refactor: fingerprint alignment, auto-maintenance, Docker deployment

Phase 1 - Eliminate fingerprint detection gaps:
- Dynamic sec-ch-ua from config chromium_version (aligned with TLS profile)
- Inject full fingerprint headers into curl-fetch (OAuth/appcast)
- Unify Accept-Encoding based on curl-impersonate detection
- Optimize header ordering (single sort pass)

Phase 2 - Auto-maintenance:
- Structured YAML mutation utility (replace regex hacks)
- Auto full-update pipeline on new version detection
- Config hot-reload after updates
- Exponential backoff token refresh (5 attempts + 10m recovery)
- Immediate persistence for critical data (tokens, cf_clearance)
- Cookie v2 format with expiry timestamps
- Graceful shutdown with 10s timeout protection
- Usage counters auto-reset on rate limit window rollover

Phase 3 - Docker deployment:
- Dockerfile, docker-compose.yml, .dockerignore
- Deployment docs in README

Fixes:
- Extract planType from JWT /auth claim (was looking in /profile)
- Backfill missing planType on startup for existing accounts
- Show full date for rate limit reset times in dashboard

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.dockerignore

@@ -0,0 +1,9 @@
+node_modules/
+dist/
+data/
+bin/
+tmp/
+.asar-out/
+.git/
+docs/
+stitch-*/

Dockerfile

@@ -0,0 +1,23 @@
+FROM node:20-slim
+
+# Install unzip (full-update pipeline) and ca-certificates
+RUN apt-get update && \
+    apt-get install -y --no-install-recommends unzip ca-certificates && \
+    rm -rf /var/lib/apt/lists/*
+
+WORKDIR /app
+
+# Install dependencies (postinstall downloads curl-impersonate for Linux)
+COPY package*.json ./
+RUN npm ci --omit=dev
+
+# Copy source and build
+COPY . .
+RUN npm run build
+
+# Persistent data mount point
+VOLUME /app/data
+
+EXPOSE 8080
+
+CMD ["node", "dist/index.js"]

README.md

@@ -198,6 +198,30 @@ for await (const chunk of stream) {
 }
 ```
 
+## 🐳 部署方式 (Deployment)
+
+### Docker 部署（推荐，所有平台通用）
+
+```bash
+git clone https://github.com/icebear0828/codex-proxy.git
+cd codex-proxy
+docker compose up -d
+# 打开 http://localhost:8080 登录
+```
+
+### 原生部署（macOS / Linux）
+
+```bash
+git clone https://github.com/icebear0828/codex-proxy.git
+cd codex-proxy
+npm install
+npm run build
+npm start
+# 打开 http://localhost:8080 登录
+```
+
+> Docker 部署会自动安装 curl-impersonate（Linux 版）。原生部署依赖 `npm install` 的 postinstall 脚本自动下载。
+
 ## ⚙️ 配置说明 (Configuration)
 
 所有配置位于 `config/default.yaml`：

config/default.yaml

@@ -8,6 +8,7 @@ client:
   build_number: "669"
   platform: "darwin"
   arch: "arm64"
+  chromium_version: "136"
 
 model:
   default: "gpt-5.3-codex"

config/fingerprint.yaml

@@ -20,7 +20,6 @@ header_order:
 default_headers:
   Accept-Encoding: "gzip, deflate, br, zstd"
   Accept-Language: "en-US,en;q=0.9"
-  sec-ch-ua: '"Chromium";v="134", "Not:A-Brand";v="24"'
   sec-ch-ua-mobile: "?0"
   sec-ch-ua-platform: '"macOS"'
   sec-fetch-site: "same-origin"

docker-compose.yml

@@ -0,0 +1,11 @@
+services:
+  codex-proxy:
+    build: .
+    ports:
+      - "8080:8080"
+    volumes:
+      - ./data:/app/data
+      - ./config:/app/config
+    restart: unless-stopped
+    environment:
+      - NODE_ENV=production

public/dashboard.html

@@ -391,6 +391,24 @@ function formatNumber(n) {
   return String(n);
 }
 
+function formatResetTime(unixSec) {
+  const d = new Date(unixSec * 1000);
+  const now = new Date();
+  const time = d.toLocaleTimeString(undefined, { hour: '2-digit', minute: '2-digit', second: '2-digit' });
+  // Same calendar day → just show time
+  if (d.getFullYear() === now.getFullYear() && d.getMonth() === now.getMonth() && d.getDate() === now.getDate()) {
+    return time;
+  }
+  // Tomorrow
+  const tomorrow = new Date(now); tomorrow.setDate(tomorrow.getDate() + 1);
+  if (d.getFullYear() === tomorrow.getFullYear() && d.getMonth() === tomorrow.getMonth() && d.getDate() === tomorrow.getDate()) {
+    return (currentLangCode === 'zh' ? '明天 ' : 'Tomorrow ') + time;
+  }
+  // Other dates → full date + time
+  const date = d.toLocaleDateString(undefined, { month: 'short', day: 'numeric' });
+  return date + ' ' + time;
+}
+
 function statusBadge(status) {
   const map = {
     active:       ['bg-green-100 text-green-700 border-green-200 dark:bg-[#11281d] dark:text-primary dark:border-[#1a442e]', 'active'],
@@ -459,7 +477,7 @@ function renderAccounts(accounts) {
         : pct >= 90 ? 'text-red-500'
         : pct >= 60 ? 'text-amber-600 dark:text-amber-500'
         : 'text-primary';
-      const resetAt = rl.reset_at ? new Date(rl.reset_at * 1000).toLocaleTimeString() : null;
+      const resetAt = rl.reset_at ? formatResetTime(rl.reset_at) : null;
 
       quotaHtml = `
         <div class="pt-3 mt-3 border-t border-slate-100 dark:border-border-dark">

src/auth/account-pool.ts

@@ -158,7 +158,7 @@ export class AccountPool {
           existing.email = profile?.email ?? existing.email;
           existing.planType = profile?.chatgpt_plan_type ?? existing.planType;
           existing.status = isTokenExpired(token) ? "expired" : "active";
-          this.schedulePersist();
+          this.persistNow(); // Critical data — persist immediately
           return existing.id;
         }
       }
@@ -185,7 +185,7 @@ export class AccountPool {
     };
 
     this.accounts.set(id, entry);
-    this.schedulePersist();
+    this.persistNow(); // Critical data — persist immediately
     return id;
   }
 
@@ -212,7 +212,7 @@ export class AccountPool {
     entry.planType = profile?.chatgpt_plan_type ?? entry.planType;
     entry.accountId = extractChatGptAccountId(newToken) ?? entry.accountId;
     entry.status = "active";
-    this.schedulePersist();
+    this.persistNow(); // Critical data — persist immediately
   }
 
   markStatus(entryId: string, status: AccountEntry["status"]): void {
@@ -231,11 +231,36 @@ export class AccountPool {
       output_tokens: 0,
       last_used: null,
       rate_limit_until: null,
+      window_reset_at: entry.usage.window_reset_at ?? null,
     };
     this.schedulePersist();
     return true;
   }
 
+  /**
+   * Check if the rate limit window has rolled over.
+   * If so, auto-reset local usage counters to stay in sync.
+   * Called after fetching quota from OpenAI API.
