commit 368a5948b22c59d5e504a2f3838bed6370166615 Author: Hermes Agent Date: Thu May 7 19:56:34 2026 +0800 feat: publish codex oauth onboarding skill diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..e25b7e9 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +.env +*.env +*.local +.DS_Store +*.log +run-records/ +browser-profiles/ diff --git a/README.md b/README.md new file mode 100644 index 0000000..d88c089 --- /dev/null +++ b/README.md @@ -0,0 +1,20 @@ +# Codex OAuth Plus Onboarding Skill + +Hermes skill for BOSS's controlled Codex/ChatGPT OAuth onboarding flow using: + +- real visible Google Chrome stable with isolated profile +- per-run ClawEmail mailbox creation and local outcome records +- explicit target platform selection only (`cpa`, `sub2api`, or `codex2api`) +- unauthenticated HTTP/SOCKS5 browser proxy +- unified preconfigured account password +- no default phone/SMS provider +- GoPay Plus flow with manual WhatsApp OTP checkpoint + +## Files + +- `skill/codex-oauth-plus-onboarding/SKILL.md` +- `skill/codex-oauth-plus-onboarding/templates/codex_oauth_onboarding.env.example` + +## Safety + +Do not commit filled env files or secrets. The template is intentionally blank for platform credentials, proxy, password, SMS providers, and payment details. diff --git a/skill/codex-oauth-plus-onboarding/SKILL.md b/skill/codex-oauth-plus-onboarding/SKILL.md new file mode 100644 index 0000000..cb580dc --- /dev/null +++ b/skill/codex-oauth-plus-onboarding/SKILL.md @@ -0,0 +1,401 @@ +--- +name: codex-oauth-plus-onboarding +description: "Use when BOSS asks to register a ChatGPT/Codex OAuth account flow with ClawEmail, optionally open Plus through GoPay/GPC, and authorize the OAuth callback into SUB2API, Codex2API, or CPA using an isolated proxied browser profile." +version: 1.0.0 +author: Hermes Agent +license: MIT +metadata: + hermes: + tags: [codex, oauth, clawemail, gopay, sub2api, codex2api, cpa, browser-automation] + related_skills: [clawemail-operations, browser-extension-storage-audit] +--- + +# Codex OAuth + Plus Onboarding + +## Overview + +This skill describes the safe, repeatable workflow for using the local `codex-oauth-automation-extension` project to run a **single user-authorized onboarding flow**: + +1. Use **ClawEmail** as the registration mailbox. +2. Register/Login through ChatGPT/OpenAI auth. +3. Optionally open ChatGPT Plus through **GoPay / GPC helper**. +4. Complete OAuth authorization. +5. Submit the localhost OAuth callback to exactly one configured target: **SUB2API**, **Codex2API**, or **CPA**. +6. Run the browser in an isolated profile with a dedicated proxy. + +The skill is for BOSS's own infrastructure and accounts only. Do not use it for spam, credential stuffing, rate-limit evasion, CAPTCHA bypass, unauthorized account creation, or bulk registration. If a page asks for CAPTCHA, security challenge, phone ownership proof, payment confirmation, or another user-visible anti-abuse checkpoint, pause and ask BOSS to complete/approve it manually. + +## When to Use + +Use this skill when BOSS asks for any of these: + +- “用 ClawEmail 注册 Codex / ChatGPT OAuth,然后授权到 SUB2API / Codex2API / CPA” +- “用 GoPay 开 Plus 后把 OAuth 接进去” +- “把 QLHazyCoder/codex-oauth-automation-extension 那套流程跑起来” +- “给这个注册流程做独立代理、无痕/隔离浏览器配置” +- “把这个流程做成可复用配置和操作步骤” + +Also load `clawemail-operations` before any ClawEmail mailbox work. + +## BOSS-specific Operating Defaults + +These are confirmed operating rules for BOSS's environment: + +- Use **Google Chrome stable** at `/Applications/Google