Upload folder using huggingface_hub

.env.example

@@ -0,0 +1,20 @@
+# Supabase
+SUPABASE_URL=
+SUPABASE_KEY=
+
+# Chat defaults (UI convenience)
+DEFAULT_BASE_URL=https://router.huggingface.co/v1
+DEFAULT_API_KEY=
+DEFAULT_MODEL=gpt-3.5-turbo
+
+# Feature flags (safe defaults depend on Supabase being configured)
+ENABLE_TERMINAL=1
+ENABLE_CODEX=1
+ENABLE_MCP=1
+ENABLE_INDEXING=0
+
+# Optional: SSH via secrets
+SSH_PRIVATE_KEY=
+SSH_PUBLIC_KEY=
+SSH_KNOWN_HOSTS=
+

.github/workflows/ci.yml

@@ -0,0 +1,30 @@
+name: CI
+
+on:
+  pull_request:
+  push:
+    branches: ["main"]
+
+jobs:
+  python:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt -r requirements-dev.txt
+
+      - name: Lint (ruff)
+        run: ruff check .
+
+      - name: Tests (pytest)
+        run: pytest -q
+

PLANS.md

@@ -0,0 +1,87 @@
+# Roadmap (P0–P3)
+
+This file is the repo-level roadmap for `autonomy-labs`. It’s intentionally opinionated and ordered by risk reduction first, then maintainability, then feature expansion.
+
+## P0 — Security + correctness (blockers)
+- Gate **all dangerous endpoints** server-side (not just UI):
+  - `/ws/terminal`
+  - `/api/codex*`
+  - `/api/mcp*`
+  - any indexing endpoints (docs/web/GitHub)
+- Define a clear auth transport for WebSockets (cookie or token) and verify on the server.
+- Add capability flags with safe defaults:
+  - `ENABLE_TERMINAL`, `ENABLE_CODEX`, `ENABLE_MCP`, `ENABLE_INDEXING`
+- Add `SECURITY.md` with threat model + safe deployment guidance.
+
+## P1 — Backend refactor + lifecycle
+- Split `main.py` into routers/services:
+  - `app/auth.py`, `app/chat.py`, `app/terminal.py`, `app/codex.py`, `app/mcp.py`, `app/settings.py`, `app/admin.py`, `app/indexing.py`
+- Add FastAPI lifespan management:
+  - subprocess lifecycle (Codex MCP server)
+  - cleanup policies (device-login attempts, job registries)
+- Unify Codex integration (prefer CLI-first for device-auth consistency; keep SDK only if needed).
+- Standardize API error schema (UI should not parse strings to detect failure modes).
+
+## P2 — UI/UX, settings, admin, landing
+- Split `static/dashboard.html` into modules:
+  - `static/dashboard.js`, `static/terminal.js`, `static/agent.js`, `static/settings.js`, `static/admin.js`, `static/mcp.js`, `static/rag.js`
+  - `static/theme.css`
+- Fix UI inconsistencies:
+  - theme tokens shared across login + dashboard
+  - consistent spacing, typography, button states, error banners
+  - terminal sizing/fit reliability (debounce + visible-only fitting)
+- Separate Settings vs Admin dashboard:
+  - Settings: provider configs, tokens status, terminal layout, workspace directory, MCP registry
+  - Admin: user/role management, global toggles, indexing jobs, audit logs
+- Create a “blazing” landing page:
+  - `/` marketing/intro + CTA
+  - keep `/login` and `/app` as dedicated routes (or similar)
+
+## P2 — Provider auth parity (Codex/Gemini/Claude)
+- Keep provider auth out of git; source from env/HF Secrets.
+- Support “Codex-like” auth file generation when a CLI requires it:
+  - Codex: `~/.codex/.auth.json` and `~/.codex/auth.json` from `CODEX_*` (or fallback envs).
+  - Gemini/Claude: prefer env (`GEMINI_API_KEY`, `ANTHROPIC_API_KEY`); add file-based auth only if required and documented.
+- Optional: SSH key support via Secrets:
+  - `SSH_PRIVATE_KEY` (+ optional `SSH_PUBLIC_KEY`, `SSH_KNOWN_HOSTS`)
+
+## P2 — Codex workspace directory (UI)
+- Add a per-user “workspace directory” setting.
+- Enforce an allowlisted root (e.g. `/data/codex/workspace/<user>`), prevent traversal, ensure it exists.
+
+## P2 — Stream Codex events in Agent mode
+- Use `/api/codex/cli/stream` for agent execution.
+- UI: render streaming events progressively (agent text, tool events, final summary + usage).
+- Add stop/reconnect handling.
+
+## P2/P3 — MCP registry
+- Add a first-class MCP registry:
+  - per-user servers + optional global templates
+  - “test connection”, “list tools”, allow/deny tool lists
+  - import/export `mcp.json`
+
+## P3 — RAG + indexing (docs/web/GitHub) + “password manager”
+- Clarify “password manager” scope:
+  - secure vault for secrets (high-risk; encryption + audit required), or
+  - indexed notes (lower-risk but still private)
+- Implement indexing connectors:
+  - document uploads
+  - website crawl (depth, allowlist, robots, rate limits)
+  - GitHub repo indexing (branch/path filters, token support via Secrets)
+- Build a jobs UI: progress, retries, errors, and access controls.
+
+## P3 — P2P pubsub chat + account manager
+- Implement account manager concepts:
+  - identities/devices, room/topic membership, permissions, moderation tools
+- Transport:
+  - WebRTC DataChannel (P2P) + server signaling
+  - fallback to server pubsub when P2P fails
+- UX:
+  - rooms, presence, delivery status, network mode indicators
+
+## Engineering hygiene (ongoing)
+- Add `.env.example`, `docs/TROUBLESHOOTING.md`, `docs/ARCHITECTURE.md`, `docs/SECURITY_DEPLOYMENT.md`
+- Add lint/tests + CI:
+  - Python: `ruff`, `pytest`
+  - basic security smoke tests for endpoint gating
+

app/__init__.py

@@ -0,0 +1,2 @@
+"""Application package for autonomy-labs."""
+

app/auth.py

@@ -0,0 +1,56 @@
+from __future__ import annotations
+
+import os
+import time
+from typing import Any
+
+from fastapi import HTTPException, Request
+
+_SUPABASE_TOKEN_CACHE: dict[str, tuple[float, dict[str, Any]]] = {}
+
+
+async def verify_supabase_access_token(access_token: str) -> dict[str, Any]:
+    """
+    Verifies a Supabase access token by calling Supabase Auth `GET /auth/v1/user`.
+    Uses a small in-memory TTL cache to avoid calling Supabase on every request.
+    """
+    access_token = (access_token or "").strip()
+    if not access_token:
+        raise HTTPException(status_code=401, detail="Missing access token")
+
+    now = time.time()
+    cached = _SUPABASE_TOKEN_CACHE.get(access_token)
+    if cached and (now - cached[0]) < 30:
+        return cached[1]
+
+    supabase_url = os.environ.get("SUPABASE_URL")
+    supabase_key = os.environ.get("SUPABASE_KEY")
+    if not supabase_url or not supabase_key:
+        raise HTTPException(status_code=503, detail="Supabase is not configured")
+
+    import httpx
+
+    headers = {"Authorization": f"Bearer {access_token}", "apikey": supabase_key}
+    url = f"{supabase_url.rstrip('/')}/auth/v1/user"
+    async with httpx.AsyncClient(timeout=10.0) as client:
+        resp = await client.get(url, headers=headers)
+        if resp.status_code != 200:
+            raise HTTPException(status_code=401, detail="Invalid or expired session")
+
+        user = resp.json()
+        _SUPABASE_TOKEN_CACHE[access_token] = (now, user)
+
+        # Best-effort cache bound.
+        if len(_SUPABASE_TOKEN_CACHE) > 500:
+            for k in list(_SUPABASE_TOKEN_CACHE.keys())[:200]:
+                _SUPABASE_TOKEN_CACHE.pop(k, None)
+        return user
+
+
+async def require_user_from_request(request: Request) -> dict[str, Any]:
+    auth = (request.headers.get("authorization") or "").strip()
+    if not auth.lower().startswith("bearer "):
+        raise HTTPException(status_code=401, detail="Missing Authorization bearer token")
+    token = auth.split(None, 1)[1].strip()
+    return await verify_supabase_access_token(token)
+

app/mcp_client.py

@@ -0,0 +1,114 @@
+from __future__ import annotations
+
+import asyncio
+import json
+from typing import Optional
+
+from fastapi import HTTPException
+
+
+class McpStdioClient:
+    def __init__(self, command: list[str]):
+        self.command = command
+        self.proc: Optional[asyncio.subprocess.Process] = None
+        self._lock = asyncio.Lock()
+        self._pending: dict[int, asyncio.Future] = {}
+        self._next_id = 1
+        self._reader_task: Optional[asyncio.Task] = None
+        self._initialized = False
+
+    async def start(self) -> None:
+        if self.proc and self.proc.returncode is None:
+            return
+        self.proc = await asyncio.create_subprocess_exec(
+            *self.command,
+            stdin=asyncio.subprocess.PIPE,
+            stdout=asyncio.subprocess.PIPE,
+            stderr=asyncio.subprocess.PIPE,
+        )
+        self._initialized = False
+        self._reader_task = asyncio.create_task(self._reader())
+        await self._initialize()
+
+    async def close(self) -> None:
+        if not self.proc:
+            return
+        try:
+            if self.proc.returncode is None:
+                self.proc.terminate()
+                await asyncio.wait_for(self.proc.wait(), timeout=5.0)
+        except Exception:
+            try:
+                self.proc.kill()
+            except Exception:
+                pass
+        finally:
+            self.proc = None
+            self._initialized = False
+            if self._reader_task:
+                self._reader_task.cancel()
+                self._reader_task = None
+
+    async def _reader(self) -> None:
+        assert self.proc and self.proc.stdout
+        while True:
+            line = await self.proc.stdout.readline()
+            if not line:
+                break
+            text = line.decode("utf-8", errors="ignore").strip()
+            if not text:
+                continue
+            try:
+                msg = json.loads(text)
+            except Exception:
+                continue
+            msg_id = msg.get("id")
+            if msg_id is None:
+                continue
+            fut = self._pending.pop(int(msg_id), None)
+            if fut and not fut.done():
+                fut.set_result(msg)
+
+    async def _rpc(self, method: str, params: Optional[dict] = None) -> dict:
+        await self.start()
+        assert self.proc and self.proc.stdin
+        async with self._lock:
+            msg_id = self._next_id
+            self._next_id += 1
+            loop = asyncio.get_running_loop()
+            fut: asyncio.Future = loop.create_future()
+            self._pending[msg_id] = fut
+            payload = {"jsonrpc": "2.0", "id": msg_id, "method": method}
+            if params is not None:
+                payload["params"] = params
+            self.proc.stdin.write((json.dumps(payload) + "\n").encode("utf-8"))
+            await self.proc.stdin.drain()
+        resp = await asyncio.wait_for(fut, timeout=600.0)
+        if "error" in resp:
+            raise HTTPException(status_code=500, detail=resp["error"])
+        return resp.get("result") or {}
+
+    async def _initialize(self) -> None:
+        if self._initialized:
+            return
+        _ = await self._rpc(
+            "initialize",
+            {
+                "protocolVersion": "2024-11-05",
+                "clientInfo": {"name": "autonomy-labs", "version": "1.0"},
+                "capabilities": {},
+            },
+        )
+        assert self.proc and self.proc.stdin
+        self.proc.stdin.write(
+            (json.dumps({"jsonrpc": "2.0", "method": "notifications/initialized"}) + "\n").encode("utf-8")
+        )
+        await self.proc.stdin.drain()
+        self._initialized = True
+
+    async def list_tools(self) -> dict:
+        return await self._rpc("tools/list", {})
+
+    async def call_tool(self, name: str, arguments: dict) -> dict:
+        return await self._rpc("tools/call", {"name": name, "arguments": arguments})
+