+   */
+  syncRateLimitWindow(entryId: string, newResetAt: number | null): void {
+    if (newResetAt == null) return;
+    const entry = this.accounts.get(entryId);
+    if (!entry) return;
+
+    const oldResetAt = entry.usage.window_reset_at;
+    if (oldResetAt != null && oldResetAt !== newResetAt) {
+      // Window rolled over — reset local counters
+      console.log(`[AccountPool] Rate limit window rolled for ${entryId} (${entry.email ?? "?"}), resetting usage counters`);
+      entry.usage.request_count = 0;
+      entry.usage.input_tokens = 0;
+      entry.usage.output_tokens = 0;
+      entry.usage.last_used = null;
+      entry.usage.rate_limit_until = null;
+    }
+    entry.usage.window_reset_at = newResetAt;
+    this.schedulePersist();
+  }
+
   // ── Query ───────────────────────────────────────────────────────
 
   getAccounts(): AccountInfo[] {
@@ -254,8 +279,6 @@ export class AccountPool {
     return [...this.accounts.values()];
   }
 
-  // ── Backward-compatible shim (for routes that still expect AuthManager) ──
-
   isAuthenticated(): boolean {
     const now = new Date();
     for (const entry of this.accounts.values()) {
@@ -265,21 +288,6 @@ export class AccountPool {
     return false;
   }
 
-  /** @deprecated Use acquire() instead. */
-  async getToken(): Promise<string | null> {
-    const acq = this.acquire();
-    if (!acq) return null;
-    // Release immediately — shim usage doesn't track per-request
-    this.acquireLocks.delete(acq.entryId);
-    return acq.token;
-  }
-
-  /** @deprecated Use acquire() instead. */
-  getAccountId(): string | null {
-    const first = [...this.accounts.values()].find((a) => a.status === "active");
-    return first?.accountId ?? null;
-  }
-
   /** @deprecated Use getAccounts() instead. */
   getUserInfo(): { email?: string; accountId?: string; planType?: string } | null {
     const first = [...this.accounts.values()].find((a) => a.status === "active");
@@ -304,11 +312,6 @@ export class AccountPool {
     return false;
   }
 
-  /** @deprecated Use addAccount() instead. */
-  setToken(token: string): void {
-    this.addAccount(token);
-  }
-
   /** @deprecated Use removeAccount() instead. */
   clearToken(): void {
     this.accounts.clear();
@@ -416,11 +419,30 @@ export class AccountPool {
       const raw = readFileSync(ACCOUNTS_FILE, "utf-8");
       const data = JSON.parse(raw) as AccountsFile;
       if (Array.isArray(data.accounts)) {
+        let needsPersist = false;
         for (const entry of data.accounts) {
           if (entry.id && entry.token) {
+            // Backfill missing fields from JWT (e.g. planType was null before fix)
+            if (!entry.planType || !entry.email || !entry.accountId) {
+              const profile = extractUserProfile(entry.token);
+              const accountId = extractChatGptAccountId(entry.token);
+              if (!entry.planType && profile?.chatgpt_plan_type) {
+                entry.planType = profile.chatgpt_plan_type;
+                needsPersist = true;
+              }
+              if (!entry.email && profile?.email) {
+                entry.email = profile.email;
+                needsPersist = true;
+              }
+              if (!entry.accountId && accountId) {
+                entry.accountId = accountId;
+                needsPersist = true;
+              }
+            }
             this.accounts.set(entry.id, entry);
           }
         }
+        if (needsPersist) this.persistNow();
       }
     } catch (err) {
       console.warn("[AccountPool] Failed to load accounts:", err instanceof Error ? err.message : err);

src/auth/jwt-utils.ts

@@ -39,14 +39,20 @@ export function extractUserProfile(
   const payload = decodeJwtPayload(token);
   if (!payload) return null;
   try {
-    const profile = payload["https://api.openai.com/profile"];
-    if (profile && typeof profile === "object" && profile !== null) {
-      const p = profile as Record<string, unknown>;
-      return {
-        email: typeof p.email === "string" ? p.email : undefined,
-        chatgpt_user_id: typeof p.chatgpt_user_id === "string" ? p.chatgpt_user_id : undefined,
-        chatgpt_plan_type: typeof p.chatgpt_plan_type === "string" ? p.chatgpt_plan_type : undefined,
-      };
+    const profile = payload["https://api.openai.com/profile"] as Record<string, unknown> | undefined;
+    const auth = payload["https://api.openai.com/auth"] as Record<string, unknown> | undefined;
+
+    const email = typeof profile?.email === "string" ? profile.email : undefined;
+    // chatgpt_plan_type lives in the /auth claim, not /profile
+    const chatgpt_plan_type =
+      (typeof auth?.chatgpt_plan_type === "string" ? auth.chatgpt_plan_type : undefined) ??
+      (typeof profile?.chatgpt_plan_type === "string" ? profile.chatgpt_plan_type : undefined);
+    const chatgpt_user_id =
+      (typeof auth?.chatgpt_user_id === "string" ? auth.chatgpt_user_id : undefined) ??
+      (typeof profile?.chatgpt_user_id === "string" ? profile.chatgpt_user_id : undefined);
+
+    if (email || chatgpt_plan_type || chatgpt_user_id) {
+      return { email, chatgpt_user_id, chatgpt_plan_type };
     }
   } catch {
     // ignore

src/auth/refresh-scheduler.ts

@@ -2,6 +2,12 @@
  * RefreshScheduler — per-account JWT auto-refresh.
  * Schedules a refresh at `exp - margin` for each account.
  * Uses OAuth refresh_token instead of Codex CLI.
+ *
+ * Features:
+ * - Exponential backoff (5 attempts: 5s → 15s → 45s → 135s → 300s)
+ * - Permanent failure detection (invalid_grant / invalid_token)
+ * - Recovery scheduling (10 min) for temporary failures
+ * - Crash recovery: "refreshing" → immediate retry, "expired" + refreshToken → delayed retry
  */
 
 import { getConfig } from "../config.js";
@@ -10,6 +16,13 @@ import { refreshAccessToken } from "./oauth-pkce.js";
 import { jitter, jitterInt } from "../utils/jitter.js";
 import type { AccountPool } from "./account-pool.js";
 
+/** Errors that indicate the refresh token itself is invalid (permanent failure). */
+const PERMANENT_ERRORS = ["invalid_grant", "invalid_token", "access_denied"];
+
+const MAX_ATTEMPTS = 5;
+const BASE_DELAY_MS = 5_000;
+const RECOVERY_DELAY_MS = 10 * 60 * 1000; // 10 minutes
+
 export class RefreshScheduler {
   private timers: Map<string, ReturnType<typeof setTimeout>> = new Map();
   private pool: AccountPool;
@@ -22,8 +35,24 @@ export class RefreshScheduler {
   /** Schedule refresh for all accounts in the pool. */
   scheduleAll(): void {
     for (const entry of this.pool.getAllEntries()) {
-      if (entry.status === "active" || entry.status === "refreshing") {
+      if (entry.status === "active") {
         this.scheduleOne(entry.id, entry.token);
+      } else if (entry.status === "refreshing") {
+        // Crash recovery: was mid-refresh when process died
+        console.log(`[RefreshScheduler] Account ${entry.id}: recovering from 'refreshing' state`);
+        this.doRefresh(entry.id);
+      } else if (entry.status === "expired" && entry.refreshToken) {
+        // Attempt recovery for expired accounts that still have a refresh token
+        const delay = jitterInt(30_000, 0.3);
+        console.log(`[RefreshScheduler] Account ${entry.id}: expired with refresh_token, recovery attempt in ${Math.round(delay / 1000)}s`);
+        const timer = setTimeout(() => {
+          this.timers.delete(entry.id);
+          this.doRefresh(entry.id);
+        }, delay);
+        if (timer.unref) timer.unref();
+        this.timers.set(entry.id, timer);
+      } else if (entry.status === "expired" && !entry.refreshToken) {
+        console.warn(`[RefreshScheduler] Account ${entry.id}: expired with no refresh_token. Re-login required at /`);
       }
     }
   }
@@ -87,7 +116,7 @@ export class RefreshScheduler {
 
     if (!entry.refreshToken) {
       console.warn(
-        `[RefreshScheduler] Account ${entryId} has no refresh_token, cannot auto-refresh`,
+        `[RefreshScheduler] Account ${entryId} has no refresh_token, cannot auto-refresh. Re-login required at /`,
       );
       this.pool.markStatus(entryId, "expired");
       return;
@@ -96,8 +125,7 @@ export class RefreshScheduler {
     console.log(`[RefreshScheduler] Refreshing account ${entryId} (${entry.email ?? "?"})`);
     this.pool.markStatus(entryId, "refreshing");
 
-    const maxAttempts = 2;
-    for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+    for (let attempt = 1; attempt <= MAX_ATTEMPTS; attempt++) {
       try {
         const tokens = await refreshAccessToken(entry.refreshToken);
         // Update token and refresh_token (if a new one was issued)
@@ -111,15 +139,48 @@ export class RefreshScheduler {
         return;
       } catch (err) {
         const msg = err instanceof Error ? err.message : String(err);
-        if (attempt < maxAttempts) {
-          const retryDelay = jitterInt(5000, 0.3);
-          console.warn(`[RefreshScheduler] Refresh attempt ${attempt} failed for ${entryId}: ${msg}, retrying in ${Math.round(retryDelay / 1000)}s...`);
+
+        // Check for permanent failures
+        if (PERMANENT_ERRORS.some((e) => msg.toLowerCase().includes(e))) {
+          console.error(`[RefreshScheduler] Permanent failure for ${entryId}: ${msg}`);
+          this.pool.markStatus(entryId, "expired");
+          return;
+        }
+
+        if (attempt < MAX_ATTEMPTS) {
+          // Exponential backoff: 5s, 15s, 45s, 135s, 300s (capped)
+          const backoff = Math.min(BASE_DELAY_MS * Math.pow(3, attempt - 1), 300_000);
+          const retryDelay = jitterInt(backoff, 0.3);
+          console.warn(
+            `[RefreshScheduler] Attempt ${attempt}/${MAX_ATTEMPTS} failed for ${entryId}: ${msg}, retrying in ${Math.round(retryDelay / 1000)}s...`,
+          );
           await new Promise((r) => setTimeout(r, retryDelay));
         } else {
-          console.error(`[RefreshScheduler] Failed to refresh ${entryId} after ${maxAttempts} attempts: ${msg}`);
-          this.pool.markStatus(entryId, "expired");
+          console.error(
+            `[RefreshScheduler] All ${MAX_ATTEMPTS} attempts failed for ${entryId}: ${msg}`,
+          );
+          // Don't mark expired — schedule recovery attempt in 10 minutes
+          this.pool.markStatus(entryId, "active"); // keep active so it can still be used
+          this.scheduleRecovery(entryId);
         }
       }
     }
   }
+
+  /**
+   * Schedule a recovery refresh attempt after all retries are exhausted.