Chrome.app/Contents/MacOS/Google Chrome` with a real visible window. +- Do **not** set a default target platform. If `PANEL_MODE` is empty or not one of `cpa|sub2api|codex2api`, stop before launching the run. +- Proxies are supplied as unauthenticated `socks5://host:port` or `http://host:port`; do not expect proxy username/password. +- The new account password is unified through `CUSTOM_PASSWORD`. If it is empty, stop and ask BOSS to fill it, unless BOSS explicitly allows auto-generation for that run. +- ClawEmail creates a fresh mailbox for every run (`CLAWEMAIL_CREATE_PER_RUN=true`). Record every created mailbox locally with outcome classification: pending, success, failed. +- Phone/SMS platform has no default. Keep `PHONE_VERIFICATION_ENABLED=false` and `PHONE_SMS_PROVIDER` empty unless BOSS configures one or approves enabling it after a phone verification appears. +- Plus mode uses `PLUS_PAYMENT_METHOD=gopay`. Any paid GoPay action still requires explicit confirmation immediately before payment/approval. +- GoPay WhatsApp OTP uses **方案 A / manual checkpoint**: set `GOPAY_OTP_SOURCE=manual`. The extension detects OTP input and opens a side-panel prompt (`requestGoPayOtpInput` / “输入 GoPay 验证码”); BOSS pastes the WhatsApp code, then the extension fills OTP, fills `GOPAY_PIN`, and continues. +- `GOPAY_OTP` should normally stay empty before the run. It is only a temporary prefill/cache for the current OTP dialog, not a durable secret. +- Do not implement WhatsApp scraping/API automation unless BOSS explicitly requests it later. + + + +1. **Explicit target**: BOSS must specify exactly one target mode: `sub2api`, `codex2api`, or `cpa`; there is no default target, and an empty `PANEL_MODE` must stop execution. +2. **Single-run default**: default to one account / one OAuth flow unless BOSS explicitly requests a count. +3. **No CAPTCHA bypass**: if Cloudflare/CAPTCHA/security challenge appears, stop and report the required manual action. +4. **Payment checkpoint**: Plus mode is GoPay for BOSS, but before any GoPay payment or paid operation, confirm that BOSS wants to proceed. +5. **No secret leakage**: never print API keys, admin keys, proxy addresses if sensitive, refresh tokens, card keys, or OAuth callback URLs containing `code=` in final summaries. Redact as `[REDACTED]`. +6. **Config export risk**: the extension’s built-in settings export may contain secrets. Treat exported files as sensitive. +7. **Mailbox records**: every freshly-created ClawEmail mailbox must be recorded locally with run id and final status (`pending`, `success`, or `failed`). + +## Repository and Local Paths + +Known research clone: + +```bash +/Users/chick/.Hermes/workspace/research/codex-oauth-automation-extension +``` + +If missing, clone shallow: + +```bash +mkdir -p /Users/chick/.Hermes/workspace/research +cd /Users/chick/.Hermes/workspace/research +git clone --depth=1 https://github.com/QLHazyCoder/codex-oauth-automation-extension.git +``` + +Validate tests when modifying or before relying on a changed checkout: + +```bash +cd /Users/chick/.Hermes/workspace/research/codex-oauth-automation-extension +node --test tests/*.test.js +``` + +Observed verification result during initial study: `772` tests passed, `0` failed. + +## Configuration File + +Create a dedicated env file instead of typing secrets into chat. A fuller template is stored with this skill at `templates/codex_oauth_onboarding.env.example`. + +```bash +mkdir -p ~/.hermes/env +chmod 700 ~/.hermes/env +cp ~/.hermes/skills/software-development/codex-oauth-plus-onboarding/templates/codex_oauth_onboarding.env.example ~/.hermes/env/codex_oauth_onboarding.env +chmod 600 ~/.hermes/env/codex_oauth_onboarding.env +$EDITOR ~/.hermes/env/codex_oauth_onboarding.env +``` + +High-level required groups: + +1. **Local project / browser**: `CODEX_OAUTH_EXTENSION_DIR`, `CHROME_BIN`, `BROWSER_PROFILE_ROOT`, `BROWSER_HEADLESS=false`. +2. **Panel / target mode**: `PANEL_MODE=cpa|sub2api|codex2api` has **no default**; if empty, stop. Fill only the selected target’s auth fields copied from the original side panel (`CPA_VPS_URL`/`CPA_VPS_PASSWORD`, or `SUB2API_*`, or `CODEX2API_*`). +3. **Proxy**: fill `BROWSER_PROXY_SERVER` with BOSS-provided unauthenticated `socks5://host:port` or `http://host:port`; use `IP_PROXY_*` only when using the original extension’s built-in 711proxy/IP proxy panel. +4. **Registration identity and password**: `CLAWEMAIL_CREATE_PER_RUN=true`, `CLAWEMAIL_PREFIX`, `CLAWEMAIL_RECORD_FILE`, `SIGNUP_METHOD=email`, and unified `CUSTOM_PASSWORD`. +5. **Mail provider**: `MAIL_PROVIDER`, `EMAIL_GENERATOR`, and original-provider fields only if not polling ClawEmail from Hermes. +6. **Phone/SMS verification fallback**: no default provider; keep `PHONE_VERIFICATION_ENABLED=false` and `PHONE_SMS_PROVIDER` empty unless configured/approved. +7. **Plus/payment**: `PLUS_MODE_ENABLED=true`, `PLUS_PAYMENT_METHOD=gopay`; paid operations still require explicit confirmation. + +Minimal template excerpt: + +```bash +# Required: local extension repo +CODEX_OAUTH_EXTENSION_DIR=/Users/chick/.Hermes/workspace/research/codex-oauth-automation-extension + +# Required: ClawEmail mailbox +CLAWEMAIL_UID=chickliu@claw.163.com +CLAWEMAIL_PREFIX=codex + +# Browser isolation +BROWSER_PROFILE_ROOT=/Users/chick/.Hermes/workspace/browser-profiles/codex-oauth +BROWSER_HEADLESS=false +BROWSER_PROXY_SERVER=http://host:port +BROWSER_PROXY_USERNAME= +BROWSER_PROXY_PASSWORD= + +# Target mode: sub2api | codex2api | cpa +OAUTH_TARGET_MODE=sub2api + +# SUB2API settings +SUB2API_URL= +SUB2API_EMAIL= +SUB2API_PASSWORD= +SUB2API_GROUP_NAME=default +SUB2API_ACCOUNT_PRIORITY=1 +SUB2API_DEFAULT_PROXY_NAME= + +# Codex2API settings +CODEX2API_URL= +CODEX2API_ADMIN_KEY= + +# CPA settings +CPA_URL= +CPA_MANAGEMENT_KEY= +CPA_LOCAL_STEP9_MODE=submit + +# Plus / GoPay / GPC helper settings +PLUS_MODE_ENABLED=false +PLUS_PAYMENT_METHOD=gpc-helper +GPC_HELPER_API_URL= +GPC_HELPER_CARD_KEY= +GPC_HELPER_COUNTRY_CODE=+86 +GPC_HELPER_PHONE_NUMBER= +GPC_HELPER_PIN= +GPC_HELPER_OTP_CHANNEL=whatsapp +GPC_HELPER_LOCAL_SMS_ENABLED=false +GPC_HELPER_LOCAL_SMS_URL=http://127.0.0.1:18767 + +# Runtime behavior +RUN_COUNT=1 +AUTO_RUN_SKIP_FAILURES=false +AUTO_STEP_DELAY_SECONDS=2 +OAUTH_FLOW_TIMEOUT_ENABLED=true +``` + +Rules: + +- Keep this file local only; never commit it. +- Use `[REDACTED]` in reports for all secret values. +- If multiple target sections are filled, only the section selected by `OAUTH_TARGET_MODE` should be used. + +## Browser Isolation and Proxy Strategy + +This workflow must use a **real visible Chrome/Chromium browser**. Do not use headless browser mode for registration, payment, OAuth consent, or security-sensitive OpenAI/Auth pages. + +Use a **dedicated browser profile** per run or per account. “无痕模式” in Chrome does not normally persist extension state and may not allow side panel/extensions unless explicitly enabled. For this extension, prefer a real visible browser with: + +- Dedicated clean `user-data-dir` profile. +- Loaded unpacked extension from `CODEX_OAUTH_EXTENSION_DIR`. +- Proxy applied