- resolve the sidepanel contribution-mode test conflict while keeping the new Codex2API assertions\n- update the mail2925 payload test harness for newly added Codex2API and random-subdomain inputs\n- renumber the README quick-start plan headings and strip trailing whitespace from the new tutorial doc
This keeps the existing CPA, SUB2API, and contribution flows intact
while introducing codex2api as a separate source that plugs into
Step 7 and Step 10 through backend APIs instead of page DOM.
The sidepanel now exposes codex2api settings, preserves the built-in
local default through placeholder-only UI, and accepts user-provided
public admin URLs. Step 7 now treats missing or invalid management
secrets as terminal config errors so the flow stops instead of retrying
needlessly.
Constraint: New source must be additive and must not break existing CPA/SUB2API/contribution paths
Rejected: Drive codex2api through admin page button clicks | too brittle against frontend DOM changes
Rejected: Reuse contribution mode as a source surface | violates existing panelMode/runtime-mode boundary
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep codex2api on the protocol path unless its API becomes insufficient; do not add a panel content script without proving the protocol path cannot work
Tested: npm test; targeted codex2api/auth retry loops repeated 40 times; full suite repeated 5 times
Not-tested: Real browser run against a live codex2api instance with a real Admin Secret and OpenAI authorization
Expose a configurable default proxy for SUB2API, resolve the proxy once,
persist the proxy_id in state, and reuse it across auth URL generation,
code exchange, and account creation so one OAuth flow stays on one proxy.
Constraint: Upstream GitHub permission is READ, so publication must use a fork PR
Rejected: Push to origin | current GitHub viewer permission does not allow upstream branch publication
Rejected: Resolve proxy independently in later steps | could drift from the proxy chosen at auth URL generation
Confidence: high
Scope-risk: moderate
Reversibility: clean
Tested: npm test passed 183/183
Not-tested: Manual browser extension flow against a live SUB2API deployment
- Refactor getStatusBadgeEntries to use createStep9Entry for better encapsulation.
- Introduce error visual signals detection in createStep9Entry.
- Add functions to identify OAuth callback timeout failures and step 9 failure texts.
- Update buildStep9StatusDiagnostics to include error visual summaries and handle conflicts between success and failure states.
- Implement new tests for step 9 diagnostics, ensuring correct behavior with success badges and error banners.
- Remove outdated tests related to step 5 onboarding and redirect race conditions.
- Add new tests for auto-run behavior in step 6 restart scenarios.
- Updated signup-page.js to support additional message types for signup entry and password page readiness.
- Introduced new helper functions for managing signup entry states and filling email/password.
- Enhanced error handling and logging for better debugging during the signup process.
- Modified sub2api-panel.js and vps-panel.js to handle REQUEST_OAUTH_URL messages and improved logging.
- Updated sidepanel.html to reflect changes in button labels for clarity in user actions.