+   * Gives the server time to recover from temporary issues.
+   */
+  private scheduleRecovery(entryId: string): void {
+    const delay = jitterInt(RECOVERY_DELAY_MS, 0.2);
+    console.log(
+      `[RefreshScheduler] Recovery attempt for ${entryId} in ${Math.round(delay / 60000)}m`,
+    );
+    const timer = setTimeout(() => {
+      this.timers.delete(entryId);
+      this.doRefresh(entryId);
+    }, delay);
+    if (timer.unref) timer.unref();
+    this.timers.set(entryId, timer);
+  }
 }

src/auth/types.ts

@@ -15,6 +15,8 @@ export interface AccountUsage {
   output_tokens: number;
   last_used: string | null;
   rate_limit_until: string | null;
+  /** Tracks the current rate limit window end (Unix seconds). When window rolls over, counters reset. */
+  window_reset_at?: number | null;
 }
 
 export interface AccountEntry {

src/config.ts

@@ -6,7 +6,7 @@ import { z } from "zod";
 const ConfigSchema = z.object({
   api: z.object({
     base_url: z.string().default("https://chatgpt.com/backend-api"),
-    timeout_seconds: z.number().default(60),
+    timeout_seconds: z.number().min(1).default(60),
   }),
   client: z.object({
     originator: z.string().default("Codex Desktop"),
@@ -14,6 +14,7 @@ const ConfigSchema = z.object({
     build_number: z.string().default("517"),
     platform: z.string().default("darwin"),
     arch: z.string().default("arm64"),
+    chromium_version: z.string().default("136"),
   }),
   model: z.object({
     default: z.string().default("gpt-5.3-codex"),
@@ -22,16 +23,16 @@ const ConfigSchema = z.object({
   auth: z.object({
     jwt_token: z.string().nullable().default(null),
     chatgpt_oauth: z.boolean().default(true),
-    refresh_margin_seconds: z.number().default(300),
+    refresh_margin_seconds: z.number().min(0).default(300),
     rotation_strategy: z.enum(["least_used", "round_robin"]).default("least_used"),
-    rate_limit_backoff_seconds: z.number().default(60),
+    rate_limit_backoff_seconds: z.number().min(1).default(60),
     oauth_client_id: z.string().default("app_EMoamEEZ73f0CkXaXp7hrann"),
     oauth_auth_endpoint: z.string().default("https://auth.openai.com/oauth/authorize"),
     oauth_token_endpoint: z.string().default("https://auth.openai.com/oauth/token"),
   }),
   server: z.object({
     host: z.string().default("0.0.0.0"),
-    port: z.number().default(8080),
+    port: z.number().min(1).max(65535).default(8080),
     proxy_api_key: z.string().nullable().default(null),
   }),
   environment: z.object({
@@ -39,8 +40,8 @@ const ConfigSchema = z.object({
     default_branch: z.string().default("main"),
   }),
   session: z.object({
-    ttl_minutes: z.number().default(60),
-    cleanup_interval_minutes: z.number().default(5),
+    ttl_minutes: z.number().min(1).default(60),
+    cleanup_interval_minutes: z.number().min(1).default(5),
   }),
   tls: z.object({
     curl_binary: z.string().default("auto"),
@@ -85,7 +86,10 @@ function applyEnvOverrides(raw: Record<string, unknown>): Record<string, unknown
     (raw.client as Record<string, unknown>).arch = process.env.CODEX_ARCH;
   }
   if (process.env.PORT) {
-    (raw.server as Record<string, unknown>).port = parseInt(process.env.PORT, 10);
+    const parsed = parseInt(process.env.PORT, 10);
+    if (!isNaN(parsed)) {
+      (raw.server as Record<string, unknown>).port = parsed;
+    }
   }
   const proxyEnv = process.env.HTTPS_PROXY || process.env.https_proxy;
   if (proxyEnv) {
@@ -129,3 +133,22 @@ export function mutateClientConfig(patch: Partial<AppConfig["client"]>): void {
   if (!_config) throw new Error("Config not loaded");
   Object.assign(_config.client, patch);
 }
+
+/** Reload config from disk (hot-reload after full-update). */
+export function reloadConfig(configDir?: string): AppConfig {
+  _config = null;
+  return loadConfig(configDir);
+}
+
+/** Reload fingerprint from disk (hot-reload after full-update). */
+export function reloadFingerprint(configDir?: string): FingerprintConfig {
+  _fingerprint = null;
+  return loadFingerprint(configDir);
+}
+
+/** Reload both config and fingerprint from disk. */
+export function reloadAllConfigs(configDir?: string): void {
+  reloadConfig(configDir);
+  reloadFingerprint(configDir);
+  console.log("[Config] Hot-reloaded config and fingerprint from disk");
+}

src/fingerprint/manager.ts

@@ -29,6 +29,59 @@ function orderHeaders(
   return ordered;
 }
 
+/**
+ * Build the dynamic sec-ch-ua value based on chromium_version from config.
+ */
+function buildSecChUa(): string {
+  const cv = getConfig().client.chromium_version;
+  return `"Chromium";v="${cv}", "Not:A-Brand";v="24"`;
+}
+
+/**
+ * Build the User-Agent string from config + fingerprint template.
+ */
+function buildUserAgent(): string {
+  const config = getConfig();
+  const fp = getFingerprint();
+  return fp.user_agent_template
+    .replace("{version}", config.client.app_version)
+    .replace("{platform}", config.client.platform)
+    .replace("{arch}", config.client.arch);
+}
+
+/**
+ * Build raw headers (unordered) with all fingerprint fields.
+ * Does NOT include Authorization, ChatGPT-Account-Id, Content-Type, or Accept.
+ */
+function buildRawDefaultHeaders(): Record<string, string> {
+  const fp = getFingerprint();
+  const raw: Record<string, string> = {};
+
+  raw["User-Agent"] = buildUserAgent();
+  raw["sec-ch-ua"] = buildSecChUa();
+
+  // Add static default headers (Accept-Encoding, Accept-Language, sec-fetch-*, etc.)
+  if (fp.default_headers) {
+    for (const [key, value] of Object.entries(fp.default_headers)) {
+      raw[key] = value;
+    }
+  }
+
+  return raw;
+}
+
+/**
+ * Build anonymous headers for non-authenticated requests (OAuth, appcast, etc.).
+ * Contains User-Agent, sec-ch-ua, Accept-Encoding, Accept-Language, sec-fetch-*
+ * but NOT Authorization, Cookie, or ChatGPT-Account-Id.
+ * Headers are ordered per fingerprint config.