at browser launch or by a verified local proxy wrapper. +- Human-visible UI for CAPTCHA/security/payment checkpoints. +- Profile cleared after success if BOSS wants no local residue. + +Recommended profile naming: + +```bash +RUN_ID=$(date +%Y%m%d-%H%M%S) +PROFILE_DIR="$BROWSER_PROFILE_ROOT/$RUN_ID" +mkdir -p "$PROFILE_DIR" +``` + +Chrome launch pattern: + +```bash +/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \ + --user-data-dir="$PROFILE_DIR" \ + --disable-extensions-except="$CODEX_OAUTH_EXTENSION_DIR" \ + --load-extension="$CODEX_OAUTH_EXTENSION_DIR" \ + --proxy-server="$BROWSER_PROXY_SERVER" \ + --no-first-run \ + --no-default-browser-check +``` + +If proxy authentication is required and Chrome launch flags do not authenticate reliably, use one of these approaches: + +1. Use an upstream proxy URL that embeds auth only in a local proxy wrapper, not in command history. +2. Start a local forwarding proxy that injects upstream credentials. +3. Configure proxy credentials inside the extension only if the extension supports it and the config file is protected. + +Do not reuse the normal personal browser profile for this workflow. + +## ClawEmail Preparation + +Load `clawemail-operations` and verify: + +```bash +mail-cli auth test --json +mail-cli clawemail list --json +mail-cli clawemail info --uid "$CLAWEMAIL_UID" --json +``` + +Registration email choice: + +- Default: use `CLAWEMAIL_UID` directly. +- If BOSS wants per-run sub-mailboxes, create them with `mail-cli clawemail create --prefix ...` and set the extension’s registration email to the created UID. + +For code retrieval, the extension may interact with mail provider pages or helper logic, but ClawEmail can also be polled by Hermes: + +```bash +mail-cli mail list --fid 1 --limit 20 --json +mail-cli read body --id '' +``` + +Always quote message IDs. + +## Extension Architecture Reference + +The project is a Manifest V3 Chrome extension: + +- `manifest.json`: permissions, host permissions, content scripts, side panel. +- `background.js`: service worker and state orchestration. +- `background/message-router.js`: handles sidepanel messages such as `EXECUTE_STEP`, `AUTO_RUN`, `SAVE_SETTING`, `EXPORT_SETTINGS`, `IMPORT_SETTINGS`. +- `data/step-definitions.js`: step list for normal and Plus modes. +- `background/steps/*.js`: one executor per major step. +- `content/signup-page.js`: OpenAI/Auth page DOM automation. +- `content/*mail*.js`: mail provider automation. +- `sidepanel/sidepanel.js`: UI controls and settings collection. + +Important permissions include `tabs`, `webNavigation`, `webRequest`, `proxy`, `debugger`, `cookies`, `browsingData`, `storage`, `scripting`, `activeTab`, and `` host access. + +## Normal OAuth Flow Steps + +Normal mode step definitions: + +1. `open-chatgpt` — clear ChatGPT/OpenAI cookies and open ChatGPT. +2. `submit-signup-email` — enter email or phone registration identity. +3. `fill-password` — generate/use password and submit. +4. `fetch-signup-code` — fetch registration verification code from mailbox/SMS. +5. `fill-profile` — generate and submit name + birthday. +6. `wait-registration-success` — wait for registration to stabilize. +7. `oauth-login` — refresh OAuth URL from selected target and log in. +8. `fetch-login-code` — fetch login verification code if needed. +9. `confirm-oauth` — click OAuth consent / Continue and capture localhost callback. +10. `platform-verify` — submit callback/code/state to SUB2API, Codex2API, or CPA. + +## Plus Flow Steps + +When `PLUS_MODE_ENABLED=true`, the extension