8924b75e91
CRITICAL: api_key 'ClauderAPI2' was committed to PUBLIC unlimitedcoding repo (private:False on gitea) in 4 *_config.json + 8 ps1 scripts. Anyone on the internet could read it via curl with no auth (HTTP 200 raw access). This commit: 1. Sanitizes 4 *_config.json: api_key → "YOUR_API_KEY" + _note pointing users to private config repo for production credentials. 2. Removes 'ClauderAPI2' literal from 8 ps1 installer/updater scripts (claude/codex/gemini/qwen × install/update). Each script now has a sanitized block at top that fetches api_key from private unlimitedcoding-config repo at runtime via Authorization token. 3. Switches 6 sh installer scripts from public REPO_RAW to PRIVATE unlimitedcoding-config base URL for *_config.json downloads. 4. Removes stale .patcher.config.cache.json (will regen on next install). Production configs MOVED to private repo (separate commit e839102 on unlimitedcoding-config/main). KNOWN UNCHANGED: - releases/v2.1.119/sea/cli-wrapper.cjs still has api_key (part of npm package distribution; clients need it locally; sensey serves same). - Read-only gitea token (cadffcb0...) remains in installers — needed for token-auth fetch from private repo. Scoped read-only. RECOMMEND: api_key rotation in proxy auth list because ClauderAPI2 was publicly exposed for an unknown period. Existing client installs would need re-install or env override. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
378 lines
15 KiB
PowerShell
378 lines
15 KiB
PowerShell
# Codex CLI - Windows Installer
|
|
# Usage: powershell -ExecutionPolicy Bypass -File codex\ucodex_install.ps1
|
|
#
|
|
# Downloads Codex CLI binary from GitHub, applies config patches.
|
|
# Codex is a compiled Rust binary (not npm).
|
|
|
|
$ErrorActionPreference = "Continue"
|
|
|
|
Write-Host ""
|
|
Write-Host " +--------------------------------------+" -ForegroundColor Cyan
|
|
Write-Host " | Codex CLI -- Windows Installer |" -ForegroundColor Cyan
|
|
Write-Host " +--------------------------------------+" -ForegroundColor Cyan
|
|
Write-Host ""
|
|
|
|
# >>> sanitized: api_key from private config <<<
|
|
$configToken = "cadffcb0a6a3be728ac1ff619bb40c86588f6837"
|
|
$configUrl = "https://git.sensey24.ru/aibot777/unlimitedcoding-config/raw/branch/main/codex_config.json"
|
|
$apiKey = $env:UCLAUDE_API_KEY # respect override
|
|
if (-not $apiKey) {
|
|
try {
|
|
$resp = Invoke-WebRequest -UseBasicParsing -Uri $configUrl -Headers @{Authorization = "token $configToken"} -TimeoutSec 15
|
|
$cfg = $resp.Content | ConvertFrom-Json
|
|
if ($cfg.api_key) { $apiKey = $cfg.api_key }
|
|
} catch { Write-Warning "Config fetch failed; set `$env:UCLAUDE_API_KEY manually" }
|
|
}
|
|
# <<< end sanitized >>>
|
|
|
|
|
|
# ---- Helpers ----
|
|
|
|
function Test-Command($cmd) {
|
|
return [bool](Get-Command $cmd -ErrorAction SilentlyContinue)
|
|
}
|
|
|
|
function Refresh-Path {
|
|
$env:Path = [System.Environment]::GetEnvironmentVariable("Path", "Machine") + ";" +
|
|
[System.Environment]::GetEnvironmentVariable("Path", "User")
|
|
}
|
|
|
|
# ---- Check prerequisites ----
|
|
|
|
# Python 3.11+ (for tomllib) - optional, fallback to PowerShell patching
|
|
$pyCmd = $null
|
|
foreach ($candidate in @("python3", "python")) {
|
|
if (Test-Command $candidate) {
|
|
try {
|
|
$pyVer = & $candidate -c "import sys; print(f'{sys.version_info.major}.{sys.version_info.minor}')" 2>$null
|
|
$parts = $pyVer -split '\.'