+ */
+export function buildAnonymousHeaders(): Record<string, string> {
+  const fp = getFingerprint();
+  const raw = buildRawDefaultHeaders();
+  return orderHeaders(raw, fp.header_order);
+}
+
 export function buildHeaders(
   token: string,
   accountId?: string | null,
@@ -44,17 +97,10 @@ export function buildHeaders(
 
   raw["originator"] = config.client.originator;
 
-  const ua = fp.user_agent_template
-    .replace("{version}", config.client.app_version)
-    .replace("{platform}", config.client.platform)
-    .replace("{arch}", config.client.arch);
-  raw["User-Agent"] = ua;
-
-  // Add browser-level default headers (Accept-Encoding, Accept-Language, etc.)
-  if (fp.default_headers) {
-    for (const [key, value] of Object.entries(fp.default_headers)) {
-      raw[key] = value;
-    }
+  // Merge default headers (User-Agent, sec-ch-ua, Accept-Encoding, etc.)
+  const defaults = buildRawDefaultHeaders();
+  for (const [key, value] of Object.entries(defaults)) {
+    raw[key] = value;
   }
 
   return orderHeaders(raw, fp.header_order);
@@ -64,9 +110,25 @@ export function buildHeadersWithContentType(
   token: string,
   accountId?: string | null,
 ): Record<string, string> {
-  const config = getConfig();
   const fp = getFingerprint();
-  const raw = buildHeaders(token, accountId);
+  const config = getConfig();
+  const raw: Record<string, string> = {};
+
+  raw["Authorization"] = `Bearer ${token}`;
+
+  const acctId = accountId ?? extractChatGptAccountId(token);
+  if (acctId) raw["ChatGPT-Account-Id"] = acctId;
+
+  raw["originator"] = config.client.originator;
+
+  // Merge default headers
+  const defaults = buildRawDefaultHeaders();
+  for (const [key, value] of Object.entries(defaults)) {
+    raw[key] = value;
+  }
+
   raw["Content-Type"] = "application/json";
+
+  // Single orderHeaders call (no double-sorting)
   return orderHeaders(raw, fp.header_order);
 }

src/index.ts

@@ -100,14 +100,28 @@ async function main() {
     port,
   });
 
-  // Graceful shutdown
+  // Graceful shutdown with timeout protection
+  let shutdownCalled = false;
   const shutdown = () => {
+    if (shutdownCalled) return;
+    shutdownCalled = true;
     console.log("\n[Shutdown] Cleaning up...");
-    stopUpdateChecker();
-    sessionManager.destroy();
-    cookieJar.destroy();
-    refreshScheduler.destroy();
-    accountPool.destroy();
+    const forceExit = setTimeout(() => {
+      console.error("[Shutdown] Timeout after 10s — forcing exit");
+      process.exit(1);
+    }, 10_000);
+    if (forceExit.unref) forceExit.unref();
+
+    try {
+      stopUpdateChecker();
+      refreshScheduler.destroy();  // Cancel timers first
+      sessionManager.destroy();
+      cookieJar.destroy();         // Flush cookies
+      accountPool.destroy();       // Flush accounts
+    } catch (err) {
+      console.error("[Shutdown] Error during cleanup:", err instanceof Error ? err.message : err);
+    }
+    clearTimeout(forceExit);
     process.exit(0);
   };
 

src/middleware/logger.ts

@@ -4,12 +4,13 @@ export async function logger(c: Context, next: Next): Promise<void> {
   const start = Date.now();
   const method = c.req.method;
   const path = c.req.path;
+  const rid = c.get("requestId") ?? "-";
 
-  console.log(`→ ${method} ${path}`);
+  console.log(`→ ${method} ${path} [${rid}]`);
 
   await next();
 
   const ms = Date.now() - start;
   const status = c.res.status;
-  console.log(`← ${method} ${path} ${status} ${ms}ms`);
+  console.log(`← ${method} ${path} ${status} ${ms}ms [${rid}]`);
 }

src/middleware/request-id.ts

@@ -0,0 +1,13 @@
+import type { Context, Next } from "hono";
+import { randomUUID } from "crypto";
+
+/**
+ * Middleware that generates a unique request ID for each request.
+ * Sets X-Request-Id response header and stores it in c.set() for logging.
+ */
+export async function requestId(c: Context, next: Next): Promise<void> {
+  const id = c.req.header("x-request-id") ?? randomUUID().slice(0, 8);
+  c.set("requestId", id);
+  c.header("X-Request-Id", id);
+  await next();
+}

src/proxy/codex-api.ts

@@ -11,7 +11,7 @@
 
 import { spawn, execFile } from "child_process";
 import { getConfig } from "../config.js";
-import { resolveCurlBinary, getChromeTlsArgs, getProxyArgs } from "../tls/curl-binary.js";
+import { resolveCurlBinary, getChromeTlsArgs, getProxyArgs, isImpersonate } from "../tls/curl-binary.js";
 import {
   buildHeaders,
   buildHeadersWithContentType,
@@ -235,10 +235,11 @@ export class CodexApi {
       buildHeaders(this.token, this.accountId),
     );
     headers["Accept"] = "application/json";
-    // Explicitly set Accept-Encoding to encodings that system curl can always
-    // decompress. Without this, HTTP/2 servers may send brotli/zstd which
-    // system curl (without br/zstd support) cannot decode, producing garbage.
-    headers["Accept-Encoding"] = "gzip, deflate";
+    // When using system curl (not curl-impersonate), downgrade Accept-Encoding
+    // to encodings it can always decompress. curl-impersonate supports br/zstd.
+    if (!isImpersonate()) {
+      headers["Accept-Encoding"] = "gzip, deflate";
+    }
 
     // Build curl args (Chrome TLS profile + proxy + request params)
     const args = [...getChromeTlsArgs(), ...getProxyArgs(), "-s", "--compressed", "--max-time", "15"];

src/proxy/cookie-jar.ts

@@ -6,6 +6,8 @@
  *
  * Cookies are auto-captured from every ChatGPT API response's Set-Cookie
  * headers, and can also be set manually via the management API.
+ *
+ * Persistence format v2: includes expiry timestamps.
  */
 
 import {
@@ -19,12 +21,31 @@ import { resolve, dirname } from "path";
 
 const COOKIE_FILE = resolve(process.cwd(), "data", "cookies.json");
 
+interface StoredCookie {
+  value: string;
+  expires: number | null; // Unix ms timestamp, null = session cookie
+}
+
+/** v2 persistence format */
+interface CookieFileV2 {
+  _version: 2;
+  accounts: Record<string, Record<string, { value: string; expires: number | null }>>;
+}
+
+/** Critical cookie names that trigger immediate persistence on change */
+const CRITICAL_COOKIES = new Set(["cf_clearance", "__cf_bm"]);
+
 export class CookieJar {
-  private cookies: Map<string, Record<string, string>> = new Map();
+  private cookies: Map<string, Record<string, StoredCookie>> = new Map();
   private persistTimer: ReturnType<typeof setTimeout> | null = null;
+  private cleanupTimer: ReturnType<typeof setInterval>;
 
   constructor() {
     this.load();
+    this.cleanupExpired();
+    // Clean up expired cookies every 5 minutes
+    this.cleanupTimer = setInterval(() => this.cleanupExpired(), 5 * 60 * 1000);
+    if (this.cleanupTimer.unref) this.cleanupTimer.unref();
   }
 
   /**
@@ -41,10 +62,12 @@ export class CookieJar {
         if (eq === -1) continue;
         const name = part.slice(0, eq).trim();
         const value = part.slice(eq + 1).trim();
-        if (name) existing[name] = value;
+        if (name) existing[name] = { value, expires: null };
       }
     } else {
-      Object.assign(existing, cookies);
+      for (const [k, v] of Object.entries(cookies)) {
+        existing[k] = { value: v, expires: null };
+      }
     }
 
     this.cookies.set(accountId, existing);
@@ -58,9 +81,13 @@ export class CookieJar {
   getCookieHeader(accountId: string): string | null {
     const cookies = this.cookies.get(accountId);
     if (!cookies || Object.keys(cookies).length === 0) return null;
-    return Object.entries(cookies)
-      .map(([k, v]) => `${k}=${v}`)
-      .join("; ");
+    const now = Date.now();
+    const pairs: string[] = [];
+    for (const [k, c] of Object.entries(cookies)) {
+      if (c.expires !== null && c.expires <= now) continue; // skip expired
+      pairs.push(`${k}=${c.value}`);
+    }
+    return pairs.length > 0 ? pairs.join("; ") : null;
   }
 
   /**
@@ -68,36 +95,11 @@ export class CookieJar {
    * Call this after every successful fetch to chatgpt.com.