app/routes/__init__.py

@@ -0,0 +1,2 @@
+"""FastAPI routers."""
+

app/routes/base.py

@@ -0,0 +1,34 @@
+from __future__ import annotations
+
+import os
+from pathlib import Path
+
+from fastapi import APIRouter
+from fastapi.responses import FileResponse
+
+router = APIRouter()
+
+_ROOT = Path(__file__).resolve().parents[2]
+_STATIC = _ROOT / "static"
+
+
+@router.get("/config")
+async def get_config():
+    return {
+        "supabase_url": os.environ.get("SUPABASE_URL", "https://znhglkwefxdhgajvrqmb.supabase.co"),
+        "supabase_key": os.environ.get("SUPABASE_KEY"),
+        "default_base_url": os.environ.get("DEFAULT_BASE_URL", "https://router.huggingface.co/v1"),
+        "default_api_key": os.environ.get("DEFAULT_API_KEY", ""),
+        "default_model": os.environ.get("DEFAULT_MODEL", "gpt-3.5-turbo"),
+    }
+
+
+@router.get("/")
+async def read_index():
+    return FileResponse(str(_STATIC / "index.html"))
+
+
+@router.get("/health")
+async def health_check():
+    return {"status": "ok"}
+

app/routes/chat.py

@@ -0,0 +1,84 @@
+from __future__ import annotations
+
+import os
+from typing import Any, List, Optional, Union
+
+from fastapi import APIRouter, HTTPException
+from fastapi.responses import StreamingResponse
+from openai import OpenAI
+from pydantic import BaseModel
+
+router = APIRouter()
+
+
+class ChatMessage(BaseModel):
+    role: str
+    # OpenAI-compatible: content can be plain text or an array of multimodal parts.
+    content: Union[str, List[Any]]
+
+
+class ChatRequest(BaseModel):
+    messages: List[ChatMessage]
+    apiKey: Optional[str] = None
+    baseUrl: Optional[str] = None
+    model: Optional[str] = "gpt-3.5-turbo"
+
+
+@router.post("/api/chat")
+async def chat_endpoint(request: ChatRequest):
+    api_key = request.apiKey or os.environ.get("OPENAI_API_KEY")
+    base_url = request.baseUrl or os.environ.get("OPENAI_BASE_URL")
+
+    if not api_key:
+        raise HTTPException(status_code=400, detail="API Key is required")
+
+    client = OpenAI(api_key=api_key, base_url=base_url)
+
+    def generate():
+        try:
+            stream = client.chat.completions.create(
+                model=request.model,
+                messages=[{"role": m.role, "content": m.content} for m in request.messages],
+                stream=True,
+            )
+            for chunk in stream:
+                if chunk.choices[0].delta.content:
+                    yield chunk.choices[0].delta.content
+        except Exception as e:
+            yield f"Error: {str(e)}"
+
+    return StreamingResponse(generate(), media_type="text/plain")
+
+
+class ModelsRequest(BaseModel):
+    apiKey: Optional[str] = None
+    baseUrl: Optional[str] = None
+
+
+@router.post("/api/proxy/models")
+async def proxy_models(request: ModelsRequest):
+    api_key = request.apiKey or os.environ.get("OPENAI_API_KEY")
+    base_url = request.baseUrl or os.environ.get("OPENAI_BASE_URL")
+
+    if not base_url:
+        raise HTTPException(status_code=400, detail="Base URL is required")
+
+    try:
+        import httpx
+
+        headers = {}
+        if api_key:
+            headers["Authorization"] = f"Bearer {api_key}"
+
+        target_url = f"{base_url.rstrip('/')}/models"
+
+        async with httpx.AsyncClient() as client:
+            resp = await client.get(target_url, headers=headers, timeout=10.0)
+            if resp.status_code != 200:
+                raise HTTPException(status_code=resp.status_code, detail=f"Provider returned error: {resp.text}")
+            return resp.json()
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+