|
|
if ([int]$parts[0] -ge 3 -and [int]$parts[1] -ge 11) {
|
|
$pyCmd = $candidate
|
|
break
|
|
}
|
|
} catch {}
|
|
}
|
|
}
|
|
|
|
if (-not $pyCmd) {
|
|
Write-Host " Python 3.11+ not found, will use PowerShell fallback for patching" -ForegroundColor Yellow
|
|
}
|
|
|
|
# curl (usually built into Windows 10+)
|
|
if (-not (Test-Command "curl.exe") -and -not (Test-Command "curl")) {
|
|
Write-Host " curl not found. Using Invoke-WebRequest fallback." -ForegroundColor Yellow
|
|
}
|
|
|
|
# ---- Download Codex binary ----
|
|
|
|
Write-Host " Checking latest Codex version..." -ForegroundColor Cyan
|
|
$githubApi = "https://api.github.com/repos/openai/codex/releases/latest"
|
|
|
|
try {
|
|
$release = Invoke-RestMethod -Uri $githubApi -UseBasicParsing -TimeoutSec 15
|
|
$tagName = $release.tag_name
|
|
$latestVersion = ($tagName -replace '^rust-v', '')
|
|
Write-Host " Latest version: $latestVersion" -ForegroundColor Green
|
|
} catch {
|
|
Write-Host " Could not fetch latest version from GitHub." -ForegroundColor Red
|
|
Write-Host " Check: https://github.com/openai/codex/releases" -ForegroundColor Yellow
|
|
exit 1
|
|
}
|
|
|
|
# Check if already installed and up to date
|
|
$currentVersion = ""
|
|
if (Test-Command "codex") {
|
|
try {
|
|
$verOut = codex --version 2>$null
|
|
$currentVersion = [regex]::Match($verOut, '\d+\.\d+\.\d+').Value
|
|
} catch {}
|
|
}
|
|
|
|
if ($currentVersion -eq $latestVersion) {
|
|
Write-Host " Codex v$currentVersion already installed and up to date" -ForegroundColor Green
|
|
} else {
|
|
if ($currentVersion) {
|
|
Write-Host " Updating: $currentVersion -> $latestVersion" -ForegroundColor Yellow
|
|
} else {
|
|
Write-Host " Installing Codex v$latestVersion..." -ForegroundColor Cyan
|
|
}
|
|
|
|
# Determine architecture
|
|
$arch = if ([System.Environment]::Is64BitOperatingSystem) { "x86_64" } else { "aarch64" }
|
|
$binarySuffix = "$arch-pc-windows-msvc"
|
|
$downloadUrl = "https://github.com/openai/codex/releases/download/rust-v$latestVersion/codex-$binarySuffix.exe"
|
|
|
|
Write-Host " Downloading: codex-$binarySuffix.exe" -ForegroundColor Cyan
|
|
$tempDir = Join-Path $env:TEMP "codex-install-$(Get-Random)"
|
|
New-Item -ItemType Directory -Force -Path $tempDir | Out-Null
|
|
$exeFile = Join-Path $tempDir "codex.exe"
|
|
|
|
try {
|
|
Invoke-WebRequest -Uri $downloadUrl -OutFile $exeFile -UseBasicParsing
|
|
} catch {
|
|
Write-Host " Direct exe download failed, trying zip..." -ForegroundColor Yellow
|
|
$zipUrl = "$downloadUrl.zip"
|
|
$zipFile = Join-Path $tempDir "codex.zip"
|
|
try {
|
|
Invoke-WebRequest -Uri $zipUrl -OutFile $zipFile -UseBasicParsing
|
|
Expand-Archive -Path $zipFile -DestinationPath $tempDir -Force
|
|
$found = Get-ChildItem -Path $tempDir -Recurse -Filter "codex*.exe" | Where-Object { $_.Name -notlike "*setup*" -and $_.Name -notlike "*proxy*" -and $_.Name -notlike "*runner*" } | Select-Object -First 1
|
|
if ($found) { Copy-Item $found.FullName $exeFile -Force }
|
|
} catch {
|
|
Write-Host " Download failed. Check https://github.com/openai/codex/releases" -ForegroundColor Red
|
|
Remove-Item -Recurse -Force $tempDir -ErrorAction SilentlyContinue
|
|
exit 1
|
|
}
|
|
}
|
|
|
|
if (-not (Test-Path $exeFile)) {
|
|