    */
   capture(accountId: string, response: Response): void {
-    // getSetCookie() returns individual Set-Cookie header values
     const setCookies =
       typeof response.headers.getSetCookie === "function"
         ? response.headers.getSetCookie()
         : [];
-
-    if (setCookies.length === 0) return;
-
-    const existing = this.cookies.get(accountId) ?? {};
-    let changed = false;
-
-    for (const raw of setCookies) {
-      // Format: "name=value; Path=/; Domain=...; ..."
-      const semi = raw.indexOf(";");
-      const pair = semi === -1 ? raw : raw.slice(0, semi);
-      const eq = pair.indexOf("=");
-      if (eq === -1) continue;
-
-      const name = pair.slice(0, eq).trim();
-      const value = pair.slice(eq + 1).trim();
-      if (name && existing[name] !== value) {
-        existing[name] = value;
-        changed = true;
-      }
-    }
-
-    if (changed) {
-      this.cookies.set(accountId, existing);
-      this.schedulePersist();
-    }
+    this.captureRaw(accountId, setCookies);
   }
 
   /**
@@ -108,30 +110,65 @@ export class CookieJar {
 
     const existing = this.cookies.get(accountId) ?? {};
     let changed = false;
+    let hasCritical = false;
 
     for (const raw of setCookies) {
-      const semi = raw.indexOf(";");
-      const pair = semi === -1 ? raw : raw.slice(0, semi);
+      const parts = raw.split(";").map((s) => s.trim());
+      const pair = parts[0];
       const eq = pair.indexOf("=");
       if (eq === -1) continue;
 
       const name = pair.slice(0, eq).trim();
       const value = pair.slice(eq + 1).trim();
-      if (name && existing[name] !== value) {
-        existing[name] = value;
+      if (!name) continue;
+
+      // Parse expiry from attributes
+      let expires: number | null = null;
+      for (let i = 1; i < parts.length; i++) {
+        const attr = parts[i];
+        const attrLower = attr.toLowerCase();
+        if (attrLower.startsWith("max-age=")) {
+          const seconds = parseInt(attr.slice(8), 10);
+          if (!isNaN(seconds)) {
+            expires = seconds <= 0 ? 0 : Date.now() + seconds * 1000;
+          }
+          break; // Max-Age takes precedence over Expires
+        }
+        if (attrLower.startsWith("expires=")) {
+          const date = new Date(attr.slice(8));
+          if (!isNaN(date.getTime())) {
+            expires = date.getTime();
+          }
+        }
+      }
+
+      const prev = existing[name];
+      if (!prev || prev.value !== value || prev.expires !== expires) {
+        existing[name] = { value, expires };
         changed = true;
+        if (CRITICAL_COOKIES.has(name)) hasCritical = true;
       }
     }
 
     if (changed) {
       this.cookies.set(accountId, existing);
-      this.schedulePersist();
+      if (hasCritical) {
+        this.persistNow(); // Critical cookie — persist immediately
+      } else {
+        this.schedulePersist();
+      }
     }
   }
 
   /** Get raw cookie record for an account. */
   get(accountId: string): Record<string, string> | null {
-    return this.cookies.get(accountId) ?? null;
+    const cookies = this.cookies.get(accountId);
+    if (!cookies) return null;
+    const result: Record<string, string> = {};
+    for (const [k, c] of Object.entries(cookies)) {
+      result[k] = c.value;
+    }
+    return result;
   }
 
   /** Clear all cookies for an account. */
@@ -141,6 +178,21 @@ export class CookieJar {
     }
   }
 
+  /** Remove expired cookies from all accounts. */
+  private cleanupExpired(): void {
+    const now = Date.now();
+    let changed = false;
+    for (const [, cookies] of this.cookies) {
+      for (const [name, c] of Object.entries(cookies)) {
+        if (c.expires !== null && c.expires <= now) {
+          delete cookies[name];
+          changed = true;
+        }
+      }
+    }
+    if (changed) this.schedulePersist();
+  }
+
   // ── Persistence ──────────────────────────────────────────────────
 
   private schedulePersist(): void {
@@ -159,7 +211,15 @@ export class CookieJar {
     try {
       const dir = dirname(COOKIE_FILE);
       if (!existsSync(dir)) mkdirSync(dir, { recursive: true });
-      const data = Object.fromEntries(this.cookies);
+
+      // Persist v2 format with expiry info
+      const data: CookieFileV2 = { _version: 2, accounts: {} };
+      for (const [acct, cookies] of this.cookies) {
+        data.accounts[acct] = {};
+        for (const [k, c] of Object.entries(cookies)) {
+          data.accounts[acct][k] = { value: c.value, expires: c.expires };
+        }
+      }
       const tmpFile = COOKIE_FILE + ".tmp";
       writeFileSync(tmpFile, JSON.stringify(data, null, 2), "utf-8");
       renameSync(tmpFile, COOKIE_FILE);
@@ -172,10 +232,28 @@ export class CookieJar {
     try {
       if (!existsSync(COOKIE_FILE)) return;
       const raw = readFileSync(COOKIE_FILE, "utf-8");
-      const data = JSON.parse(raw) as Record<string, Record<string, string>>;
-      for (const [key, val] of Object.entries(data)) {
-        if (typeof val === "object" && val !== null) {
-          this.cookies.set(key, val);
+      const data = JSON.parse(raw);
+
+      if (data && data._version === 2 && data.accounts) {
+        // v2 format: { _version: 2, accounts: { acct: { name: { value, expires } } } }
+        for (const [acct, cookies] of Object.entries(data.accounts as Record<string, Record<string, { value: string; expires: number | null }>>)) {
+          const record: Record<string, StoredCookie> = {};
+          for (const [k, c] of Object.entries(cookies)) {
+            record[k] = { value: c.value, expires: c.expires ?? null };
+          }
+          this.cookies.set(acct, record);
+        }
+      } else {
+        // v1 format: { acct: { name: "value" } } (no expiry)
+        for (const [key, val] of Object.entries(data as Record<string, unknown>)) {
+          if (key === "_version") continue;
+          if (typeof val === "object" && val !== null) {
+            const record: Record<string, StoredCookie> = {};
+            for (const [k, v] of Object.entries(val as Record<string, string>)) {
+              record[k] = { value: v, expires: null };
+            }
+            this.cookies.set(key, record);
+          }
         }
       }
     } catch (err) {
@@ -188,6 +266,7 @@ export class CookieJar {
       clearTimeout(this.persistTimer);
       this.persistTimer = null;
     }
+    clearInterval(this.cleanupTimer);
     this.persistNow();
   }
 }

src/routes/accounts.ts

@@ -95,7 +95,12 @@ export function createAccountRoutes(
         try {
           const api = makeApi(acct.id, entry.token, entry.accountId);
           const usage = await api.getUsage();
-          return { ...acct, quota: toQuota(usage) };
+          // Sync rate limit window — auto-reset local counters on window rollover
+          const resetAt = usage.rate_limit.primary_window?.reset_at ?? null;
+          pool.syncRateLimitWindow(acct.id, resetAt);
+          // Re-read usage after potential reset
+          const freshAcct = pool.getAccounts().find((a) => a.id === acct.id) ?? acct;
+          return { ...freshAcct, quota: toQuota(usage) };
         } catch {
           return acct; // skip on error — no quota field
         }

src/routes/shared/proxy-handler.ts

@@ -157,6 +157,14 @@ export async function handleProxyRequest(
       );
       if (err.status === 429) {
         accountPool.markRateLimited(entryId);
+        // Note: markRateLimited releases the lock but does not increment
+        // request_count. We intentionally count 429s as requests for
+        // accurate load tracking across accounts.
