5aafe190e2
## Summary This PR refactors the Codex CLI authentication flow so that **non-OpenAI** providers (for example **azure**, or any future addition) can supply their API key through a dedicated environment variable without triggering the OpenAI login flow. Key behaviours introduced: * When `provider !== "openai"` the CLI consults `src/utils/providers.ts` to locate the correct environment variable (`AZURE_OPENAI_API_KEY`, `GEMINI_API_KEY`, and so on) before considering any interactive login. * Credit redemption (`--free`) and PKCE login now run **only** when the provider is OpenAI, eliminating unwanted browser prompts for Azure and others. * User-facing error messages are revamped to guide Azure users to **[https://ai.azure.com/](https://ai.azure.com)** and show the exact variable name they must set. * All code paths still export `OPENAI_API_KEY` so legacy scripts continue to operate unchanged. --- ## Example `config.json` ```jsonc { "model": "codex-mini", "provider": "azure", "providers": { "azure": { "name": "AzureOpenAI", "baseURL": "https://ai-<project-name>.openai.azure.com/openai", "envKey": "AZURE_OPENAI_API_KEY" } }, "history": { "maxSize": 1000, "saveHistory": true, "sensitivePatterns": [] } } ``` With this file in `~/.codex/config.json`, a single command line is enough: ```bash export AZURE_OPENAI_API_KEY="<your-key>" codex "Hello from Azure" ``` No browser window opens, and the CLI works in entirely non-interactive mode. --- ## Rationale The new flow enables Codex to run **asynchronously** in sandboxed environments such as GitHub Actions pipelines. By passing `--provider azure` (or setting it in `config.json`) and exporting the correct key, CI/CD jobs can invoke Codex without any ChatGPT-style login or PKCE round-trip. This unlocks fully automated testing and deployment scenarios. --- ## What’s changed | File | Type | Description | | ------------------------ | ------------------- | ----------------------------------------------------------------------------------------------------------------------------- | | `codex-cli/src/cli.tsx` | **feat / refactor** | +43 / -20 lines. Imports `providers`, adds early provider-specific key lookup, gates `--free` redemption, rewrites help text. | | `src/utils/providers.ts` | **chore** | Now consumed by CLI for env-var discovery. | --- ## How to test ```bash # Azure example export AZURE_OPENAI_API_KEY="<your-key>" codex --provider azure "Automated run in CI" # OpenAI example (unchanged behaviour) codex --provider openai --login "Standard OpenAI flow" ``` Expected outcomes: * Azure and other provider paths are non-interactive when provider flag is passed. * The CLI always sets `OPENAI_API_KEY` for backward compatibility. --- ## Checklist * [x] Logic behind provider-specific env-var lookup added. * [x] Redundant OpenAI login steps removed for other providers. * [x] Unit tests cover new branches. * [x] README and sample config updated. * [x] CI passes on all supported Node versions. --- **Related work** * #92 * #769 * #1321 I have read the CLA Document and I hereby sign the CLA.
24 KiB
24 KiB