Write-Host " Binary not found after download" -ForegroundColor Red
|
|
Remove-Item -Recurse -Force $tempDir -ErrorAction SilentlyContinue
|
|
exit 1
|
|
}
|
|
|
|
# Install to user-accessible location
|
|
$installDir = "$env:LOCALAPPDATA\Programs\codex"
|
|
New-Item -ItemType Directory -Force -Path $installDir | Out-Null
|
|
$destPath = Join-Path $installDir "codex.exe"
|
|
|
|
# Kill running codex processes
|
|
Get-Process -Name "codex" -ErrorAction SilentlyContinue | Stop-Process -Force
|
|
|
|
Copy-Item -Path $exeFile -Destination $destPath -Force
|
|
Write-Host " Installed: $destPath" -ForegroundColor Green
|
|
|
|
# Add to PATH if not already there
|
|
$userPath = [System.Environment]::GetEnvironmentVariable("Path", "User")
|
|
if ($userPath -notlike "*$installDir*") {
|
|
[System.Environment]::SetEnvironmentVariable("Path", "$userPath;$installDir", "User")
|
|
$env:Path = "$env:Path;$installDir"
|
|
Write-Host " Added to PATH: $installDir" -ForegroundColor Green
|
|
}
|
|
|
|
Remove-Item -Recurse -Force $tempDir -ErrorAction SilentlyContinue
|
|
Refresh-Path
|
|
|
|
# Verify
|
|
try {
|
|
$newVer = codex --version 2>$null
|
|
Write-Host " Codex installed: $newVer" -ForegroundColor Green
|
|
} catch {
|
|
Write-Host " Binary installed but could not verify version" -ForegroundColor Yellow
|
|
}
|
|
}
|
|
|
|
# ---- Clean up broken config from previous runs ----
|
|
# Codex stores config in ~/.codex/ (= %USERPROFILE%\.codex\)
|
|
$codexConfigDir = "$env:USERPROFILE\.codex"
|
|
$codexConfigFile = "$codexConfigDir\config.toml"
|
|
if (Test-Path $codexConfigFile) {
|
|
$existingContent = Get-Content $codexConfigFile -Raw -ErrorAction SilentlyContinue
|
|
$needsCleanup = $false
|
|
|
|
# Check 1: broken TOML with dotted model keys (gpt-5.4 parsed as gpt-5 -> 4)
|
|
if ($existingContent -match "gpt-5\s*=" -and $existingContent -match "\{.*:") {
|
|
Write-Host " Detected broken TOML (dotted key bug)" -ForegroundColor Yellow
|
|
$needsCleanup = $true
|
|
}
|
|
|
|
# Check 2: config will be regenerated anyway by patcher below
|
|
|
|
if ($needsCleanup) {
|
|
Write-Host " Removing broken config.toml..." -ForegroundColor Yellow
|
|
Remove-Item $codexConfigFile -Force -ErrorAction SilentlyContinue
|
|
}
|
|
}
|
|
|
|
# Clean up old-format model_catalog.json (bare array instead of {models:[...]})
|
|
$staleCatalog = "$codexConfigDir\model_catalog.json"
|
|
if (Test-Path $staleCatalog) {
|
|
$catContent = Get-Content $staleCatalog -Raw -ErrorAction SilentlyContinue
|
|
if ($catContent -and $catContent.TrimStart().StartsWith("[")) {
|
|
Remove-Item $staleCatalog -Force -ErrorAction SilentlyContinue
|
|
Write-Host " Removed old-format model_catalog.json (wrong structure)" -ForegroundColor Yellow
|
|
}
|
|
}
|
|
|
|
# ---- Apply patches ----
|
|
|
|
if ($pyCmd) {
|
|
# Python available - use full patcher
|
|
Write-Host " Downloading patcher..." -ForegroundColor Cyan
|
|
$patchDir = Join-Path $env:TEMP "codex-patcher-$(Get-Random)"
|
|
New-Item -ItemType Directory -Force -Path $patchDir | Out-Null
|
|
|
|
$repoRaw = "https://git.sensey24.ru/aibot777/unlimitedcoding/raw/branch/master/codex"
|
|
$token = "cadffcb0a6a3be728ac1ff619bb40c86588f6837"
|
|
$headers = @{ "Authorization" = "token $token" }
|
|
|
|
try {
|
|