+        const entry = accountPool.getEntry(entryId);
+        if (entry) {
+          entry.usage.request_count++;
+          entry.usage.last_used = new Date().toISOString();
+        }
         c.status(429);
         return c.json(fmt.format429(err.message));
       }

src/session/manager.ts

@@ -1,6 +1,8 @@
 import { createHash } from "crypto";
 import { getConfig } from "../config.js";
 
+const MAX_SESSIONS = 10000;
+
 interface Session {
   taskId: string;
   turnId: string;
@@ -69,6 +71,18 @@ export class SessionManager {
     messages: Array<{ role: string; content: string }>,
   ): void {
     const hash = this.hashMessages(messages);
+    // Evict oldest session if at capacity
+    if (this.sessions.size >= MAX_SESSIONS) {
+      let oldestKey: string | null = null;
+      let oldestTime = Infinity;
+      for (const [key, s] of this.sessions) {
+        if (s.createdAt < oldestTime) {
+          oldestTime = s.createdAt;
+          oldestKey = key;
+        }
+      }
+      if (oldestKey) this.sessions.delete(oldestKey);
+    }
     this.sessions.set(taskId, {
       taskId,
       turnId,

src/tls/curl-binary.ts

@@ -210,6 +210,15 @@ export function getProxyArgs(): string[] {
   return [];
 }
 
+/**
+ * Check if the resolved curl binary is curl-impersonate.
+ * When true, it supports br/zstd decompression natively.
+ */
+export function isImpersonate(): boolean {
+  resolveCurlBinary(); // ensure resolved
+  return _isImpersonate;
+}
+
 /**
  * Reset the cached binary path (useful for testing).
  */

src/tls/curl-fetch.ts

@@ -8,7 +8,8 @@
  */
 
 import { execFile } from "child_process";
-import { resolveCurlBinary, getChromeTlsArgs } from "./curl-binary.js";
+import { resolveCurlBinary, getChromeTlsArgs, getProxyArgs } from "./curl-binary.js";
+import { buildAnonymousHeaders } from "../fingerprint/manager.js";
 
 export interface CurlFetchResponse {
   status: number;
@@ -24,12 +25,23 @@ const STATUS_SEPARATOR = "\n__CURL_HTTP_STATUS__";
 export function curlFetchGet(url: string): Promise<CurlFetchResponse> {
   const args = [
     ...getChromeTlsArgs(),
+    ...getProxyArgs(),
     "-s", "-S",
     "--compressed",
     "--max-time", "30",
+  ];
+
+  // Inject fingerprint headers (User-Agent, sec-ch-ua, Accept-Encoding, etc.)
+  const fpHeaders = buildAnonymousHeaders();
+  for (const [key, value] of Object.entries(fpHeaders)) {
+    args.push("-H", `${key}: ${value}`);
+  }
+  args.push("-H", "Expect:");
+
+  args.push(
     "-w", STATUS_SEPARATOR + "%{http_code}",
     url,
-  ];
+  );
 
   return execCurl(args);
 }
@@ -44,15 +56,26 @@ export function curlFetchPost(
 ): Promise<CurlFetchResponse> {
   const args = [
     ...getChromeTlsArgs(),
+    ...getProxyArgs(),
     "-s", "-S",
     "--compressed",
     "--max-time", "30",
     "-X", "POST",
-    "-H", `Content-Type: ${contentType}`,
+  ];
+
+  // Inject fingerprint headers (User-Agent, sec-ch-ua, Accept-Encoding, etc.)
+  const fpHeaders = buildAnonymousHeaders();
+  for (const [key, value] of Object.entries(fpHeaders)) {
+    args.push("-H", `${key}: ${value}`);
+  }
+  args.push("-H", `Content-Type: ${contentType}`);
+  args.push("-H", "Expect:");
+
+  args.push(
     "-d", body,
     "-w", STATUS_SEPARATOR + "%{http_code}",
     url,
-  ];
+  );
 
   return execCurl(args);
 }

src/translation/codex-event-extractor.ts

@@ -0,0 +1,56 @@
+/**
+ * Shared Codex SSE event data extraction layer.
+ *
+ * The three translation files (OpenAI, Anthropic, Gemini) all extract
+ * the same data from Codex events — this module centralizes that logic.
+ */
+
+import type { CodexApi, CodexSSEEvent } from "../proxy/codex-api.js";
+import {
+  parseCodexEvent,
+  type TypedCodexEvent,
+} from "../types/codex-events.js";
+
+export interface UsageInfo {
+  input_tokens: number;
+  output_tokens: number;
+}
+
+export interface ExtractedEvent {
+  typed: TypedCodexEvent;
+  responseId?: string;
+  textDelta?: string;
+  usage?: UsageInfo;
+}
+
+/**
+ * Iterate over a Codex SSE stream, parsing + extracting common fields.
+ * Yields ExtractedEvent with pre-extracted responseId, textDelta, and usage.
+ */
+export async function* iterateCodexEvents(
+  codexApi: CodexApi,
+  rawResponse: Response,
+): AsyncGenerator<ExtractedEvent> {
+  for await (const raw of codexApi.parseStream(rawResponse)) {
+    const typed = parseCodexEvent(raw);
+    const extracted: ExtractedEvent = { typed };
+
+    switch (typed.type) {
+      case "response.created":
+      case "response.in_progress":
+        if (typed.response.id) extracted.responseId = typed.response.id;
+        break;
+
+      case "response.output_text.delta":
+        extracted.textDelta = typed.delta;
+        break;
+
+      case "response.completed":
+        if (typed.response.id) extracted.responseId = typed.response.id;
+        if (typed.response.usage) extracted.usage = typed.response.usage;
+        break;
+    }
+
+    yield extracted;
+  }
+}

src/translation/codex-to-anthropic.ts

@@ -15,6 +15,7 @@ import type {
   AnthropicMessagesResponse,
   AnthropicUsage,
 } from "../types/anthropic.js";
+import { iterateCodexEvents } from "./codex-event-extractor.js";
 
 export interface AnthropicUsageInfo {
   input_tokens: number;
@@ -64,37 +65,25 @@ export async function* streamCodexToAnthropic(
   });
 
   // 3. Process Codex stream events
-  for await (const evt of codexApi.parseStream(rawResponse)) {
-    const data = evt.data as Record<string, unknown>;
-
-    switch (evt.event) {
-      case "response.created":
-      case "response.in_progress": {
-        const resp = data.response as Record<string, unknown> | undefined;
-        if (resp?.id) {
-          onResponseId?.(resp.id as string);
-        }
-        break;
-      }
+  for await (const evt of iterateCodexEvents(codexApi, rawResponse)) {
+    if (evt.responseId) onResponseId?.(evt.responseId);
 
+    switch (evt.typed.type) {
       case "response.output_text.delta": {
-        const delta = (data.delta as string) ?? "";
-        if (delta) {
+        if (evt.textDelta) {
           yield formatSSE("content_block_delta", {
             type: "content_block_delta",
             index: 0,
-            delta: { type: "text_delta", text: delta },
+            delta: { type: "text_delta", text: evt.textDelta },
           });
         }
         break;
       }
 
       case "response.completed": {
-        const resp = data.response as Record<string, unknown> | undefined;
-        if (resp?.usage) {
-          const u = resp.usage as Record<string, number>;
-          inputTokens = u.input_tokens ?? 0;
-          outputTokens = u.output_tokens ?? 0;
+        if (evt.usage) {
+          inputTokens = evt.usage.input_tokens;
+          outputTokens = evt.usage.output_tokens;
           onUsage?.({ input_tokens: inputTokens, output_tokens: outputTokens });
         }
         break;
@@ -140,32 +129,12 @@ export async function collectCodexToAnthropicResponse(
   let outputTokens = 0;
   let responseId: string | null = null;
 
-  for await (const evt of codexApi.parseStream(rawResponse)) {
-    const data = evt.data as Record<string, unknown>;
-
-    switch (evt.event) {
-      case "response.created":
-      case "response.in_progress": {
-        const resp = data.response as Record<string, unknown> | undefined;
-        if (resp?.id) responseId = resp.id as string;
-        break;
-      }
-
-      case "response.output_text.delta": {
-        fullText += (data.delta as string) ?? "";
-        break;
-      }
-
-      case "response.completed": {
-        const resp = data.response as Record<string, unknown> | undefined;
-        if (resp?.id) responseId = resp.id as string;
-        if (resp?.usage) {
-          const u = resp.usage as Record<string, number>;
-          inputTokens = u.input_tokens ?? 0;
-          outputTokens = u.output_tokens ?? 0;
-        }
-        break;
-      }
+  for await (const evt of iterateCodexEvents(codexApi, rawResponse)) {
+    if (evt.responseId) responseId = evt.responseId;
+    if (evt.textDelta) fullText += evt.textDelta;
+    if (evt.usage) {
+      inputTokens = evt.usage.input_tokens;