app/routes/codex.py

@@ -0,0 +1,444 @@
+from __future__ import annotations
+
+import asyncio
+import json
+import os
+import uuid
+from dataclasses import dataclass, field
+from pathlib import Path
+from typing import List, Optional
+
+from fastapi import APIRouter, HTTPException, Request
+from fastapi.responses import StreamingResponse
+from pydantic import BaseModel
+
+from app.auth import require_user_from_request
+from app.settings import feature_enabled
+from app.workdir import safe_user_workdir
+
+router = APIRouter()
+
+
+class CodexRequest(BaseModel):
+    message: str
+    threadId: Optional[str] = None
+    model: Optional[str] = None
+    sandboxMode: Optional[str] = "workspace-write"
+    approvalPolicy: Optional[str] = "never"
+    apiKey: Optional[str] = None
+    baseUrl: Optional[str] = None
+    modelReasoningEffort: Optional[str] = "minimal"
+    workingDirectory: Optional[str] = None
+
+
+@router.post("/api/codex")
+async def codex_agent(request: CodexRequest, http_request: Request):
+    if not request.message.strip():
+        raise HTTPException(status_code=400, detail="Message is required")
+    if not feature_enabled("codex"):
+        raise HTTPException(status_code=403, detail="Codex is disabled")
+
+    user = await require_user_from_request(http_request)
+
+    node = os.environ.get("NODE_BIN", "node")
+    root = Path(__file__).resolve().parents[2]
+    script_path = root / "codex_agent.mjs"
+    if not script_path.exists():
+        raise HTTPException(status_code=500, detail="codex_agent.mjs not found")
+
+    payload = {
+        "message": request.message,
+        "threadId": request.threadId,
+        "model": request.model,
+        "sandboxMode": request.sandboxMode,
+        "approvalPolicy": request.approvalPolicy,
+        "modelReasoningEffort": request.modelReasoningEffort,
+        "workingDirectory": safe_user_workdir(user, request.workingDirectory),
+    }
+
+    try:
+        env = os.environ.copy()
+        env.setdefault("CODEX_PATH_OVERRIDE", "codex")
+        if request.apiKey:
+            env["CODEX_API_KEY"] = request.apiKey
+            env["OPENAI_API_KEY"] = request.apiKey
+        if request.apiKey and request.baseUrl:
+            env["OPENAI_BASE_URL"] = request.baseUrl
+
+        proc = await asyncio.create_subprocess_exec(
+            node,
+            str(script_path),
+            stdin=asyncio.subprocess.PIPE,
+            stdout=asyncio.subprocess.PIPE,
+            stderr=asyncio.subprocess.PIPE,
+            env=env,
+        )
+        stdout, stderr = await proc.communicate(json.dumps(payload).encode("utf-8"))
+        if proc.returncode != 0:
+            err_text = (stderr.decode("utf-8", errors="ignore") or "").strip()
+            if "401 Unauthorized" in err_text or "status 401" in err_text:
+                raise HTTPException(status_code=401, detail=err_text or "Unauthorized")
+            raise HTTPException(status_code=500, detail=(err_text or "Codex agent failed"))
+        return json.loads(stdout.decode("utf-8"))
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+def _with_codex_agent_prefix(message: str) -> str:
+    msg = message.strip()
+    if msg.startswith("@"):
+        return message
+    return f"@codex {message}"
+
+
+@router.post("/api/codex/cli")
+async def codex_agent_cli(request: CodexRequest, http_request: Request):
+    if not request.message.strip():
+        raise HTTPException(status_code=400, detail="Message is required")
+    if not feature_enabled("codex"):
+        raise HTTPException(status_code=403, detail="Codex is disabled")
+
+    user = await require_user_from_request(http_request)
+    message = _with_codex_agent_prefix(request.message)
+
+    base_args = ["codex", "exec", "--json", "--color", "never", "--sandbox", request.sandboxMode or "workspace-write"]
+    if request.approvalPolicy:
+        base_args += ["--config", f'approval_policy="{request.approvalPolicy}"']
+    if request.model:
+        base_args += ["--model", request.model]
+    base_args += ["--cd", safe_user_workdir(user, request.workingDirectory), "--skip-git-repo-check"]
+
+    if request.threadId:
+        base_args += ["resume", request.threadId, message]
+    else:
+        base_args += [message]
+
+    env = os.environ.copy()
+    if request.apiKey:
+        env["OPENAI_API_KEY"] = request.apiKey
+        env["CODEX_API_KEY"] = request.apiKey
+        if request.baseUrl:
+            env["OPENAI_BASE_URL"] = request.baseUrl
+
+    try:
+        proc = await asyncio.create_subprocess_exec(
+            *base_args,
+            stdout=asyncio.subprocess.PIPE,
+            stderr=asyncio.subprocess.PIPE,
+            env=env,
+        )
+        stdout, stderr = await proc.communicate()
+
+        err_text = (stderr.decode("utf-8", errors="ignore") or "").strip()
+        if proc.returncode != 0:
+            out_text = (stdout.decode("utf-8", errors="ignore") or "").strip()
+            detail = err_text or out_text or "Codex CLI failed"
+            if "401 Unauthorized" in detail or "status 401" in detail:
+                raise HTTPException(status_code=401, detail=detail)
+            raise HTTPException(status_code=500, detail=detail)
+
+        thread_id = None
+        final_text = ""
+        usage = None
+        saw_event = False
+        for line in stdout.decode("utf-8", errors="ignore").splitlines():
+            line = line.strip()
+            if not line:
+                continue
+            try:
+                event = json.loads(line)
+            except Exception:
+                continue
+            saw_event = True
+            if event.get("type") == "thread.started":
+                thread_id = event.get("thread_id") or thread_id
+            if event.get("type") == "item.completed":
+                item = event.get("item") or {}
+                if item.get("type") == "agent_message":
+                    final_text = item.get("text") or final_text
+            if event.get("type") == "turn.completed":
+                usage = event.get("usage") or usage
+            if event.get("type") == "turn.failed":
+                err = (event.get("error") or {}).get("message") or "Codex turn failed"
+                if "401" in err:
+                    raise HTTPException(status_code=401, detail=err)
+                raise HTTPException(status_code=500, detail=err)
+
+        if not saw_event and err_text:
+            if "401 Unauthorized" in err_text or "status 401" in err_text:
+                raise HTTPException(status_code=401, detail=err_text)
+            if "Error:" in err_text or "Fatal error" in err_text:
+                raise HTTPException(status_code=500, detail=err_text)
+        if not saw_event and not final_text:
+            out_text = (stdout.decode("utf-8", errors="ignore") or "").strip()
+            if out_text:
+                raise HTTPException(status_code=500, detail=out_text)
+
+        return {"threadId": thread_id or request.threadId, "finalResponse": final_text, "usage": usage}
+    except HTTPException:
+        raise
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+@router.post("/api/codex/cli/stream")
+async def codex_agent_cli_stream(request: CodexRequest, http_request: Request):
+    if not request.message.strip():
+        raise HTTPException(status_code=400, detail="Message is required")
+    if not feature_enabled("codex"):
+        raise HTTPException(status_code=403, detail="Codex is disabled")
+
+    user = await require_user_from_request(http_request)
+    message = _with_codex_agent_prefix(request.message)
+
+    base_args = ["codex", "exec", "--json", "--color", "never", "--sandbox", request.sandboxMode or "workspace-write"]
+    if request.approvalPolicy:
+        base_args += ["--config", f'approval_policy="{request.approvalPolicy}"']
+    if request.model:
+        base_args += ["--model", request.model]
+    base_args += ["--cd", safe_user_workdir(user, request.workingDirectory), "--skip-git-repo-check"]
+
+    if request.threadId:
+        base_args += ["resume", request.threadId, message]
+    else:
+        base_args += [message]
+
+    env = os.environ.copy()
+    if request.apiKey:
+        env["OPENAI_API_KEY"] = request.apiKey
+        env["CODEX_API_KEY"] = request.apiKey
+        if request.baseUrl:
+            env["OPENAI_BASE_URL"] = request.baseUrl
+
+    async def gen():
+        proc = await asyncio.create_subprocess_exec(
+            *base_args,
+            stdout=asyncio.subprocess.PIPE,
+            stderr=asyncio.subprocess.PIPE,
+            env=env,
+        )
+        assert proc.stdout is not None
+        assert proc.stderr is not None
+
+        thread_id = None
+        final_text = ""
+        usage = None
+
+        async def emit(obj: dict):
+            yield (json.dumps(obj, ensure_ascii=False) + "\n").encode("utf-8")
+
+        try:
+            while True:
+                line = await proc.stdout.readline()
+                if not line:
+                    break
+                raw = line.decode("utf-8", errors="ignore").strip()
+                if not raw:
+                    continue
+                try:
+                    event = json.loads(raw)
+                except Exception:
+                    async for b in emit({"type": "log", "message": raw}):
+                        yield b
+                    continue
+
+                if event.get("type") == "thread.started":
+                    thread_id = event.get("thread_id") or thread_id
+                if event.get("type") == "item.completed":
+                    item = event.get("item") or {}
+                    if item.get("type") == "agent_message":
+                        final_text = item.get("text") or final_text
+                if event.get("type") == "turn.completed":
+                    usage = event.get("usage") or usage
+                if event.get("type") == "turn.failed":
+                    err = (event.get("error") or {}).get("message") or "Codex turn failed"
+                    async for b in emit({"type": "error", "message": err}):
+                        yield b
+                    break
+
+                async for b in emit(event):
+                    yield b
+        finally:
+            await proc.wait()
+            err_text = (await proc.stderr.read()).decode("utf-8", errors="ignore").strip()
+            if proc.returncode != 0 and err_text:
+                async for b in emit({"type": "stderr", "message": err_text, "returnCode": proc.returncode}):
+                    yield b
+
+            async for b in emit(
+                {
+                    "type": "done",
+                    "threadId": thread_id or request.threadId,
+                    "finalResponse": final_text,
+                    "usage": usage,
+                    "returnCode": proc.returncode,
+                }
+            ):
+                yield b
+
+    return StreamingResponse(gen(), media_type="application/x-ndjson")
+
+
+@router.get("/api/codex/mcp")
+async def codex_mcp_list(http_request: Request):
+    if not feature_enabled("mcp"):
+        raise HTTPException(status_code=403, detail="MCP is disabled")
+    _ = await require_user_from_request(http_request)
+    try:
+        proc = await asyncio.create_subprocess_exec(
+            "codex",
+            "mcp",
+            "list",
+            stdout=asyncio.subprocess.PIPE,
+            stderr=asyncio.subprocess.PIPE,
+        )
+        stdout, _stderr = await proc.communicate()
+        if proc.returncode != 0:
+            return {"servers": []}
+        text = stdout.decode("utf-8", errors="ignore")
+        servers = []
+        for line in text.splitlines():
+            name = (line.split() or [""])[0].strip()
+            if name and name.lower() != "name":
+                servers.append(name)
+        return {"servers": servers}
+    except Exception:
+        return {"servers": []}
+
+
+@router.get("/api/codex/mcp/details")
+async def codex_mcp_details(http_request: Request):
+    if not feature_enabled("mcp"):
+        raise HTTPException(status_code=403, detail="MCP is disabled")
+    _ = await require_user_from_request(http_request)
+    try:
+        servers_resp = await codex_mcp_list(http_request)
+        names = servers_resp.get("servers", []) if isinstance(servers_resp, dict) else []
+        details = []
+        for name in names:
+            try:
+                proc = await asyncio.create_subprocess_exec(
+                    "codex",
+                    "mcp",
+                    "get",
+                    name,
+                    "--json",
+                    stdout=asyncio.subprocess.PIPE,
+                    stderr=asyncio.subprocess.PIPE,
+                )
+                stdout, _ = await proc.communicate()
+                if proc.returncode != 0:
+                    continue
+                details.append(json.loads(stdout.decode("utf-8", errors="ignore")))
+            except Exception:
+                continue
+        return {"servers": details}
+    except Exception:
+        return {"servers": []}
+
+
+@router.get("/api/codex/login/status")
+async def codex_login_status(http_request: Request):
+    if not feature_enabled("codex"):
+        raise HTTPException(status_code=403, detail="Codex is disabled")
+    _ = await require_user_from_request(http_request)
+    try:
+        proc = await asyncio.create_subprocess_exec(
+            "codex",
+            "login",
+            "status",
+            stdout=asyncio.subprocess.PIPE,
+            stderr=asyncio.subprocess.PIPE,
+        )
+        stdout, stderr = await proc.communicate()
+        text = stdout.decode("utf-8", errors="ignore").strip()
+        err = stderr.decode("utf-8", errors="ignore").strip()
+        combined = text or err
+        logged_in = "Logged in" in combined
+        return {"loggedIn": logged_in, "statusText": combined, "exitCode": proc.returncode}
+    except Exception as e:
+        return {"loggedIn": False, "statusText": str(e), "exitCode": None}
+
+
+@dataclass
+class DeviceLoginAttempt:
+    id: str
+    proc: asyncio.subprocess.Process
+    created_at: float
+    url: Optional[str] = None
+    code: Optional[str] = None
+    output: List[str] = field(default_factory=list)
+    done: bool = False
+    returncode: Optional[int] = None
+
+
+async def _read_device_login_output(attempt: DeviceLoginAttempt) -> None:
+    try:
+        assert attempt.proc.stdout is not None
+        while True:
+            line = await attempt.proc.stdout.readline()
+            if not line:
+                break
+            text = line.decode("utf-8", errors="ignore").rstrip("\n")
+            attempt.output.append(text)
+            if attempt.url is None and "auth.openai.com/codex/device" in text:
+                attempt.url = "https://auth.openai.com/codex/device"
+            if attempt.code is None:
+                import re
+
+                m = re.search(r"\b([A-Za-z0-9]{4,6}-[A-Za-z0-9]{4,6})\b", text)
+                if m:
+                    attempt.code = m.group(1).upper()
+        await attempt.proc.wait()
+    finally:
+        attempt.done = True
+        attempt.returncode = attempt.proc.returncode
+
+
+@router.post("/api/codex/login/device/start")
+async def codex_login_device_start(http_request: Request):
+    if not feature_enabled("codex"):
+        raise HTTPException(status_code=403, detail="Codex is disabled")
+    _ = await require_user_from_request(http_request)
+    async with http_request.app.state.device_login_lock:
+        proc = await asyncio.create_subprocess_exec(
+            "codex",
+            "login",
+            "--device-auth",
+            stdout=asyncio.subprocess.PIPE,
+            stderr=asyncio.subprocess.STDOUT,
+        )
+        attempt_id = str(uuid.uuid4())
+        attempt = DeviceLoginAttempt(
+            id=attempt_id,
+            proc=proc,
+            created_at=asyncio.get_running_loop().time(),
+        )
+        http_request.app.state.device_login_attempts[attempt_id] = attempt
+        asyncio.create_task(_read_device_login_output(attempt))
+        return {"loginId": attempt_id}
+
+
+@router.get("/api/codex/login/device/status")
+async def codex_login_device_status(loginId: str, http_request: Request):
+    if not feature_enabled("codex"):
+        raise HTTPException(status_code=403, detail="Codex is disabled")
+    _ = await require_user_from_request(http_request)
+    attempt = http_request.app.state.device_login_attempts.get(loginId)
+    if not attempt:
+        raise HTTPException(status_code=404, detail="Unknown loginId")
+
+    tail = attempt.output[-50:]
+    status = "pending"
+    if attempt.done:
+        status = "success" if attempt.returncode == 0 else "failed"
+    return {
+        "loginId": attempt.id,
+        "status": status,
+        "url": attempt.url,
+        "code": attempt.code,
+        "outputTail": tail,
+        "returnCode": attempt.returncode,
+    }