Invoke-WebRequest -Uri "$repoRaw/codex_patcher.py" -OutFile "$patchDir\codex_patcher.py" -UseBasicParsing -Headers $headers
|
|
Invoke-WebRequest -Uri "$repoRaw/codex_config.json" -OutFile "$patchDir\codex_config.json" -UseBasicParsing -Headers $headers
|
|
Write-Host " Patcher downloaded" -ForegroundColor Green
|
|
} catch {
|
|
try {
|
|
Invoke-WebRequest -Uri "$repoRaw/codex_patcher.py" -OutFile "$patchDir\codex_patcher.py" -UseBasicParsing
|
|
Invoke-WebRequest -Uri "$repoRaw/codex_config.json" -OutFile "$patchDir\codex_config.json" -UseBasicParsing
|
|
Write-Host " Patcher downloaded (no auth)" -ForegroundColor Green
|
|
} catch {
|
|
Write-Host " Patcher download failed, using PowerShell fallback" -ForegroundColor Yellow
|
|
$pyCmd = $null
|
|
}
|
|
}
|
|
|
|
if ($pyCmd) {
|
|
Write-Host " Applying patches..." -ForegroundColor Cyan
|
|
& $pyCmd "$patchDir\codex_patcher.py" --apply --config "$patchDir\codex_config.json"
|
|
if ($LASTEXITCODE -ne 0) {
|
|
Write-Host " Patcher returned exit code $LASTEXITCODE, using PowerShell fallback" -ForegroundColor Yellow
|
|
$pyCmd = $null
|
|
} else {
|
|
Write-Host " Patches applied" -ForegroundColor Green
|
|
}
|
|
}
|
|
Remove-Item -Recurse -Force $patchDir -ErrorAction SilentlyContinue
|
|
}
|
|
|
|
if (-not $pyCmd) {
|
|
# PowerShell fallback - generate config.toml directly
|
|
Write-Host " Applying patches (PowerShell)..." -ForegroundColor Cyan
|
|
|
|
# Codex reads config from ~/.codex/ (NOT %APPDATA%\codex\)
|
|
$configDir = "$env:USERPROFILE\.codex"
|
|
New-Item -ItemType Directory -Force -Path $configDir | Out-Null
|
|
$configToml = Join-Path $configDir "config.toml"
|
|
|
|
# Remove old broken config if exists
|
|
if (Test-Path $configToml) {
|
|
Remove-Item $configToml -Force -ErrorAction SilentlyContinue
|
|
}
|
|
|
|
# Generate model catalog (Codex internal format)
|
|
$catalogFile = Join-Path $configDir "model_catalog.json"
|
|
$catalogPath = $catalogFile -replace '\\', '/'
|
|
|
|
$modelTemplate = @{
|
|
prefer_websockets = $false
|
|
support_verbosity = $true
|
|
default_verbosity = "low"
|
|
apply_patch_tool_type = "freeform"
|
|
input_modalities = @("text", "image")
|
|
supports_image_detail_original = $true
|
|
truncation_policy = @{ mode = "tokens"; limit = 10000 }
|
|
supports_parallel_tool_calls = $true
|
|
context_window = 272000
|
|
default_reasoning_summary = "none"
|
|
shell_type = "shell_command"
|
|
visibility = "list"
|
|
supported_in_api = $true
|
|
availability_nux = $null
|
|
upgrade = $null
|
|
base_instructions = ""
|
|
model_messages = $null
|
|
experimental_supported_tools = @()
|
|
supports_reasoning_summaries = $true
|
|
supported_reasoning_levels = @(
|
|
@{ effort = "low"; description = "Fast responses with lighter reasoning" }
|
|
@{ effort = "medium"; description = "Balances speed and reasoning depth" }
|
|
@{ effort = "high"; description = "Greater reasoning depth for complex problems" }
|
|
@{ effort = "xhigh"; description = "Extra high reasoning depth" }
|
|
)
|
|
default_reasoning_level = "medium"
|
|
}
|
|
|
|
$modelSlugs = @("gpt-5.4", "gpt-5.3-codex-spark", "gpt-5.3-codex", "gpt-5.3", "gpt-5.2-codex")
|
|
$catalogModels = @()
|
|
$pri = 0
|
|
foreach ($slug in $modelSlugs) {
|
|
$entry = $modelTemplate.Clone()
|
|
$entry["slug"] = $slug
|
|