+      outputTokens = evt.usage.output_tokens;
     }
   }
 

src/translation/codex-to-gemini.ts

@@ -14,6 +14,7 @@ import type {
   GeminiGenerateContentResponse,
   GeminiUsageMetadata,
 } from "../types/gemini.js";
+import { iterateCodexEvents } from "./codex-event-extractor.js";
 
 export interface GeminiUsageInfo {
   input_tokens: number;
@@ -34,27 +35,17 @@ export async function* streamCodexToGemini(
   let inputTokens = 0;
   let outputTokens = 0;
 
-  for await (const evt of codexApi.parseStream(rawResponse)) {
-    const data = evt.data as Record<string, unknown>;
-
-    switch (evt.event) {
-      case "response.created":
-      case "response.in_progress": {
-        const resp = data.response as Record<string, unknown> | undefined;
-        if (resp?.id) {
-          onResponseId?.(resp.id as string);
-        }
-        break;
-      }
+  for await (const evt of iterateCodexEvents(codexApi, rawResponse)) {
+    if (evt.responseId) onResponseId?.(evt.responseId);
 
+    switch (evt.typed.type) {
       case "response.output_text.delta": {
-        const delta = (data.delta as string) ?? "";
-        if (delta) {
+        if (evt.textDelta) {
           const chunk: GeminiGenerateContentResponse = {
             candidates: [
               {
                 content: {
-                  parts: [{ text: delta }],
+                  parts: [{ text: evt.textDelta }],
                   role: "model",
                 },
                 index: 0,
@@ -68,11 +59,9 @@ export async function* streamCodexToGemini(
       }
 
       case "response.completed": {
-        const resp = data.response as Record<string, unknown> | undefined;
-        if (resp?.usage) {
-          const u = resp.usage as Record<string, number>;
-          inputTokens = u.input_tokens ?? 0;
-          outputTokens = u.output_tokens ?? 0;
+        if (evt.usage) {
+          inputTokens = evt.usage.input_tokens;
+          outputTokens = evt.usage.output_tokens;
           onUsage?.({ input_tokens: inputTokens, output_tokens: outputTokens });
         }
 
@@ -120,32 +109,12 @@ export async function collectCodexToGeminiResponse(
   let outputTokens = 0;
   let responseId: string | null = null;
 
-  for await (const evt of codexApi.parseStream(rawResponse)) {
-    const data = evt.data as Record<string, unknown>;
-
-    switch (evt.event) {
-      case "response.created":
-      case "response.in_progress": {
-        const resp = data.response as Record<string, unknown> | undefined;
-        if (resp?.id) responseId = resp.id as string;
-        break;
-      }
-
-      case "response.output_text.delta": {
-        fullText += (data.delta as string) ?? "";
-        break;
-      }
-
-      case "response.completed": {
-        const resp = data.response as Record<string, unknown> | undefined;
-        if (resp?.id) responseId = resp.id as string;
-        if (resp?.usage) {
-          const u = resp.usage as Record<string, number>;
-          inputTokens = u.input_tokens ?? 0;
-          outputTokens = u.output_tokens ?? 0;
-        }
-        break;
-      }
+  for await (const evt of iterateCodexEvents(codexApi, rawResponse)) {
+    if (evt.responseId) responseId = evt.responseId;
+    if (evt.textDelta) fullText += evt.textDelta;
+    if (evt.usage) {
+      inputTokens = evt.usage.input_tokens;
+      outputTokens = evt.usage.output_tokens;
     }
   }
 

src/translation/codex-to-openai.ts

@@ -11,16 +11,14 @@
  */
 
 import { randomUUID } from "crypto";
-import type { CodexSSEEvent, CodexApi } from "../proxy/codex-api.js";
+import type { CodexApi } from "../proxy/codex-api.js";
 import type {
   ChatCompletionResponse,
   ChatCompletionChunk,
 } from "../types/openai.js";
+import { iterateCodexEvents, type UsageInfo } from "./codex-event-extractor.js";
 
-export interface UsageInfo {
-  input_tokens: number;
-  output_tokens: number;
-}
+export type { UsageInfo };
 
 /** Format an SSE chunk for streaming output */
 function formatSSE(chunk: ChatCompletionChunk): string {
@@ -41,7 +39,6 @@ export async function* streamCodexToOpenAI(
 ): AsyncGenerator<string> {
   const chunkId = `chatcmpl-${randomUUID().replace(/-/g, "").slice(0, 24)}`;
   const created = Math.floor(Date.now() / 1000);
-  let responseId: string | null = null;
 
   // Send initial role chunk
   yield formatSSE({
@@ -58,25 +55,12 @@ export async function* streamCodexToOpenAI(
     ],
   });
 
-  for await (const evt of codexApi.parseStream(rawResponse)) {
-    const data = evt.data as Record<string, unknown>;
-
-    switch (evt.event) {
-      case "response.created":
-      case "response.in_progress": {
-        // Extract response ID for headers and multi-turn
-        const resp = data.response as Record<string, unknown> | undefined;
-        if (resp?.id) {
-          responseId = resp.id as string;
-          onResponseId?.(responseId);
-        }
-        break;
-      }
+  for await (const evt of iterateCodexEvents(codexApi, rawResponse)) {
+    if (evt.responseId) onResponseId?.(evt.responseId);
 
+    switch (evt.typed.type) {
       case "response.output_text.delta": {
-        // Streaming text delta
-        const delta = (data.delta as string) ?? "";
-        if (delta) {
+        if (evt.textDelta) {
           yield formatSSE({
             id: chunkId,
             object: "chat.completion.chunk",
@@ -85,7 +69,7 @@ export async function* streamCodexToOpenAI(
             choices: [
               {
                 index: 0,
-                delta: { content: delta },
+                delta: { content: evt.textDelta },
                 finish_reason: null,
               },
             ],
@@ -95,18 +79,7 @@ export async function* streamCodexToOpenAI(
       }
 
       case "response.completed": {
-        // Extract and report usage
-        if (onUsage) {
-          const resp = data.response as Record<string, unknown> | undefined;
-          if (resp?.usage) {
-            const u = resp.usage as Record<string, number>;
-            onUsage({
-              input_tokens: u.input_tokens ?? 0,
-              output_tokens: u.output_tokens ?? 0,
-            });
-          }
-        }
-        // Send final chunk with finish_reason
+        if (evt.usage) onUsage?.(evt.usage);
         yield formatSSE({
           id: chunkId,
           object: "chat.completion.chunk",
@@ -122,8 +95,6 @@ export async function* streamCodexToOpenAI(
         });
         break;
       }
-
-      // Ignore other events (reasoning, content_part, output_item, etc.)
     }
   }
 
@@ -147,33 +118,12 @@ export async function collectCodexResponse(
   let completionTokens = 0;
   let responseId: string | null = null;
 
-  for await (const evt of codexApi.parseStream(rawResponse)) {
-    const data = evt.data as Record<string, unknown>;
-
-    switch (evt.event) {
-      case "response.created":
-      case "response.in_progress": {
-        const resp = data.response as Record<string, unknown> | undefined;
-        if (resp?.id) responseId = resp.id as string;
-        break;
-      }
-
-      case "response.output_text.delta": {
-        const delta = (data.delta as string) ?? "";
-        fullText += delta;
-        break;
-      }
-
-      case "response.completed": {
-        const resp = data.response as Record<string, unknown> | undefined;
-        if (resp?.id) responseId = resp.id as string;
-        if (resp?.usage) {
-          const usage = resp.usage as Record<string, number>;
-          promptTokens = usage.input_tokens ?? 0;
-          completionTokens = usage.output_tokens ?? 0;
-        }
-        break;
-      }
+  for await (const evt of iterateCodexEvents(codexApi, rawResponse)) {
+    if (evt.responseId) responseId = evt.responseId;
+    if (evt.textDelta) fullText += evt.textDelta;
+    if (evt.usage) {
+      promptTokens = evt.usage.input_tokens;
+      completionTokens = evt.usage.output_tokens;
     }
   }
 

src/types/codex-events.ts

@@ -0,0 +1,121 @@
+/**
+ * Type-safe Codex SSE event definitions and type guards.
+ *
+ * The Codex Responses API sends these SSE events during streaming.
+ * Using discriminated unions eliminates unsafe `as` casts in translators.
