Skip to content

chore: prepare v0.9.3-pre#535

Merged
tmustier merged 1 commit intomainfrom
fix/codex-official-oauth-shape
Apr 24, 2026
Merged

chore: prepare v0.9.3-pre#535
tmustier merged 1 commit intomainfrom
fix/codex-official-oauth-shape

Conversation

@tmustier
Copy link
Copy Markdown
Owner

@tmustier tmustier commented Apr 24, 2026
edited
Loading

Summary

  • Bump Pi for Excel to 0.9.3-pre and proxy helper package to 0.2.3-pre.
  • Add docs/release-notes/v0.9.3-pre.md, summarizing changes since v0.9.2-pre / the last version bump.
  • Finish the OpenAI Codex browser OAuth fix by matching current official Codex CLI request shape more closely: connector scopes, originator=codex_cli_rs, 64-byte PKCE verifier, Codex simplified flow, and access-token account-claim validation.
  • Version stored OpenAI Codex OAuth credentials and clear stale pre-scope-upgrade credentials so users are forced through a fresh login instead of silently refreshing insufficient scopes.
  • Harden local/Vite OAuth proxy forwarding by stripping browser-only headers from token exchange requests.

What changed since the last version

Reviewed commits since the v0.9.2-pre release note/version bump:

  • 0711084 — refreshed Pi stack/model registry/model selection through 0.70.0, including GPT-5.5.
  • b91eed0 — fixed custom gateway API key deletion + nested overlay Escape handling.
  • 1157851 — defaulted to GPT-5.5 and repaired browser OAuth plumbing.
  • 97b7b0a — fixed Anthropic client ID and aligned browser OAuth client parameters.
  • This patch — matched current official Codex CLI OAuth details, invalidated stale OpenAI Codex OAuth grants, and hardened proxy header stripping.

Verification

  • node --test --experimental-strip-types --import ./scripts/register-test-ts-loader.mjs tests/browser-oauth.test.ts
  • node --test --experimental-strip-types tests/cors-proxy-server.security.test.mjs tests/oauth-proxy-routing.test.ts
  • npm run test:models
  • npm run test:context
  • npm run test:security
  • npm run check
  • npm run build
  • Manual Excel OAuth smoke: Anthropic works; OpenAI Codex works after forcing Excel onto the local patched sideload.
  • pr-reviewer re-review after stale-credential fix: no P0-P2 findings.

Notes

  • npm audit --audit-level=high still reports only the existing moderate uuid chain under Office tooling; it does not block high-level audit.
  • Build still emits the existing KaTeX font/chunk warnings.

@vercel
Copy link
Copy Markdown

vercel Bot commented Apr 24, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
pi-for-excel Ready Ready Preview, Comment Apr 24, 2026 4:09pm

@tmustier tmustier force-pushed the fix/codex-official-oauth-shape branch from ec61b19 to 6df4612 Compare April 24, 2026 16:08
@tmustier tmustier merged commit f1cef49 into main Apr 24, 2026
9 checks passed
@tmustier tmustier deleted the fix/codex-official-oauth-shape branch April 24, 2026 16:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tmustier