$entry["display_name"] = $slug
|
|
$entry["description"] = "Model $slug"
|
|
$entry["priority"] = $pri
|
|
$catalogModels += $entry
|
|
$pri++
|
|
}
|
|
$catalog = @{ models = $catalogModels }
|
|
$catalogJsonStr = $catalog | ConvertTo-Json -Depth 5 -Compress
|
|
[System.IO.File]::WriteAllText($catalogFile, $catalogJsonStr)
|
|
Write-Host " model_catalog.json created ($($modelSlugs.Count) models)" -ForegroundColor Green
|
|
|
|
$tomlContent = @"
|
|
model = "gpt-5.4"
|
|
model_reasoning_effort = "xhigh"
|
|
model_provider = "custom"
|
|
model_catalog_json = "$catalogPath"
|
|
approval_policy = "never"
|
|
sandbox_mode = "danger-full-access"
|
|
check_for_update_on_startup = false
|
|
forced_login_method = "api"
|
|
|
|
[analytics]
|
|
enabled = false
|
|
|
|
[model_providers.custom]
|
|
name = "custom"
|
|
base_url = "https://ai.37-187-136-86.sslip.io/v1"
|
|
env_key = "OPENAI_API_KEY"
|
|
wire_api = "responses"
|
|
|
|
[notice]
|
|
[notice.model_migrations]
|
|
"gpt-5.4" = "done"
|
|
"gpt-5.3-codex-spark" = "done"
|
|
"gpt-5.3-codex" = "done"
|
|
"gpt-5.3" = "done"
|
|
"gpt-5.2-codex" = "done"
|
|
"@
|
|
|
|
[System.IO.File]::WriteAllText($configToml, $tomlContent)
|
|
Write-Host " config.toml created: $configToml" -ForegroundColor Green
|
|
|
|
# Set env vars via setx
|
|
& setx OPENAI_API_KEY $apiKey 2>$null | Out-Null
|
|
& setx OPENAI_BASE_URL "https://ai.37-187-136-86.sslip.io/v1" 2>$null | Out-Null
|
|
Write-Host " Env vars set via setx" -ForegroundColor Green
|
|
}
|
|
|
|
# ---- Configure environment variables ----
|
|
|
|
Write-Host " Setting environment variables..." -ForegroundColor Cyan
|
|
[System.Environment]::SetEnvironmentVariable("OPENAI_API_KEY", $apiKey, "User")
|
|
[System.Environment]::SetEnvironmentVariable("OPENAI_BASE_URL", "https://ai.37-187-136-86.sslip.io/v1", "User")
|
|
$env:OPENAI_API_KEY = $apiKey
|
|
$env:OPENAI_BASE_URL = "https://ai.37-187-136-86.sslip.io/v1"
|
|
Write-Host " Env vars set (OPENAI_API_KEY, OPENAI_BASE_URL)" -ForegroundColor Green
|
|
|
|
# ---- Verify ----
|
|
|
|
Write-Host ""
|
|
Write-Host " Verifying..." -ForegroundColor Cyan
|
|
Refresh-Path
|
|
|
|
try {
|
|
$result = & codex exec "Reply with just the number 42" 2>&1 | Out-String
|
|
if ($result -match "42") {
|
|
Write-Host ""
|
|
Write-Host " Codex CLI installed and patched!" -ForegroundColor Green
|
|
Write-Host ""
|
|
Write-Host " Usage:"
|
|
Write-Host " codex # interactive mode"
|
|
Write-Host " codex exec `"Your prompt`" # single prompt"
|
|
Write-Host ""
|
|
Write-Host " Models:"
|
|
Write-Host " gpt-5.4, gpt-5.3-codex-spark"
|
|
Write-Host " gpt-5.3-codex, gpt-5.2-codex"
|
|
} else {
|
|
Write-Host " Patches applied but test prompt did not return expected result." -ForegroundColor Yellow
|
|
Write-Host " Try: codex exec `"Hello`"" -ForegroundColor Yellow
|
|
}
|
|
} catch {
|
|
Write-Host " Could not run test. Try: codex exec `"Hello`"" -ForegroundColor Yellow
|
|
}
|
|
|
|
Write-Host ""
|
|
Write-Host " NOTE: If 'codex' is not recognized, restart PowerShell or run:" -ForegroundColor Yellow
|
|
Write-Host ' $env:Path = [System.Environment]::GetEnvironmentVariable("Path","Machine") + ";" + [System.Environment]::GetEnvironmentVariable("Path","User")' -ForegroundColor Yellow
|
|
Write-Host ""
|