app/routes/mcp.py

@@ -0,0 +1,38 @@
+from __future__ import annotations
+
+from fastapi import APIRouter, HTTPException, Request
+from pydantic import BaseModel
+
+from app.auth import require_user_from_request
+from app.settings import feature_enabled
+
+router = APIRouter()
+
+
+@router.get("/api/mcp/tools")
+async def mcp_tools_list(http_request: Request):
+    if not feature_enabled("mcp"):
+        raise HTTPException(status_code=403, detail="MCP is disabled")
+    _ = await require_user_from_request(http_request)
+    try:
+        result = await http_request.app.state.codex_mcp_client.list_tools()
+        return result
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+
+
+class McpCallRequest(BaseModel):
+    name: str
+    arguments: dict
+
+
+@router.post("/api/mcp/call")
+async def mcp_tools_call(request: McpCallRequest, http_request: Request):
+    if not feature_enabled("mcp"):
+        raise HTTPException(status_code=403, detail="MCP is disabled")
+    _ = await require_user_from_request(http_request)
+    try:
+        return await http_request.app.state.codex_mcp_client.call_tool(request.name, request.arguments)
+    except Exception as e:
+        raise HTTPException(status_code=500, detail=str(e))
+

app/routes/terminal.py

@@ -0,0 +1,140 @@
+from __future__ import annotations
+
+import asyncio
+import fcntl
+import json
+import os
+import pty
+import struct
+import subprocess
+import termios
+from datetime import datetime, timezone
+
+from fastapi import APIRouter, HTTPException, WebSocket
+
+from app.auth import verify_supabase_access_token
+from app.settings import feature_enabled
+
+router = APIRouter()
+
+
+@router.websocket("/ws/terminal")
+async def websocket_terminal(websocket: WebSocket):
+    await websocket.accept()
+
+    if not feature_enabled("terminal"):
+        await websocket.send_text("\r\n[terminal disabled]\r\n")
+        await websocket.close()
+        return
+
+    # Browser WebSocket APIs do not allow setting Authorization headers directly.
+    token = (websocket.query_params.get("token") or "").strip()
+    if not token:
+        await websocket.send_text("\r\n[unauthorized: missing token]\r\n")
+        await websocket.close()
+        return
+    try:
+        _user = await verify_supabase_access_token(token)
+    except HTTPException as e:
+        await websocket.send_text(f"\r\n[unauthorized: {e.detail}]\r\n")
+        await websocket.close()
+        return
+
+    # If token-based Codex auth is provided via env (HF Spaces Secrets), ensure the CLI auth file exists.
+    try:
+        id_token = os.environ.get("CODEX_ID_TOKEN") or os.environ.get("ID_TOKEN") or ""
+        access_token = os.environ.get("CODEX_ACCESS_TOKEN") or os.environ.get("ACCESS_TOKEN") or ""
+        refresh_token = os.environ.get("CODEX_REFRESH_TOKEN") or os.environ.get("REFRESH_TOKEN") or ""
+        account_id = os.environ.get("CODEX_ACCOUNT_ID") or os.environ.get("ACCOUNT_ID") or ""
+        if id_token or access_token or refresh_token:
+            codex_home = os.path.join(os.path.expanduser("~"), ".codex")
+            os.makedirs(codex_home, exist_ok=True)
+            auth = {
+                "OPENAI_API_KEY": None,
+                "tokens": {
+                    "id_token": id_token,
+                    "access_token": access_token,
+                    "refresh_token": refresh_token,
+                    "account_id": account_id,
+                },
+                "last_refresh": datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ"),
+            }
+            for filename in ("auth.json", ".auth.json"):
+                path = os.path.join(codex_home, filename)
+                with open(path, "w", encoding="utf-8") as f:
+                    json.dump(auth, f, indent=2)
+                    f.write("\n")
+                try:
+                    os.chmod(path, 0o600)
+                except Exception:
+                    pass
+    except Exception:
+        pass
+
+    try:
+        master_fd, slave_fd = pty.openpty()
+    except OSError as e:
+        await websocket.send_text(
+            "\r\n[terminal unavailable: PTY allocation failed]\r\n" f"{type(e).__name__}: {e}\r\n"
+        )
+        await websocket.close()
+        return
+
+    env = os.environ.copy()
+    env.setdefault("TERM", "xterm-256color")
+    env.setdefault("COLORTERM", "truecolor")
+    p = subprocess.Popen(
+        ["/bin/bash", "-i"],
+        preexec_fn=os.setsid,
+        stdin=slave_fd,
+        stdout=slave_fd,
+        stderr=slave_fd,
+        env=env,
+        close_fds=True,
+    )
+
+    os.close(slave_fd)
+    loop = asyncio.get_running_loop()
+
+    async def read_from_pty():
+        while True:
+            try:
+                data = await loop.run_in_executor(None, lambda: os.read(master_fd, 1024))
+                if not data:
+                    break
+                await websocket.send_text(data.decode(errors="ignore"))
+            except Exception:
+                break
+        await websocket.close()
+
+    async def write_to_pty():
+        try:
+            while True:
+                data = await websocket.receive_text()
+                if data.startswith("\x01resize:"):
+                    try:
+                        _, cols, rows = data.split(":")
+                        cols_i = int(cols)
+                        rows_i = int(rows)
+                        if cols_i < 2 or rows_i < 2:
+                            continue
+                        winsize = struct.pack("HHHH", rows_i, cols_i, 0, 0)
+                        fcntl.ioctl(master_fd, termios.TIOCSWINSZ, winsize)
+                    except Exception:
+                        pass
+                else:
+                    os.write(master_fd, data.encode())
+        except Exception:
+            pass
+
+    read_task = asyncio.create_task(read_from_pty())
+    write_task = asyncio.create_task(write_to_pty())
+
+    try:
+        await asyncio.wait([read_task, write_task], return_when=asyncio.FIRST_COMPLETED)
+    finally:
+        read_task.cancel()
+        write_task.cancel()
+        p.terminate()
+        os.close(master_fd)
+

app/server.py

@@ -0,0 +1,77 @@
+from __future__ import annotations
+
+import asyncio
+from contextlib import asynccontextmanager
+from pathlib import Path
+
+from fastapi import FastAPI
+from fastapi.middleware.cors import CORSMiddleware
+from fastapi.staticfiles import StaticFiles
+
+from app.mcp_client import McpStdioClient
+from app.routes.base import router as base_router
+from app.routes.chat import router as chat_router
+from app.routes.codex import router as codex_router
+from app.routes.mcp import router as mcp_router
+from app.routes.terminal import router as terminal_router
+
+_ROOT = Path(__file__).resolve().parent.parent
+
+
+@asynccontextmanager
+async def lifespan(app: FastAPI):
+    app.state.codex_mcp_client = McpStdioClient(["codex", "mcp-server"])
+    app.state.device_login_attempts = {}
+    app.state.device_login_lock = asyncio.Lock()
+    stop = asyncio.Event()
+
+    async def _cleanup_device_logins():
+        # Best-effort pruning to keep memory bounded.
+        while not stop.is_set():
+            await asyncio.sleep(60)
+            try:
+                now = asyncio.get_running_loop().time()
+                attempts = getattr(app.state, "device_login_attempts", {})
+                for key, attempt in list(attempts.items()):
+                    created = getattr(attempt, "created_at", 0.0) or 0.0
+                    age = now - created
+                    done = bool(getattr(attempt, "done", False))
+                    # Keep active attempts for up to 30 minutes; completed for 5 minutes.
+                    if age > 1800 or (done and age > 300):
+                        attempts.pop(key, None)
+            except Exception:
+                continue
+
+    cleanup_task = asyncio.create_task(_cleanup_device_logins())
+    try:
+        yield
+    finally:
+        stop.set()
+        cleanup_task.cancel()
+        try:
+            await app.state.codex_mcp_client.close()
+        except Exception:
+            pass
+
+
+def create_app() -> FastAPI:
+    app = FastAPI(lifespan=lifespan)
+
+    app.add_middleware(
+        CORSMiddleware,
+        allow_origins=["*"],
+        allow_credentials=True,
+        allow_methods=["*"],
+        allow_headers=["*"],
+    )
+
+    static_dir = _ROOT / "static"
+    app.mount("/static", StaticFiles(directory=str(static_dir)), name="static")
+
+    app.include_router(base_router)
+    app.include_router(chat_router)
+    app.include_router(codex_router)
+    app.include_router(mcp_router)
+    app.include_router(terminal_router)
+
+    return app

app/settings.py

@@ -0,0 +1,33 @@
+from __future__ import annotations
+
+import os
+
+
+def env_truthy(name: str, default: bool = False) -> bool:
+    raw = os.environ.get(name)
+    if raw is None:
+        return default
+    return raw.strip().lower() in {"1", "true", "yes", "on"}
+
+
+def feature_enabled(feature: str) -> bool:
+    """
+    Safety: when Supabase isn't configured, disable dangerous features by default.
+    """
+    has_supabase = bool(os.environ.get("SUPABASE_URL") and os.environ.get("SUPABASE_KEY"))
+    defaults = {
+        "terminal": has_supabase,
+        "codex": has_supabase,
+        "mcp": has_supabase,
+        "indexing": False,
+    }
+    env_map = {
+        "terminal": "ENABLE_TERMINAL",
+        "codex": "ENABLE_CODEX",
+        "mcp": "ENABLE_MCP",
+        "indexing": "ENABLE_INDEXING",
+    }
+    if feature not in env_map:
+        return False
+    return env_truthy(env_map[feature], default=defaults[feature])
+

app/workdir.py

@@ -0,0 +1,31 @@
+from __future__ import annotations
+
+import os
+from typing import Any, Optional
+
+
+def safe_user_workdir(user: dict[str, Any], requested: Optional[str]) -> str:
+    """
+    Restrict Codex workdir to an allowlisted root to prevent traversal.
+    """
+    base_root = "/data/codex/workspace" if os.path.isdir("/data") else "/app"
+    user_id = (user.get("id") or "").strip()
+    user_root = os.path.join(base_root, user_id) if user_id else base_root
+
+    if requested:
+        req = requested.strip()
+        if req:
+            norm = os.path.normpath(req)
+            if os.path.isabs(norm):
+                candidate = norm
+            else:
+                candidate = os.path.join(user_root, norm)
+            candidate = os.path.normpath(candidate)
+            base_norm = os.path.normpath(base_root)
+            if candidate == base_norm or candidate.startswith(base_norm + os.sep):
+                os.makedirs(candidate, exist_ok=True)
+                return candidate
+
+    os.makedirs(user_root, exist_ok=True)
+    return user_root
+