switches step definitions. + +PayPal Plus path: + +1-5. same registration steps. +6. `plus-checkout-create` — create Plus Checkout. +7. `plus-checkout-billing` — fill billing and submit order. +8. `paypal-approve` — PayPal login/approval. +9. `plus-checkout-return` — confirm return. +10. `oauth-login`. +11. `fetch-login-code`. +12. `confirm-oauth`. +13. `platform-verify`. + +GoPay/GPC helper paths use similar Plus step positions, with payment-specific logic in `background/steps/create-plus-checkout.js`, `fill-plus-checkout.js`, `gopay-*`, and helper API settings. + +## Applying Settings in the Extension + +The sidepanel normally sends settings through `SAVE_SETTING`; the background persists keys in `chrome.storage.local` via `PERSISTED_SETTING_KEYS`. + +Manual UI route: + +1. Open isolated Chrome profile with extension loaded. +2. Open the extension side panel. +3. Set `panelMode` according to `OAUTH_TARGET_MODE`: + - `sub2api` → fill SUB2API URL/email/password/group/proxy/priority. + - `codex2api` → fill Codex2API URL/Admin Key. + - `cpa` → fill CPA URL and management key. +4. Set registration email to ClawEmail mailbox. +5. Enable Plus mode only if requested. +6. Select `gpc-helper` / GoPay settings when using GoPay/GPC. +7. Configure proxy mode if the extension manages proxy; otherwise rely on browser launch proxy. +8. Save settings. +9. Start manual steps or Auto Run with `RUN_COUNT=1`. + +Programmatic route, if writing a helper script: + +- Prefer controlling the sidepanel UI or sending extension runtime messages from the extension context. +- Do not inject secrets into shell command lines where they will remain in history/process listings. +- Keep settings source in `~/.hermes/env/codex_oauth_onboarding.env`. + +## Execution Checklist + +1. Load this skill and `clawemail-operations`. +2. Read `~/.hermes/env/codex_oauth_onboarding.env` locally; validate required fields for the selected target. +3. Confirm payment/Plus intent if `PLUS_MODE_ENABLED=true`. +4. Verify ClawEmail auth and selected mailbox. +5. Confirm extension repo exists and tests pass if the checkout changed. +6. Start a dedicated proxied browser profile with the unpacked extension. +7. Open sidepanel and apply settings. +8. Start one run. +9. Monitor logs for: + - registration email submitted + - signup verification code fetched + - profile completed + - Plus checkout/payment status, if enabled + - OAuth URL refreshed + - login code fetched, if required + - localhost callback captured + - platform verification succeeded +10. If security challenge/CAPTCHA/phone/payment confirmation appears, pause and notify BOSS. +11. After success, verify target platform has the new authorized account/session. +12. Redact secrets and callback codes in the final report. + +## Storage and Export Risk + +The extension stores sensitive configuration in `chrome.storage.local`, including possible: + +- CPA management key / password. +- SUB2API password. +- Codex2API admin key. +- Proxy username/password/API URL. +- Hotmail account passwords, `clientId`, `refreshToken`. +- PayPal account pool credentials. +- 2925 mailbox credentials. +- LuckMail / HeroSMS / 5sim / NexSMS API keys. +- Cloudflare Temp Email auth fields. + +Runtime state goes mostly to `chrome.storage.session`, including generated email, password, codes, OAuth URL, localhost callback, and target session metadata. + +The built-in export function exports `getPersistedSettings()` as JSON; this can include sensitive persistent settings. Treat every export as secret