+ */
+
+import type { CodexSSEEvent } from "../proxy/codex-api.js";
+
+// ── Event data shapes ────────────────────────────────────────────
+
+export interface CodexResponseData {
+  id?: string;
+  usage?: {
+    input_tokens: number;
+    output_tokens: number;
+  };
+  [key: string]: unknown;
+}
+
+export interface CodexCreatedEvent {
+  type: "response.created";
+  response: CodexResponseData;
+}
+
+export interface CodexInProgressEvent {
+  type: "response.in_progress";
+  response: CodexResponseData;
+}
+
+export interface CodexTextDeltaEvent {
+  type: "response.output_text.delta";
+  delta: string;
+}
+
+export interface CodexTextDoneEvent {
+  type: "response.output_text.done";
+  text: string;
+}
+
+export interface CodexCompletedEvent {
+  type: "response.completed";
+  response: CodexResponseData;
+}
+
+export interface CodexUnknownEvent {
+  type: "unknown";
+  raw: unknown;
+}
+
+export type TypedCodexEvent =
+  | CodexCreatedEvent
+  | CodexInProgressEvent
+  | CodexTextDeltaEvent
+  | CodexTextDoneEvent
+  | CodexCompletedEvent
+  | CodexUnknownEvent;
+
+// ── Type guard / parser ──────────────────────────────────────────
+
+function isRecord(v: unknown): v is Record<string, unknown> {
+  return typeof v === "object" && v !== null && !Array.isArray(v);
+}
+
+function parseResponseData(data: unknown): CodexResponseData | undefined {
+  if (!isRecord(data)) return undefined;
+  const resp = data.response;
+  if (!isRecord(resp)) return undefined;
+  const result: CodexResponseData = {};
+  if (typeof resp.id === "string") result.id = resp.id;
+  if (isRecord(resp.usage)) {
+    result.usage = {
+      input_tokens: typeof resp.usage.input_tokens === "number" ? resp.usage.input_tokens : 0,
+      output_tokens: typeof resp.usage.output_tokens === "number" ? resp.usage.output_tokens : 0,
+    };
+  }
+  return result;
+}
+
+/**
+ * Parse a raw CodexSSEEvent into a typed event.
+ * Safely extracts fields with runtime checks — no `as` casts.
+ */
+export function parseCodexEvent(evt: CodexSSEEvent): TypedCodexEvent {
+  const data = evt.data;
+
+  switch (evt.event) {
+    case "response.created": {
+      const resp = parseResponseData(data);
+      return resp
+        ? { type: "response.created", response: resp }
+        : { type: "unknown", raw: data };
+    }
+    case "response.in_progress": {
+      const resp = parseResponseData(data);
+      return resp
+        ? { type: "response.in_progress", response: resp }
+        : { type: "unknown", raw: data };
+    }
+    case "response.output_text.delta": {
+      if (isRecord(data) && typeof data.delta === "string") {
+        return { type: "response.output_text.delta", delta: data.delta };
+      }
+      return { type: "unknown", raw: data };
+    }
+    case "response.output_text.done": {
+      if (isRecord(data) && typeof data.text === "string") {
+        return { type: "response.output_text.done", text: data.text };
+      }
+      return { type: "unknown", raw: data };
+    }
+    case "response.completed": {
+      const resp = parseResponseData(data);
+      return resp
+        ? { type: "response.completed", response: resp }
+        : { type: "unknown", raw: data };
+    }
+    default:
+      return { type: "unknown", raw: data };
+  }
+}

src/update-checker.ts

@@ -5,10 +5,12 @@
 
 import { readFileSync, writeFileSync, mkdirSync } from "fs";
 import { resolve } from "path";
+import { fork } from "child_process";
 import yaml from "js-yaml";
-import { mutateClientConfig } from "./config.js";
+import { mutateClientConfig, reloadAllConfigs } from "./config.js";
 import { jitterInt } from "./utils/jitter.js";
 import { curlFetchGet } from "./tls/curl-fetch.js";
+import { mutateYaml } from "./utils/yaml-mutate.js";
 
 const CONFIG_PATH = resolve(process.cwd(), "config/default.yaml");
 const STATE_PATH = resolve(process.cwd(), "data/update-state.json");
@@ -27,6 +29,7 @@ export interface UpdateState {
 
 let _currentState: UpdateState | null = null;
 let _pollTimer: ReturnType<typeof setTimeout> | null = null;
+let _updateInProgress = false;
 
 function loadCurrentConfig(): { app_version: string; build_number: string } {
   const raw = yaml.load(readFileSync(CONFIG_PATH, "utf-8")) as Record<string, unknown>;
@@ -61,13 +64,71 @@ function parseAppcast(xml: string): {
 }
 
 function applyVersionUpdate(version: string, build: string): void {
-  let content = readFileSync(CONFIG_PATH, "utf-8");
-  content = content.replace(/app_version:\s*"[^"]+"/, `app_version: "${version}"`);
-  content = content.replace(/build_number:\s*"[^"]+"/, `build_number: "${build}"`);
-  writeFileSync(CONFIG_PATH, content, "utf-8");
+  mutateYaml(CONFIG_PATH, (data: any) => {
+    data.client.app_version = version;
+    data.client.build_number = build;
+  });
   mutateClientConfig({ app_version: version, build_number: build });
 }
 
+/**
+ * Trigger the full-update pipeline in a background child process.
+ * Downloads new Codex.app, extracts fingerprint, and applies config updates.
+ * Protected by a lock to prevent concurrent runs.
+ */
+function triggerFullUpdate(): void {
+  if (_updateInProgress) {
+    console.log("[UpdateChecker] Full update already in progress, skipping");
+    return;
+  }
+  _updateInProgress = true;
+  console.log("[UpdateChecker] Triggering full-update pipeline...");
+
+  const child = fork(
+    resolve(process.cwd(), "scripts/full-update.ts"),
+    ["--force"],
+    {
+      execArgv: ["--import", "tsx"],
+      stdio: "pipe",
+      cwd: process.cwd(),
+    },
+  );
+
+  let output = "";
+  child.stdout?.on("data", (chunk: Buffer) => {
+    output += chunk.toString();
+  });
+  child.stderr?.on("data", (chunk: Buffer) => {
+    output += chunk.toString();
+  });
+
+  child.on("exit", (code) => {
+    _updateInProgress = false;
+    if (code === 0) {
+      console.log("[UpdateChecker] Full update completed. Reloading config...");
+      try {
+        reloadAllConfigs();
+      } catch (err) {
+        console.error("[UpdateChecker] Failed to reload config after update:", err instanceof Error ? err.message : err);
+      }
+    } else {
+      console.warn(`[UpdateChecker] Full update exited with code ${code}`);
+      if (output) {
+        // Log last few lines for debugging
+        const lines = output.trim().split("\n").slice(-5);
+        for (const line of lines) {
+          console.warn(`[UpdateChecker]   ${line}`);
+        }
+      }
+    }
+  });
+
+  child.on("error", (err) => {
+    _updateInProgress = false;
+    console.error("[UpdateChecker] Failed to spawn full-update:", err.message);
+  });
+}
+
 export async function checkForUpdate(): Promise<UpdateState> {
   const current = loadCurrentConfig();
   const res = await curlFetchGet(APPCAST_URL);
@@ -109,6 +170,9 @@ export async function checkForUpdate(): Promise<UpdateState> {
     state.current_build = build!;
     state.update_available = false;
     console.log(`[UpdateChecker] Auto-applied: v${version} (build ${build})`);
+
+    // Trigger full-update pipeline in background (download + fingerprint extraction)
+    triggerFullUpdate();
   }
 
   return state;

src/utils/yaml-mutate.ts

@@ -0,0 +1,22 @@
+/**
+ * Structured YAML file mutation — parse, mutate, write back.
+ *
+ * Avoids fragile regex-based replacements.
+ * Note: js-yaml.dump() does not preserve comments.
+ */
+
+import { readFileSync, writeFileSync, renameSync } from "fs";
+import yaml from "js-yaml";
+
+/**
+ * Load a YAML file, apply a mutator function, and atomically write it back.
+ * Uses tmp-file + rename for crash safety.
+ */
+export function mutateYaml(filePath: string, mutator: (data: any) => void): void {
+  const raw = readFileSync(filePath, "utf-8");
+  const data = yaml.load(raw);
+  mutator(data);
+  const tmp = filePath + ".tmp";
+  writeFileSync(tmp, yaml.dump(data, { lineWidth: -1, quotingType: '"' }), "utf-8");
+  renameSync(tmp, filePath);
+}