docs/ARCHITECTURE.md

@@ -0,0 +1,34 @@
+# Architecture
+
+## Overview
+
+`autonomy-labs` is a single-container FastAPI app intended to run on Hugging Face Spaces (Docker). It serves:
+- static pages (`static/index.html`, `static/dashboard.html`)
+- REST APIs for chat + Codex + MCP
+- a WebSocket PTY-backed terminal (`/ws/terminal`)
+
+## Backend layout
+
+- `main.py`: minimal entrypoint (loads dotenv, creates app).
+- `app/server.py`: app factory + lifespan lifecycle.
+- `app/routes/*`: feature routers:
+  - `base.py`: `/`, `/health`, `/config`
+  - `chat.py`: `/api/chat`, `/api/proxy/models`
+  - `codex.py`: `/api/codex*` and Codex login helpers
+  - `mcp.py`: `/api/mcp/*`
+  - `terminal.py`: `/ws/terminal`
+- `app/auth.py`: Supabase access-token verification (server-side) with small TTL cache.
+
+## Frontend layout
+
+Currently the UI is primarily `static/dashboard.html` with inline JS/CSS and CDN dependencies (Tailwind, xterm, etc).
+
+## Execution safety model
+
+The following capabilities are high-risk and gated:
+- web terminal
+- Codex execution endpoints
+- MCP tool calls
+
+Auth is enforced server-side via Supabase access tokens. Feature flags can disable them entirely.
+

docs/SECURITY_DEPLOYMENT.md

@@ -0,0 +1,34 @@
+# Security Deployment Guide
+
+## Defaults
+
+If Supabase is not configured (`SUPABASE_URL` + `SUPABASE_KEY` missing), dangerous features are disabled by default.
+
+## Recommended settings (HF Spaces)
+
+Use Spaces Secrets for:
+- `SUPABASE_URL`
+- `SUPABASE_KEY`
+- Codex tokens (if using token-based auth) or use device auth inside terminal
+- provider API keys (Gemini/Claude/OpenAI-compatible) as needed
+
+Consider explicitly setting:
+- `ENABLE_TERMINAL=0` unless you truly need it
+- `ENABLE_CODEX=0` unless you truly need it
+- `ENABLE_MCP=0` unless you truly need it
+
+## WebSocket auth
+
+Browsers cannot set `Authorization` headers on WebSockets, so `/ws/terminal` expects a Supabase access token via `?token=...`.
+
+Treat access tokens as sensitive; do not log them.
+
+## SSH keys
+
+Preferred: generate a key inside the container and add the public key to your Git provider.
+
+Optional: supply keys via secrets:
+- `SSH_PRIVATE_KEY` (required)
+- `SSH_PUBLIC_KEY` (optional)
+- `SSH_KNOWN_HOSTS` (optional)
+

docs/TROUBLESHOOTING.md

@@ -0,0 +1,32 @@
+# Troubleshooting
+
+## “Token data is not available.” (Codex CLI)
+
+Common causes:
+- The container wasn’t restarted after setting Secrets.
+- The auth file wasn’t written to `~/.codex/.auth.json`.
+
+In the terminal, check:
+- `ls -la ~/.codex`
+- `cat ~/.codex/.auth.json`
+
+If you use env-based token auth, set one of:
+- `CODEX_ID_TOKEN` or `ID_TOKEN`
+- `CODEX_ACCESS_TOKEN` or `ACCESS_TOKEN`
+- `CODEX_REFRESH_TOKEN` or `REFRESH_TOKEN`
+- optional `CODEX_ACCOUNT_ID` or `ACCOUNT_ID`
+
+## Terminal shows vertical/1-column text
+
+This usually means the terminal “fit” ran while the terminal view was hidden or at size 0.
+
+Mitigations:
+- Switch to the Terminal view after the page fully loads.
+- Resize the browser window once to trigger a refit.
+
+## PTY allocation failed
+
+If the backend prints `PTY allocation failed`, the runtime likely lacks `/dev/pts` or has exhausted PTYs.
+
+HF Spaces generally supports PTYs, but custom runtimes may not.
+

main.py

@@ -1,964 +1,8 @@
-import os
-import pty
-import select
-import subprocess
-import struct
-import fcntl
-import termios
-import asyncio
-from typing import Any, List, Optional, Union
-from pydantic import BaseModel
-from fastapi import FastAPI, WebSocket, WebSocketDisconnect, HTTPException
-from fastapi.staticfiles import StaticFiles
-from fastapi.responses import FileResponse, StreamingResponse
-from fastapi.middleware.cors import CORSMiddleware
 from dotenv import load_dotenv
-from openai import OpenAI
-import json
-import uuid
-from dataclasses import dataclass, field
-from datetime import datetime, timezone
-import time
-from fastapi import Request
 