material. + +## Troubleshooting + +### Extension does not appear + +- Confirm Chrome was launched with `--load-extension` and `--disable-extensions-except` pointing to the repo directory. +- Confirm `manifest.json` exists and is Manifest V3. +- Use a non-headless browser. Chrome extension side panels are usually not practical in headless mode. + +### Proxy not applied + +- Visit an IP-check page in the isolated browser before starting. +- If auth proxy fails, use a local forwarding proxy wrapper. +- Do not put proxy passwords in final answers. + +### ClawEmail code not found + +- Verify the email address submitted in step 2 matches `CLAWEMAIL_UID` or the created sub-mailbox. +- Use `mail-cli mail list --fid 1 --limit 20 --json` and inspect recent OpenAI messages. +- Check spam/deleted folders if inbox is empty. + +### OAuth callback not captured + +- Step `confirm-oauth` listens for localhost callback via webNavigation/tabs updates. +- Re-run the OAuth login/confirm steps only, not the full registration, unless the auth session is invalid. +- Verify target mode settings and state value mismatch errors. + +### Target verify fails + +- For SUB2API, verify URL/email/password/group/priority/proxy fields. +- For Codex2API, verify URL and admin key. +- For CPA, verify management origin/key and callback endpoint support. +- Do not print callback URL with `code=`; redact. + +### Plus/GoPay fails + +- Confirm Plus mode and payment method are correct. +- Confirm GPC helper URL/card key/phone/PIN/OTP channel settings. +- Stop before retrying paid operations repeatedly; ask BOSS. + +## Verification Checklist + +- [ ] Config file exists at `~/.hermes/env/codex_oauth_onboarding.env` with mode-specific fields. +- [ ] ClawEmail auth passes. +- [ ] Isolated browser profile is not the normal personal profile. +- [ ] Browser exit IP matches intended proxy. +- [ ] Extension is loaded and sidepanel opens. +- [ ] Only one target mode is active. +- [ ] Plus payment was explicitly approved if enabled. +- [ ] Target platform shows the OAuth account/session after verification. +- [ ] Final report redacts all secrets, callback codes, passwords, API keys, and proxy credentials. diff --git a/skill/codex-oauth-plus-onboarding/templates/codex_oauth_onboarding.env.example b/skill/codex-oauth-plus-onboarding/templates/codex_oauth_onboarding.env.example new file mode 100644 index 0000000..f94748f --- /dev/null +++ b/skill/codex-oauth-plus-onboarding/templates/codex_oauth_onboarding.env.example @@ -0,0 +1,150 @@ +# Codex OAuth onboarding env template for real Google Chrome flow +# Copy to ~/.hermes/env/codex_oauth_onboarding.env and chmod 600. +# Do not commit. Do not paste secrets into chat. + +# 0) Local project / browser +CODEX_OAUTH_EXTENSION_DIR=/Users/chick/.Hermes/workspace/research/codex-oauth-automation-extension +CHROME_BIN=/Applications/Google Chrome.app/Contents/MacOS/Google Chrome +BROWSER_PROFILE_ROOT=/Users/chick/.Hermes/workspace/browser-profiles/codex-oauth +BROWSER_HEADLESS=false +BROWSER_LANG=zh-CN +RUN_COUNT=1 +AUTO_STEP_DELAY_SECONDS=2 +AUTO_RUN_SKIP_FAILURES=false +OAUTH_FLOW_TIMEOUT_ENABLED=true + +# 1) Panel / target mode. No default: leave empty and the workflow MUST NOT run. +# Must explicitly select exactly one before execution: cpa | sub2api | codex2api +PANEL_MODE= +LOCAL_CPA_STEP9_MODE=submit + +# CPA panel fields +CPA_VPS_URL= +CPA_VPS_PASSWORD= + +# SUB2API panel fields +SUB2API_URL= +SUB2API_EMAIL= +SUB2API_PASSWORD= +SUB2API_GROUP_NAME= +SUB2API_ACCOUNT_PRIORITY=1 +SUB2API_DEFAULT_PROXY_NAME= + +# Codex2API