fix: use accounts endpoint for account metadata

[Loongphy]

Summary

• Replace the legacy ChatGPT account metadata endpoint with GET /backend-api/accounts.
• Route all API refresh requests through curl with no Node fetch fallback; missing curl now reports CurlRequired / curl is required....
• Remove the old Node transport leftovers, including Node output parsing, Node proxy support checks, fake-node test binary, and Node-named API exports.
• Parse workspace metadata from items[].id and items[].name; treat empty or unusable items responses as no-op so stored names are left unchanged.
• Keep the transparent codex-auth/<version> User-Agent and document CODEX_AUTH_CURL_EXECUTABLE.

Verification

• HOME=/tmp/codex-auth-curl zig build --build-file /coding/codex-auth/build.zig --cache-dir /tmp/codex-auth-curl/zig-cache --global-cache-dir /tmp/codex-auth-curl/zig-global-cache --prefix /tmp/codex-auth-curl/zig-out test
• HOME=/tmp/codex-auth-curl zig build --build-file /coding/codex-auth/build.zig --cache-dir /tmp/codex-auth-curl/zig-cache --global-cache-dir /tmp/codex-auth-curl/zig-global-cache --prefix /tmp/codex-auth-curl/zig-out run -- list
• zig build run -- list against the local Business/Plus auth setup returned successfully.

Notes

• Local Business account probe: curl returned HTTP 200 for /backend-api/accounts with both codex-auth/<version> and codex-cli UAs, while Node fetch returned Cloudflare 403 unless using a browser User-Agent. This PR intentionally does not spoof browser or Codex CLI identity.
• Latest pushed commits include [skip ci], so GitHub did not schedule new status checks for those pushes.

[pkg-pr-new]

Open in StackBlitz

@loongphy/codex-auth-darwin-arm64

npx https://pkg.pr.new/@loongphy/codex-auth-darwin-arm64@99d5160

@loongphy/codex-auth-darwin-x64

npx https://pkg.pr.new/@loongphy/codex-auth-darwin-x64@99d5160

@loongphy/codex-auth-linux-arm64

npx https://pkg.pr.new/@loongphy/codex-auth-linux-arm64@99d5160

@loongphy/codex-auth-linux-x64

npx https://pkg.pr.new/@loongphy/codex-auth-linux-x64@99d5160

@loongphy/codex-auth-win32-arm64

npx https://pkg.pr.new/@loongphy/codex-auth-win32-arm64@99d5160

@loongphy/codex-auth-win32-x64

npx https://pkg.pr.new/@loongphy/codex-auth-win32-x64@99d5160

@loongphy/codex-auth

npx https://pkg.pr.new/@loongphy/codex-auth@99d5160

commit: 99d5160

[greptile-apps]

Greptile Summary

This PR replaces the legacy Node.js-based HTTP layer with curl for all outbound ChatGPT API calls, and migrates the account metadata endpoint from accounts/check/v4-2023-04-27 to GET /backend-api/accounts, parsing workspace identity from items[].id and items[].name.

• HTTP transport swap: All three outbound call patterns (single GET, Bearer GET, batch GET) now spawn curl as a child process instead of a Node.js script, with proxy configured via maybeConfigureCurlProxy and output parsed from the \ %{http_code} write-out format.
• Account parser update: parseAccountsResponse is rewritten to traverse the items array; empty items or an all-invalid items array both return null (no-op), and a new post-loop guard (if (entries.items.len == 0) return null) was added to handle the all-invalid case that was flagged in the prior review.
• Concurrency dropped: runCurlGetJsonBatchCommand processes requests serially rather than concurrently — max_concurrency is accepted but silently ignored (_ = max_concurrency) — which is a behavioral regression from the prior Node.js batch implementation.

Confidence Score: 5/5

Safe to merge; the curl migration is well-scoped, the account parser is correct, and the previously-flagged guard for all-invalid items has been added.