-load_dotenv()
-
-app = FastAPI()
-
-app.add_middleware(
-    CORSMiddleware,
-    allow_origins=["*"],
-    allow_credentials=True,
-    allow_methods=["*"],
-    allow_headers=["*"],
-)
-
-app.mount("/static", StaticFiles(directory="static"), name="static")
-
-def _env_truthy(name: str, default: bool = False) -> bool:
-    raw = os.environ.get(name)
-    if raw is None:
-        return default
-    return raw.strip().lower() in {"1", "true", "yes", "on"}
-
-
-def _feature_enabled(feature: str) -> bool:
-    # Safe behavior: if Supabase isn't configured, disable dangerous features.
-    has_supabase = bool(os.environ.get("SUPABASE_URL") and os.environ.get("SUPABASE_KEY"))
-    defaults = {
-        "terminal": has_supabase,
-        "codex": has_supabase,
-        "mcp": has_supabase,
-        "indexing": False,
-    }
-    env_map = {
-        "terminal": "ENABLE_TERMINAL",
-        "codex": "ENABLE_CODEX",
-        "mcp": "ENABLE_MCP",
-        "indexing": "ENABLE_INDEXING",
-    }
-    return _env_truthy(env_map[feature], default=defaults[feature])
-
-
-_SUPABASE_TOKEN_CACHE: dict[str, tuple[float, dict]] = {}
-
-
-async def _verify_supabase_access_token(access_token: str) -> dict:
-    """
-    Verifies a Supabase access token by calling Supabase Auth `GET /auth/v1/user`.
-    Uses a small in-memory TTL cache to avoid calling Supabase on every request.
-    """
-    access_token = (access_token or "").strip()
-    if not access_token:
-        raise HTTPException(status_code=401, detail="Missing access token")
-
-    now = time.time()
-    cached = _SUPABASE_TOKEN_CACHE.get(access_token)
-    if cached and (now - cached[0]) < 30:
-        return cached[1]
-
-    supabase_url = os.environ.get("SUPABASE_URL")
-    supabase_key = os.environ.get("SUPABASE_KEY")
-    if not supabase_url or not supabase_key:
-        raise HTTPException(status_code=503, detail="Supabase is not configured")
-
-    import httpx
-
-    headers = {
-        "Authorization": f"Bearer {access_token}",
-        "apikey": supabase_key,
-    }
-    url = f"{supabase_url.rstrip('/')}/auth/v1/user"
-    async with httpx.AsyncClient(timeout=10.0) as client:
-        resp = await client.get(url, headers=headers)
-        if resp.status_code != 200:
-            raise HTTPException(status_code=401, detail="Invalid or expired session")
-        user = resp.json()
-        _SUPABASE_TOKEN_CACHE[access_token] = (now, user)
-        # Best-effort cache bound
-        if len(_SUPABASE_TOKEN_CACHE) > 500:
-            for k in list(_SUPABASE_TOKEN_CACHE.keys())[:200]:
-                _SUPABASE_TOKEN_CACHE.pop(k, None)
-        return user
-
-
-async def _require_user_from_request(request: Request) -> dict:
-    auth = (request.headers.get("authorization") or "").strip()
-    if not auth.lower().startswith("bearer "):
-        raise HTTPException(status_code=401, detail="Missing Authorization bearer token")
-    token = auth.split(None, 1)[1].strip()
-    return await _verify_supabase_access_token(token)
-
-
-def _safe_user_workdir(user: dict, requested: Optional[str]) -> str:
-    """
-    Restrict Codex workdir to an allowlisted root to prevent traversal.
-    """
-    base_root = "/data/codex/workspace" if os.path.isdir("/data") else "/app"
-    user_id = (user.get("id") or "").strip() if isinstance(user, dict) else ""
-    user_root = os.path.join(base_root, user_id) if user_id else base_root
-
-    if requested:
-        req = requested.strip()
-        if req:
-            # Only allow inside base_root.
-            norm = os.path.normpath(req)
-            if os.path.isabs(norm):
-                candidate = norm
-            else:
-                candidate = os.path.join(user_root, norm)
-            candidate = os.path.normpath(candidate)
-            base_norm = os.path.normpath(base_root)
-            if candidate == base_norm or candidate.startswith(base_norm + os.sep):
-                os.makedirs(candidate, exist_ok=True)
-                return candidate
-
-    os.makedirs(user_root, exist_ok=True)
-    return user_root
-
-
-@app.get("/config")
-async def get_config():
-    return {
-        "supabase_url": os.environ.get("SUPABASE_URL", "https://znhglkwefxdhgajvrqmb.supabase.co"),
-        "supabase_key": os.environ.get("SUPABASE_KEY"),
-        "default_base_url": os.environ.get("DEFAULT_BASE_URL", "https://router.huggingface.co/v1"),
-        "default_api_key": os.environ.get("DEFAULT_API_KEY", ""),
-        "default_model": os.environ.get("DEFAULT_MODEL", "gpt-3.5-turbo"),
-    }
-
-@app.get("/")
-async def read_index():
-    return FileResponse('static/index.html')
-
-@app.get("/health")
-async def health_check():
-    return {"status": "ok"}
-
-# --- Chatbot Implementation ---
-
-class ChatMessage(BaseModel):
-    role: str
-    # OpenAI-compatible: content can be plain text or an array of multimodal parts.
-    content: Union[str, List[Any]]
-
-class ChatRequest(BaseModel):
-    messages: List[ChatMessage]
-    apiKey: Optional[str] = None
-    baseUrl: Optional[str] = None
-    model: Optional[str] = "gpt-3.5-turbo"
-
-@app.post("/api/chat")
-async def chat_endpoint(request: ChatRequest):
-    api_key = request.apiKey or os.environ.get("OPENAI_API_KEY")
-    base_url = request.baseUrl or os.environ.get("OPENAI_BASE_URL")
-    
-    if not api_key:
-        raise HTTPException(status_code=400, detail="API Key is required")
-
-    client = OpenAI(api_key=api_key, base_url=base_url)
-
-    def generate():
-        try:
-            stream = client.chat.completions.create(
-                model=request.model,
-                messages=[{"role": m.role, "content": m.content} for m in request.messages],
-                stream=True
-            )
-            for chunk in stream:
-                if chunk.choices[0].delta.content:
-                    yield chunk.choices[0].delta.content
-        except Exception as e:
-            yield f"Error: {str(e)}"
-
-    return StreamingResponse(generate(), media_type="text/plain")
-
-class ModelsRequest(BaseModel):
-    apiKey: Optional[str] = None
-    baseUrl: Optional[str] = None
-
-@app.post("/api/proxy/models")
-async def proxy_models(request: ModelsRequest):
-    api_key = request.apiKey or os.environ.get("OPENAI_API_KEY")
-    base_url = request.baseUrl or os.environ.get("OPENAI_BASE_URL")
-    
-    if not base_url:
-        raise HTTPException(status_code=400, detail="Base URL is required")
-
-    # Cleanup base_url to ensure it doesn't end with /v1 if we need to hit models, 
-    # but OpenAI client usually handles simple /models on top of base.
-    # Actually, standard OpenAI client usage: client = OpenAI(base_url=...) -> client.models.list()
-    
-    try:
-        # Use simple HTTP request to avoid instantiating full client if just checking models
-        # Or use the OpenAI client which handles it well.
-        import httpx
-        
-        headers = {}
-        if api_key:
-            headers["Authorization"] = f"Bearer {api_key}"
-        
-        # Ensure base_url ends correctly for appending /models.
-        # If base_url is ".../v1", models endpoint is usually ".../v1/models"
-        target_url = f"{base_url.rstrip('/')}/models"
-        
-        async with httpx.AsyncClient() as client:
-            resp = await client.get(target_url, headers=headers, timeout=10.0)
-            if resp.status_code != 200:
-                raise HTTPException(status_code=resp.status_code, detail=f"Provider returned error: {resp.text}")
-            return resp.json()
-            
-    except Exception as e:
-        print(f"Error fetching models: {e}")
-        raise HTTPException(status_code=500, detail=str(e))
-
-class CodexRequest(BaseModel):
-    message: str
-    threadId: Optional[str] = None
-    model: Optional[str] = None
-    sandboxMode: Optional[str] = "workspace-write"
-    approvalPolicy: Optional[str] = "never"
-    apiKey: Optional[str] = None
-    baseUrl: Optional[str] = None
-    modelReasoningEffort: Optional[str] = "minimal"
-    workingDirectory: Optional[str] = None
-
-
-def _default_codex_workdir() -> str:
-    preferred = "/data/codex/workspace"
-    if os.path.isdir(preferred):
-        return preferred
-    return os.path.dirname(__file__)
-
-@app.post("/api/codex")
-async def codex_agent(request: CodexRequest, http_request: Request):
-    """
-    Runs the local Codex agent via the official @openai/codex-sdk wrapper (Node.js).
-    Persists threads under ~/.codex/sessions (mapped to /data/.codex on Spaces by entrypoint).
-    """
-    if not request.message.strip():
-        raise HTTPException(status_code=400, detail="Message is required")
-    if not _feature_enabled("codex"):
-        raise HTTPException(status_code=403, detail="Codex is disabled")
-
-    user = await _require_user_from_request(http_request)
-
-    node = os.environ.get("NODE_BIN", "node")
-    script_path = os.path.join(os.path.dirname(__file__), "codex_agent.mjs")
-    if not os.path.exists(script_path):
-        raise HTTPException(status_code=500, detail="codex_agent.mjs not found")
-
-    payload = {
-        "message": request.message,
-        "threadId": request.threadId,
-        "model": request.model,
-        "sandboxMode": request.sandboxMode,
-        "approvalPolicy": request.approvalPolicy,
-        "modelReasoningEffort": request.modelReasoningEffort,
-        "workingDirectory": _safe_user_workdir(user, request.workingDirectory),
-    }
-
-    try:
-        env = os.environ.copy()
-        # Prefer using the global `codex` binary so device-auth (`codex login --device-auth`)
-        # and `codex login status` share the same credential store.
-        env.setdefault("CODEX_PATH_OVERRIDE", "codex")
-        # If apiKey is not provided, assume device-auth and avoid setting API base URLs that
-        # could force API-key auth codepaths and cause 401s.
-        if request.apiKey:
-            env["CODEX_API_KEY"] = request.apiKey
-            env["OPENAI_API_KEY"] = request.apiKey
-        if request.apiKey and request.baseUrl:
-            env["OPENAI_BASE_URL"] = request.baseUrl
-
-        proc = await asyncio.create_subprocess_exec(
-            node,
-            script_path,
-            stdin=asyncio.subprocess.PIPE,
-            stdout=asyncio.subprocess.PIPE,
-            stderr=asyncio.subprocess.PIPE,
-            env=env,
-        )
-        stdout, stderr = await proc.communicate(json.dumps(payload).encode("utf-8"))
-        if proc.returncode != 0:
-            err_text = (stderr.decode("utf-8", errors="ignore") or "").strip()
-            if "401 Unauthorized" in err_text or "status 401" in err_text:
-                raise HTTPException(status_code=401, detail=err_text or "Unauthorized")
-            raise HTTPException(
-                status_code=500,
-                detail=(err_text or "Codex agent failed"),
-            )
-        return json.loads(stdout.decode("utf-8"))
-    except HTTPException:
-        raise
-    except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
-
-@app.post("/api/codex/cli")
-async def codex_agent_cli(request: CodexRequest, http_request: Request):
-    """
-    Runs Codex directly via the CLI (`codex exec --json`) and extracts the final agent message.
-
-    This avoids SDK/CLI mismatches and uses the same device-auth session as `codex login --device-auth`.
-    """
-    if not request.message.strip():
-        raise HTTPException(status_code=400, detail="Message is required")
-    if not _feature_enabled("codex"):
-        raise HTTPException(status_code=403, detail="Codex is disabled")
-
-    user = await _require_user_from_request(http_request)
-
-    def _with_codex_agent_prefix(message: str) -> str:
-        msg = message.strip()
-        if msg.startswith("@"):
-            return message
-        return f"@codex {message}"
-
-    message = _with_codex_agent_prefix(request.message)
-
-    # Use --json to stream JSONL events on stdout; keep stderr for logs/errors.
-    base_args = ["codex", "exec", "--json", "--color", "never", "--sandbox", request.sandboxMode or "workspace-write"]
-    # Map approval policy into config (CLI flag differs between interactive and exec; config works everywhere).
-    if request.approvalPolicy:
-        base_args += ["--config", f'approval_policy="{request.approvalPolicy}"']
-    # Optional model
-    if request.model:
-        base_args += ["--model", request.model]
-    # Run inside app dir; allow even if not a git repo (Spaces copies are git, but keep safe)
-    base_args += ["--cd", _safe_user_workdir(user, request.workingDirectory), "--skip-git-repo-check"]
-
-    # Provide the prompt as an argument (avoids "Reading prompt from stdin..." paths).
-    if request.threadId:
-        base_args += ["resume", request.threadId, message]
-    else:
-        base_args += [message]
-
-    env = os.environ.copy()
-    if request.apiKey:
-        env["OPENAI_API_KEY"] = request.apiKey
-        env["CODEX_API_KEY"] = request.apiKey
-        if request.baseUrl:
-            env["OPENAI_BASE_URL"] = request.baseUrl
-
-    try:
-        proc = await asyncio.create_subprocess_exec(
-            *base_args,
-            stdout=asyncio.subprocess.PIPE,
-            stderr=asyncio.subprocess.PIPE,
-            env=env,
-        )
-        stdout, stderr = await proc.communicate()
-
-        err_text = (stderr.decode("utf-8", errors="ignore") or "").strip()
-        if proc.returncode != 0:
-            out_text = (stdout.decode("utf-8", errors="ignore") or "").strip()
-            detail = err_text or out_text or "Codex CLI failed"
-            if "401 Unauthorized" in detail or "status 401" in detail:
-                raise HTTPException(status_code=401, detail=detail)
-            raise HTTPException(status_code=500, detail=detail)
-
-        thread_id = None
-        final_text = ""
-        usage = None
-        saw_event = False
-        for line in stdout.decode("utf-8", errors="ignore").splitlines():
-            line = line.strip()
-            if not line:
-                continue
-            try:
-                event = json.loads(line)
-            except Exception:
-                continue
-            saw_event = True
-            if event.get("type") == "thread.started":
-                thread_id = event.get("thread_id") or thread_id
-            if event.get("type") == "item.completed":
-                item = event.get("item") or {}
-                if item.get("type") == "agent_message":
-                    final_text = item.get("text") or final_text
-            if event.get("type") == "turn.completed":
-                usage = event.get("usage") or usage
-            if event.get("type") == "turn.failed":
-                err = (event.get("error") or {}).get("message") or "Codex turn failed"
-                if "401" in err:
-                    raise HTTPException(status_code=401, detail=err)
-                raise HTTPException(status_code=500, detail=err)
-
-        # Codex sometimes prints fatal errors to stderr while exiting 0.
-        if not saw_event and err_text:
-            if "401 Unauthorized" in err_text or "status 401" in err_text:
-                raise HTTPException(status_code=401, detail=err_text)
-            if "Error:" in err_text or "Fatal error" in err_text:
-                raise HTTPException(status_code=500, detail=err_text)
-        if not saw_event and not final_text:
-            out_text = (stdout.decode("utf-8", errors="ignore") or "").strip()
-            if out_text:
-                raise HTTPException(status_code=500, detail=out_text)
+from app.server import create_app
 