panel fields +CODEX2API_URL= +CODEX2API_ADMIN_KEY= + +# 2) Browser proxy. BOSS provides SOCKS5 or HTTP proxy without username/password. +# Examples: socks5://host:port or http://host:port +BROWSER_PROXY_SERVER= +BROWSER_PROXY_CHECK_URL=https://api.ipify.org?format=json + +# Extension built-in 711proxy/IP proxy fields, only if using original project proxy panel. +IP_PROXY_ENABLED=false +IP_PROXY_SERVICE= +IP_PROXY_MODE= +IP_PROXY_API_URL= +IP_PROXY_ACCOUNT_LIST= +IP_PROXY_ACCOUNT_SESSION_PREFIX=codex +IP_PROXY_ACCOUNT_LIFE_MINUTES= +IP_PROXY_POOL_TARGET_COUNT=20 +IP_PROXY_AUTO_SYNC_ENABLED=false +IP_PROXY_AUTO_SYNC_INTERVAL_MINUTES=15 +IP_PROXY_HOST= +IP_PROXY_PORT= +IP_PROXY_PROTOCOL= +IP_PROXY_REGION= + +# 3) Registration identity and password +# ClawEmail must create a fresh mailbox each run and record it locally with status. +CLAWEMAIL_CREATE_PER_RUN=true +CLAWEMAIL_PREFIX=codex +CLAWEMAIL_UID= +CLAWEMAIL_RECORD_FILE=/Users/chick/.Hermes/workspace/codex-oauth/run-records/clawemail_accounts.jsonl +SIGNUP_METHOD=email +CUSTOM_PASSWORD= + +# 4) Mail provider fields from original project, fill only if not using Hermes-side ClawEmail polling. +MAIL_PROVIDER= +EMAIL_GENERATOR=custom +CUSTOM_EMAIL_POOL= +CUSTOM_MAIL_PROVIDER_POOL= +INBUCKET_HOST= +INBUCKET_MAILBOX= +HOTMAIL_SERVICE_MODE= +HOTMAIL_REMOTE_BASE_URL= +HOTMAIL_LOCAL_BASE_URL= +LUCKMAIL_API_KEY= +LUCKMAIL_BASE_URL= +LUCKMAIL_EMAIL_TYPE= +LUCKMAIL_DOMAIN= +CLOUDFLARE_TEMP_EMAIL_BASE_URL= +CLOUDFLARE_TEMP_EMAIL_ADMIN_AUTH= +CLOUDFLARE_TEMP_EMAIL_CUSTOM_AUTH= +CLOUDFLARE_TEMP_EMAIL_RECEIVE_MAILBOX= +CLOUDFLARE_TEMP_EMAIL_USE_RANDOM_SUBDOMAIN=false +CLOUDFLARE_TEMP_EMAIL_DOMAIN= + +# 5) Phone/SMS verification fallback. No default provider: leave disabled/empty unless needed. +PHONE_VERIFICATION_ENABLED=false +SIGNUP_PHONE= +PHONE_SMS_PROVIDER= +PHONE_SMS_PROVIDER_ORDER= +VERIFICATION_RESEND_COUNT=0 +PHONE_VERIFICATION_REPLACEMENT_LIMIT=3 +PHONE_CODE_WAIT_SECONDS=60 +PHONE_CODE_TIMEOUT_WINDOWS=2 +PHONE_CODE_POLL_INTERVAL_SECONDS=5 +PHONE_CODE_POLL_MAX_ROUNDS=12 +PHONE_PREFERRED_ACTIVATION= + +# HeroSMS +HERO_SMS_API_KEY= +HERO_SMS_REUSE_ENABLED=true +HERO_SMS_ACQUIRE_PRIORITY= +HERO_SMS_MAX_PRICE= +HERO_SMS_PREFERRED_PRICE= +HERO_SMS_COUNTRY_ID= +HERO_SMS_COUNTRY_LABEL= +HERO_SMS_COUNTRY_FALLBACK= + +# 5sim +FIVE_SIM_API_KEY= +FIVE_SIM_PRODUCT=openai +FIVE_SIM_COUNTRY_ORDER= +FIVE_SIM_COUNTRY_ID= +FIVE_SIM_COUNTRY_LABEL= +FIVE_SIM_COUNTRY_FALLBACK= +FIVE_SIM_MAX_PRICE= +FIVE_SIM_OPERATOR=any + +# NexSMS +NEX_SMS_API_KEY= +NEX_SMS_COUNTRY_ORDER= +NEX_SMS_SERVICE_CODE= + +# 6) Plus/payment. BOSS chose GoPay. Paid operation still requires explicit confirmation before execution. +PLUS_MODE_ENABLED=true +PLUS_PAYMENT_METHOD=gopay +GOPAY_COUNTRY_CODE=+86 +GOPAY_PHONE= +GOPAY_OTP= +GOPAY_OTP_SOURCE=manual +GOPAY_OTP_MANUAL_TIMEOUT_SECONDS=180 +GOPAY_PIN= + +# GPC helper fields retained but not used when PLUS_PAYMENT_METHOD=gopay +GPC_HELPER_API_URL= +GPC_HELPER_CARD_KEY= +GPC_HELPER_COUNTRY_CODE=+86 +GPC_HELPER_PHONE_NUMBER= +GPC_HELPER_PIN= +GPC_HELPER_OTP_CHANNEL= +GPC_HELPER_LOCAL_SMS_ENABLED=false +GPC_HELPER_LOCAL_SMS_URL=http://127.0.0.1:18767 + +# 7) Local run records +RUN_RECORD_DIR=/Users/chick/.Hermes/workspace/codex-oauth/run-records +ACCOUNT_SUCCESS_FILE=/Users/chick/.Hermes/workspace/codex-oauth/run-records/success_accounts.jsonl +ACCOUNT_FAILED_FILE=/Users/chick/.Hermes/workspace/codex-oauth/run-records/failed_accounts.jsonl +ACCOUNT_PENDING_FILE=/Users/chick/.Hermes/workspace/codex-oauth/run-records/pending_accounts.jsonl