 +08:00
lizhelang 81613b865a Make SUB2API proxy defaults available across panel flows
Expose a configurable default proxy for SUB2API, resolve the proxy once,
persist the proxy_id in state, and reuse it across auth URL generation,
code exchange, and account creation so one OAuth flow stays on one proxy.

Constraint: Upstream GitHub permission is READ, so publication must use a fork PR
Rejected: Push to origin | current GitHub viewer permission does not allow upstream branch publication
Rejected: Resolve proxy independently in later steps | could drift from the proxy chosen at auth URL generation
Confidence: high
Scope-risk: moderate
Reversibility: clean
Tested: npm test passed 183/183
Not-tested: Manual browser extension flow against a live SUB2API deployment
2026-04-18 06:47:24 +08:00
QLHazyCoder f0c3dcda62 没有直接撬 Step 1~9 的核心状态机,而是先把最适合独立的管理器和桥接层拆出来 2026-04-16 23:18:27 +08:00