The account parser correctly handles empty-items, all-invalid-items, null names, and empty names. The curl output parsing uses lastIndexOfScalar on the last newline which is robust even when the response body itself contains newlines or embedded status-like strings. Proxy configuration, executable resolution, and error propagation all follow established patterns in the codebase.

src/api/http_node.zig — the batch command now runs all requests sequentially; worth a second look if multi-account refresh latency becomes a user complaint.

Important Files Changed

Filename	Overview
src/api/account.zig	Endpoint and parser updated; the post-loop entries.items.len == 0 guard is now present, closing the previously-flagged all-invalid-items gap.
src/api/http_node.zig	Node.js scripts fully removed; curl-based equivalents are clean, but max_concurrency is silently ignored in the batch path — a behavioral regression for multi-account setups.
src/api/http_types.zig	Adds curl_executable_env, curl_requirement_hint, and request_timeout_secs; existing constants are preserved.
src/api/http_executable.zig	Adds resolveCurlExecutable, resolveCurlExecutableForLaunchAlloc, and defaultCurlExecutable; mirrors the existing Node.js pattern correctly.
src/api/http_proxy.zig	Adds maybeConfigureCurlProxy that reuses existing maybeMapAllProxy and maybeApplyWindowsSystemProxyFallback helpers.
tests/api_account_test.zig	Tests updated to new items[] format; adds explicit tests for empty-items and all-invalid-items cases, addressing both issues from the prior review.
tests/cli_integration_test.zig	Fake Node.js stubs replaced with fake curl scripts; test assertions updated from Node.js 22+ to curl is required.
tests/workflows_live_test.zig	Error symbol references updated from NodeJsRequired to CurlRequired; no logic changes.

Sequence Diagram

sequenceDiagram
    participant Caller
    participant http_node.zig
    participant curl
    participant ChatGPT API

    Note over Caller,ChatGPT API: Single GET
    Caller->>http_node.zig: runGetJsonCommand(endpoint, token, acct_id)
    http_node.zig->>http_node.zig: resolveCurlExecutableForLaunchAlloc()
    http_node.zig->>http_node.zig: maybeConfigureCurlProxy(env_map)
    http_node.zig->>curl: spawn [--silent --show-error --location --max-time 5 --write-out newline+http_code]
    curl->>ChatGPT API: GET /backend-api/accounts
    ChatGPT API-->>curl: {items:[...]} HTTP 200
    curl-->>http_node.zig: "stdout = body + newline + 200"
    http_node.zig->>http_node.zig: parseCurlHttpOutput() split on last newline
    http_node.zig-->>Caller: "HttpResult{body, status_code}"

    Note over Caller,ChatGPT API: Batch GET — sequential, no concurrency
    loop for each request
        http_node.zig->>curl: spawn curl for request[i]
        curl->>ChatGPT API: GET /backend-api/... (usage)
        ChatGPT API-->>curl: response
        curl-->>http_node.zig: stdout
        http_node.zig->>http_node.zig: parseCurlHttpOutput()
    end
    http_node.zig-->>Caller: "BatchHttpResult{items[]}"

Loading

Prompt To Fix All With AI

Fix the following 1 code review issue. Work through them one at a time, proposing concise fixes.

---

### Issue 1 of 1
src/api/http_node.zig:153-155
**`max_concurrency` silently ignored in batch path**

`runCurlGetJsonBatchCommand` accepts `max_concurrency` but discards it with `_ = max_concurrency`, making all batch requests fully sequential. The old Node.js implementation honoured a concurrency of up to 3 in parallel workers. With the curl implementation every account refresh is a separate `curl` child-process spawn executed one-after-another, so refresh latency now scales linearly with the number of stored accounts. The docs have already removed the "maximum concurrency of 3" note, but the public function signature still accepts the parameter — callers that pass a value > 1 expecting parallelism will silently get none.

_{Reviews (4): Last reviewed commit: "fix: use curl for API refresh [skip ci]" | Re-trigger Greptile}