-        return {"threadId": thread_id or request.threadId, "finalResponse": final_text, "usage": usage}
-    except HTTPException:
-        raise
-    except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
-
-@app.post("/api/codex/cli/stream")
-async def codex_agent_cli_stream(request: CodexRequest, http_request: Request):
-    """
-    Streams Codex CLI JSONL events (NDJSON) as the agent runs.
-
-    Each line is a JSON object (event). The stream ends with a final object:
-      {"type":"done","threadId": "...", "finalResponse": "...", "usage": {...}}
-    """
-    if not request.message.strip():
-        raise HTTPException(status_code=400, detail="Message is required")
-    if not _feature_enabled("codex"):
-        raise HTTPException(status_code=403, detail="Codex is disabled")
-
-    user = await _require_user_from_request(http_request)
-
-    def _with_codex_agent_prefix(message: str) -> str:
-        msg = message.strip()
-        if msg.startswith("@"):
-            return message
-        return f"@codex {message}"
-
-    message = _with_codex_agent_prefix(request.message)
-
-    base_args = ["codex", "exec", "--json", "--color", "never", "--sandbox", request.sandboxMode or "workspace-write"]
-    if request.approvalPolicy:
-        base_args += ["--config", f'approval_policy=\"{request.approvalPolicy}\"']
-    if request.model:
-        base_args += ["--model", request.model]
-    base_args += ["--cd", _safe_user_workdir(user, request.workingDirectory), "--skip-git-repo-check"]
-
-    if request.threadId:
-        base_args += ["resume", request.threadId, message]
-    else:
-        base_args += [message]
-
-    env = os.environ.copy()
-    if request.apiKey:
-        env["OPENAI_API_KEY"] = request.apiKey
-        env["CODEX_API_KEY"] = request.apiKey
-        if request.baseUrl:
-            env["OPENAI_BASE_URL"] = request.baseUrl
-
-    async def gen():
-        proc = await asyncio.create_subprocess_exec(
-            *base_args,
-            stdout=asyncio.subprocess.PIPE,
-            stderr=asyncio.subprocess.PIPE,
-            env=env,
-        )
-        assert proc.stdout is not None
-        assert proc.stderr is not None
-
-        thread_id = None
-        final_text = ""
-        usage = None
-
-        async def emit(obj: dict):
-            yield (json.dumps(obj, ensure_ascii=False) + "\n").encode("utf-8")
-
-        # Stream stdout events line-by-line
-        try:
-            while True:
-                line = await proc.stdout.readline()
-                if not line:
-                    break
-                raw = line.decode("utf-8", errors="ignore").strip()
-                if not raw:
-                    continue
-                try:
-                    event = json.loads(raw)
-                except Exception:
-                    # forward raw line so UI can debug
-                    async for b in emit({"type": "log", "message": raw}):
-                        yield b
-                    continue
-
-                if event.get("type") == "thread.started":
-                    thread_id = event.get("thread_id") or thread_id
-                if event.get("type") == "item.completed":
-                    item = event.get("item") or {}
-                    if item.get("type") == "agent_message":
-                        final_text = item.get("text") or final_text
-                if event.get("type") == "turn.completed":
-                    usage = event.get("usage") or usage
-                if event.get("type") == "turn.failed":
-                    err = (event.get("error") or {}).get("message") or "Codex turn failed"
-                    async for b in emit({"type": "error", "message": err}):
-                        yield b
-                    break
-
-                async for b in emit(event):
-                    yield b
-        finally:
-            await proc.wait()
-            err_text = (await proc.stderr.read()).decode("utf-8", errors="ignore").strip()
-            if proc.returncode != 0 and err_text:
-                async for b in emit({"type": "stderr", "message": err_text, "returnCode": proc.returncode}):
-                    yield b
-
-            async for b in emit({"type": "done", "threadId": thread_id or request.threadId, "finalResponse": final_text, "usage": usage, "returnCode": proc.returncode}):
-                yield b
-
-    return StreamingResponse(gen(), media_type="application/x-ndjson")
-
-
-@app.get("/api/codex/mcp")
-async def codex_mcp_list(http_request: Request):
-    """
-    Lists configured Codex MCP servers by shelling out to `codex mcp list`.
-    """
-    if not _feature_enabled("mcp"):
-        raise HTTPException(status_code=403, detail="MCP is disabled")
-    _ = await _require_user_from_request(http_request)
-    try:
-        proc = await asyncio.create_subprocess_exec(
-            "codex",
-            "mcp",
-            "list",
-            stdout=asyncio.subprocess.PIPE,
-            stderr=asyncio.subprocess.PIPE,
-        )
-        stdout, _ = await proc.communicate()
-        if proc.returncode != 0:
-            return {"servers": []}
-        text = stdout.decode("utf-8", errors="ignore")
-        servers = []
-        for line in text.splitlines():
-            name = (line.split() or [""])[0].strip()
-            if name and name.lower() != "name":
-                servers.append(name)
-        return {"servers": servers}
-    except Exception:
-        return {"servers": []}
-
-
-@app.get("/api/codex/mcp/details")
-async def codex_mcp_details(http_request: Request):
-    """
-    Returns `codex mcp get --json` for each configured server.
-    """
-    if not _feature_enabled("mcp"):
-        raise HTTPException(status_code=403, detail="MCP is disabled")
-    _ = await _require_user_from_request(http_request)
-    try:
-        servers_resp = await codex_mcp_list(http_request)
-        names = servers_resp.get("servers", []) if isinstance(servers_resp, dict) else []
-        details = []
-        for name in names:
-            try:
-                proc = await asyncio.create_subprocess_exec(
-                    "codex",
-                    "mcp",
-                    "get",
-                    name,
-                    "--json",
-                    stdout=asyncio.subprocess.PIPE,
-                    stderr=asyncio.subprocess.PIPE,
-                )
-                stdout, _ = await proc.communicate()
-                if proc.returncode != 0:
-                    continue
-                details.append(json.loads(stdout.decode("utf-8", errors="ignore")))
-            except Exception:
-                continue
-        return {"servers": details}
-    except Exception:
-        return {"servers": []}
-
-
-@app.get("/api/codex/login/status")
-async def codex_login_status(http_request: Request):
-    """
-    Returns Codex CLI login status for device-auth based sessions.
-    """
-    if not _feature_enabled("codex"):
-        raise HTTPException(status_code=403, detail="Codex is disabled")
-    _ = await _require_user_from_request(http_request)
-    try:
-        proc = await asyncio.create_subprocess_exec(
-            "codex",
-            "login",
-            "status",
-            stdout=asyncio.subprocess.PIPE,
-            stderr=asyncio.subprocess.PIPE,
-        )
-        stdout, stderr = await proc.communicate()
-        text = stdout.decode("utf-8", errors="ignore").strip()
-        err = stderr.decode("utf-8", errors="ignore").strip()
-        # Current CLI prints: "Logged in using ChatGPT" when authenticated
-        combined = text or err
-        logged_in = "Logged in" in combined
-        return {"loggedIn": logged_in, "statusText": combined, "exitCode": proc.returncode}
-    except Exception as e:
-        return {"loggedIn": False, "statusText": str(e), "exitCode": None}
-
-
-@dataclass
-class DeviceLoginAttempt:
-    id: str
-    proc: asyncio.subprocess.Process
-    created_at: float
-    url: Optional[str] = None
-    code: Optional[str] = None
-    output: List[str] = field(default_factory=list)
-    done: bool = False
-    returncode: Optional[int] = None
-
-
-app.state.device_login_attempts: dict[str, DeviceLoginAttempt] = {}
-app.state.device_login_lock = asyncio.Lock()
-
-class McpStdioClient:
-    def __init__(self, command: List[str]):
-        self.command = command
-        self.proc: Optional[asyncio.subprocess.Process] = None
-        self._lock = asyncio.Lock()
-        self._pending: dict[int, asyncio.Future] = {}
-        self._next_id = 1
-        self._reader_task: Optional[asyncio.Task] = None
-        self._initialized = False
-
-    async def start(self) -> None:
-        if self.proc and self.proc.returncode is None:
-            return
-        self.proc = await asyncio.create_subprocess_exec(
-            *self.command,
-            stdin=asyncio.subprocess.PIPE,
-            stdout=asyncio.subprocess.PIPE,
-            stderr=asyncio.subprocess.PIPE,
-        )
-        self._initialized = False
-        self._reader_task = asyncio.create_task(self._reader())
-        await self._initialize()
-
-    async def _reader(self) -> None:
-        assert self.proc and self.proc.stdout
-        while True:
-            line = await self.proc.stdout.readline()
-            if not line:
-                break
-            text = line.decode("utf-8", errors="ignore").strip()
-            if not text:
-                continue
-            try:
-                msg = json.loads(text)
-            except Exception:
-                continue
-            msg_id = msg.get("id")
-            if msg_id is None:
-                continue
-            fut = self._pending.pop(int(msg_id), None)
-            if fut and not fut.done():
-                fut.set_result(msg)
-
-    async def _rpc(self, method: str, params: Optional[dict] = None) -> dict:
-        await self.start()
-        assert self.proc and self.proc.stdin
-        async with self._lock:
-            msg_id = self._next_id
-            self._next_id += 1
-            loop = asyncio.get_running_loop()
-            fut: asyncio.Future = loop.create_future()
-            self._pending[msg_id] = fut
-            payload = {"jsonrpc": "2.0", "id": msg_id, "method": method}
-            if params is not None:
-                payload["params"] = params
-            self.proc.stdin.write((json.dumps(payload) + "\n").encode("utf-8"))
-            await self.proc.stdin.drain()
-        resp = await asyncio.wait_for(fut, timeout=600.0)
-        if "error" in resp:
-            raise HTTPException(status_code=500, detail=resp["error"])
-        return resp.get("result") or {}
-
-    async def _initialize(self) -> None:
-        if self._initialized:
-            return
-        # minimal initialize; codex mcp-server advertises tools
-        result = await self._rpc(
-            "initialize",
-            {
-                "protocolVersion": "2024-11-05",
-                "clientInfo": {"name": "autonomy-labs", "version": "1.0"},
-                "capabilities": {},
-            },
-        )
-        # Notify initialized (no response)
-        assert self.proc and self.proc.stdin
-        self.proc.stdin.write(
-            (json.dumps({"jsonrpc": "2.0", "method": "notifications/initialized"}) + "\n").encode("utf-8")
-        )
-        await self.proc.stdin.drain()
-        self._initialized = True
-        _ = result
-
-    async def list_tools(self) -> dict:
-        return await self._rpc("tools/list", {})
-
-    async def call_tool(self, name: str, arguments: dict) -> dict:
-        return await self._rpc("tools/call", {"name": name, "arguments": arguments})
-
-
-app.state.codex_mcp_client = McpStdioClient(["codex", "mcp-server"])
-
-
-async def _read_device_login_output(attempt: DeviceLoginAttempt) -> None:
-    try:
-        assert attempt.proc.stdout is not None
-        while True:
-            line = await attempt.proc.stdout.readline()
-            if not line:
-                break
-            text = line.decode("utf-8", errors="ignore").rstrip("\n")
-            attempt.output.append(text)
-            # Parse link/code from Codex output
-            if attempt.url is None and "https://" in text and "auth.openai.com/codex/device" in text:
-                attempt.url = "https://auth.openai.com/codex/device"
-            if attempt.code is None:
-                # Device code looks like 4-6 alnum, dash, 4-6 alnum (often uppercase).
-                import re
-                m = re.search(r"\b([A-Za-z0-9]{4,6}-[A-Za-z0-9]{4,6})\b", text)
-                if m:
-                    attempt.code = m.group(1).upper()
-        await attempt.proc.wait()
-    finally:
-        attempt.done = True
-        attempt.returncode = attempt.proc.returncode
-
-
-@app.post("/api/codex/login/device/start")
-async def codex_login_device_start(http_request: Request):
-    """
-    Starts `codex login --device-auth` and returns the device URL + code (when available).
-    """
-    if not _feature_enabled("codex"):
-        raise HTTPException(status_code=403, detail="Codex is disabled")
-    _ = await _require_user_from_request(http_request)
-    async with app.state.device_login_lock:
-        proc = await asyncio.create_subprocess_exec(
-            "codex",
-            "login",
-            "--device-auth",
-            stdout=asyncio.subprocess.PIPE,
-            stderr=asyncio.subprocess.STDOUT,
-        )
-        attempt_id = str(uuid.uuid4())
-        attempt = DeviceLoginAttempt(
-            id=attempt_id,
-            proc=proc,
-            created_at=asyncio.get_running_loop().time(),
-        )
-        app.state.device_login_attempts[attempt_id] = attempt
-        asyncio.create_task(_read_device_login_output(attempt))
-        return {"loginId": attempt_id}
-
-
-@app.get("/api/codex/login/device/status")
-async def codex_login_device_status(loginId: str, http_request: Request):
-    if not _feature_enabled("codex"):
-        raise HTTPException(status_code=403, detail="Codex is disabled")
-    _ = await _require_user_from_request(http_request)
-    attempt = app.state.device_login_attempts.get(loginId)
-    if not attempt:
-        raise HTTPException(status_code=404, detail="Unknown loginId")
-
-    # keep last ~50 lines
-    tail = attempt.output[-50:]
-    status = "pending"
-    if attempt.done:
-        status = "success" if attempt.returncode == 0 else "failed"
-    return {
-        "loginId": attempt.id,
-        "status": status,
-        "url": attempt.url,
-        "code": attempt.code,
-        "outputTail": tail,
-        "returnCode": attempt.returncode,
-    }
-
-
-@app.get("/api/mcp/tools")
-async def mcp_tools_list(http_request: Request):
-    """
-    List tools available from the local Codex MCP server (`codex mcp-server`).
-    """
-    if not _feature_enabled("mcp"):
-        raise HTTPException(status_code=403, detail="MCP is disabled")
-    _ = await _require_user_from_request(http_request)
-    try:
-        result = await app.state.codex_mcp_client.list_tools()
-        return result
-    except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
-
-
-class McpCallRequest(BaseModel):
-    name: str
-    arguments: dict
-
-
-@app.post("/api/mcp/call")
-async def mcp_tools_call(request: McpCallRequest, http_request: Request):
-    """
-    Call a tool on the local Codex MCP server (`codex mcp-server`).
-    """
-    if not _feature_enabled("mcp"):
-        raise HTTPException(status_code=403, detail="MCP is disabled")
-    _ = await _require_user_from_request(http_request)
-    try:
-        return await app.state.codex_mcp_client.call_tool(request.name, request.arguments)
-    except Exception as e:
-        raise HTTPException(status_code=500, detail=str(e))
-
-@app.websocket("/ws/terminal")
-async def websocket_terminal(websocket: WebSocket):
-    await websocket.accept()
-
-    if not _feature_enabled("terminal"):
-        await websocket.send_text("\r\n[terminal disabled]\r\n")
-        await websocket.close()
-        return
-
-    # Authenticate the WebSocket using a Supabase access token passed via query param.
-    # Browser WebSocket APIs do not allow setting Authorization headers directly.
-    token = (websocket.query_params.get("token") or "").strip()
-    if not token:
-        await websocket.send_text("\r\n[unauthorized: missing token]\r\n")
-        await websocket.close()
-        return
-    try:
-        user = await _verify_supabase_access_token(token)
-    except HTTPException as e:
-        await websocket.send_text(f"\r\n[unauthorized: {e.detail}]\r\n")
-        await websocket.close()
-        return
-
-    # If token-based Codex auth is provided via env (HF Spaces Secrets), ensure the CLI auth file exists.
-    # This makes `codex` work inside the web terminal even if the entrypoint didn't run (e.g., local dev).
-    try:
-        id_token = os.environ.get("CODEX_ID_TOKEN") or os.environ.get("ID_TOKEN") or ""
-        access_token = os.environ.get("CODEX_ACCESS_TOKEN") or os.environ.get("ACCESS_TOKEN") or ""
-        refresh_token = os.environ.get("CODEX_REFRESH_TOKEN") or os.environ.get("REFRESH_TOKEN") or ""
-        account_id = os.environ.get("CODEX_ACCOUNT_ID") or os.environ.get("ACCOUNT_ID") or ""
-        if id_token or access_token or refresh_token:
-            codex_home = os.path.join(os.path.expanduser("~"), ".codex")
-            os.makedirs(codex_home, exist_ok=True)
-            auth = {
-                "OPENAI_API_KEY": None,
-                "tokens": {
-                    "id_token": id_token,
-                    "access_token": access_token,
-                    "refresh_token": refresh_token,
-                    "account_id": account_id,
-                },
-                "last_refresh": datetime.now(timezone.utc).strftime("%Y-%m-%dT%H:%M:%SZ"),
-            }
-            for filename in ("auth.json", ".auth.json"):
-                path = os.path.join(codex_home, filename)
-                with open(path, "w", encoding="utf-8") as f:
-                    json.dump(auth, f, indent=2)
-                    f.write("\n")
-                try:
-                    os.chmod(path, 0o600)
-                except Exception:
-                    pass
-    except Exception:
-        pass
-    
-    # Create PTY (required for an interactive shell). If the runtime has no PTY
-    # devices (e.g., /dev/pts not mounted / exhausted), fail gracefully.
-    try:
-        master_fd, slave_fd = pty.openpty()
-    except OSError as e:
-        await websocket.send_text(
-            "\r\n[terminal unavailable: PTY allocation failed]\r\n"
-            f"{type(e).__name__}: {e}\r\n"
-        )
-        await websocket.close()
-        return
-    
-    # Start shell
-    env = os.environ.copy()
-    env.setdefault("TERM", "xterm-256color")
-    env.setdefault("COLORTERM", "truecolor")
-    p = subprocess.Popen(
-        ["/bin/bash", "-i"],
-        preexec_fn=os.setsid,
-        stdin=slave_fd,
-        stdout=slave_fd,
-        stderr=slave_fd,
-        env=env,
-        close_fds=True
-    )
-    
-    os.close(slave_fd)
-    
-    loop = asyncio.get_running_loop()
-
-    async def read_from_pty():
-        while True:
-            try:
-                # Run in executor to avoid blocking the event loop
-                data = await loop.run_in_executor(None, lambda: os.read(master_fd, 1024))
-                if not data:
-                    break
-                await websocket.send_text(data.decode(errors='ignore'))
-            except Exception:
-                break
-        await websocket.close()
-
-    async def write_to_pty():
-        try:
-            while True:
-                data = await websocket.receive_text()
-                if data.startswith('\x01resize:'): # Custom resize protocol
-                     # Format: ^Aresize:cols:rows
-                     try:
-                         _, cols, rows = data.split(':')
-                         cols_i = int(cols)
-                         rows_i = int(rows)
-                         if cols_i < 2 or rows_i < 2:
-                             continue
-                         winsize = struct.pack("HHHH", rows_i, cols_i, 0, 0)
-                         fcntl.ioctl(master_fd, termios.TIOCSWINSZ, winsize)
-                     except:
-                         pass
-                else:
-                    os.write(master_fd, data.encode())
-        except Exception:
-            pass
+load_dotenv()
 
-    # Run tasks
-    read_task = asyncio.create_task(read_from_pty())
-    write_task = asyncio.create_task(write_to_pty())
+app = create_app()
 
-    try:
-        await asyncio.wait([read_task, write_task], return_when=asyncio.FIRST_COMPLETED)
-    finally:
-        read_task.cancel()
-        write_task.cancel()
-        p.terminate()
-        os.close(master_fd)

pyproject.toml

@@ -0,0 +1,7 @@
+[tool.ruff]
+target-version = "py311"
+line-length = 120
+
+[tool.ruff.lint]
+select = ["E", "F", "I", "UP", "B"]
+

requirements-dev.txt

@@ -0,0 +1,3 @@
+pytest==8.3.4
+ruff==0.8.4
+

tests/test_security_gates.py

@@ -0,0 +1,50 @@
+import os
+
+import pytest
+from fastapi.testclient import TestClient
+from starlette.websockets import WebSocketDisconnect
+
+from app.server import create_app
+
+
+@pytest.fixture()
+def client(monkeypatch: pytest.MonkeyPatch) -> TestClient:
+    monkeypatch.setenv("SUPABASE_URL", "https://example.supabase.co")
+    monkeypatch.setenv("SUPABASE_KEY", "dummy")
+    monkeypatch.setenv("ENABLE_TERMINAL", "1")
+    monkeypatch.setenv("ENABLE_CODEX", "1")
+    monkeypatch.setenv("ENABLE_MCP", "1")
+    app = create_app()
+    return TestClient(app)
+
+
+def test_codex_login_status_requires_auth(client: TestClient):
+    res = client.get("/api/codex/login/status")
+    assert res.status_code == 401
+
+
+def test_mcp_tools_requires_auth(client: TestClient):
+    res = client.get("/api/mcp/tools")
+    assert res.status_code == 401
+
+
+def test_terminal_ws_requires_token(client: TestClient):
+    with client.websocket_connect("/ws/terminal") as ws:
+        # Server accepts then sends an error + closes.
+        try:
+            msg = ws.receive_text()
+        except WebSocketDisconnect:
+            msg = ""
+        assert "unauthorized" in msg.lower() or msg == ""
+
+
+def test_features_can_be_disabled(monkeypatch: pytest.MonkeyPatch):
+    monkeypatch.setenv("SUPABASE_URL", "https://example.supabase.co")
+    monkeypatch.setenv("SUPABASE_KEY", "dummy")
+    monkeypatch.setenv("ENABLE_CODEX", "0")
+    app = create_app()
+    c = TestClient(app)
+
+    res = c.get("/api/codex/login/status")
+    assert res.status_code == 403
+