fix(desktop): support imported codex keyless providers

Author: Sun-sunshine06

apps/desktop/src/main/imports/codex-config.test.ts

@@ -43,6 +43,25 @@ wire_api = "responses"
     const out = await parseCodexConfig(toml);
     expect(out.providers[0]?.wire).toBe('openai-responses');
     expect(out.providers[0]?.queryParams?.['api-version']).toBe('2025-04-01-preview');
+    expect(out.providers[0]?.defaultModel).toBe('gpt-4o');
+  });
+
+  it('uses provider-local model when a non-active provider declares one', async () => {
+    const toml = `
+model = "deepseek-chat"
+model_provider = "deepseek"
+
+[model_providers.deepseek]
+base_url = "https://api.deepseek.com/v1"
+
+[model_providers.local_proxy]
+base_url = "https://proxy.example.test/v1"
+model = "qwen3-coder"
+`;
+    const out = await parseCodexConfig(toml);
+    expect(out.providers.find((p) => p.id === 'codex-local_proxy')?.defaultModel).toBe(
+      'qwen3-coder',
+    );
   });
 
   it('skips provider blocks missing base_url with a warning', async () => {

apps/desktop/src/main/imports/codex-config.ts

@@ -23,11 +23,14 @@ type CodexProviderBlock = {
   name?: string;
   base_url?: string;
   env_key?: string;
+  model?: string;
   wire_api?: string;
   http_headers?: Record<string, string>;
   query_params?: Record<string, string>;
 };
 
+const FALLBACK_IMPORTED_MODEL = 'gpt-4o';
+
 /**
  * Parse a Codex `config.toml` string and translate each `[model_providers.X]`
  * block into a v3 `ProviderEntry`. Unknown keys are silently ignored (parse
@@ -62,6 +65,14 @@ export async function parseCodexConfig(toml: string): Promise<CodexImport> {
 
   const root = parsed as Record<string, unknown>;
   const modelProviders = root['model_providers'];
+  const activeProviderRaw = root['model_provider'];
+  const activeModelRaw = root['model'];
+  const activeProviderId =
+    typeof activeProviderRaw === 'string' && activeProviderRaw.length > 0
+      ? `codex-${activeProviderRaw}`
+      : null;
+  const activeModel =
+    typeof activeModelRaw === 'string' && activeModelRaw.length > 0 ? activeModelRaw : null;
   const providers: ProviderEntry[] = [];
   const envKeyMap: Record<string, string> = {};
 
@@ -82,13 +93,17 @@ export async function parseCodexConfig(toml: string): Promise<CodexImport> {
             : block.wire_api === 'chat'
               ? 'openai-chat'
               : detectWireFromBaseUrl(block.base_url);
+        const blockModel = typeof block.model === 'string' ? block.model.trim() : '';
+        const activeModelForProvider =
+          activeProviderId === `codex-${id}` && activeModel !== null ? activeModel : null;
+        const defaultModel = (activeModelForProvider ?? blockModel) || FALLBACK_IMPORTED_MODEL;
         const entry: ProviderEntry = {
           id: `codex-${id}`,
           name: 'Codex (imported)',
           builtin: false,
           wire,
           baseUrl: block.base_url,
-          defaultModel: '', // caller fills in via active model if this provider wins
+          defaultModel,
         };
         if (typeof block.env_key === 'string' && block.env_key.length > 0) {
           entry.envKey = block.env_key;
@@ -113,18 +128,8 @@ export async function parseCodexConfig(toml: string): Promise<CodexImport> {
     }
   }
 
-  const activeProviderRaw = root['model_provider'];
-  const activeModelRaw = root['model'];
-  const activeProviderId =
-    typeof activeProviderRaw === 'string' && activeProviderRaw.length > 0
-      ? `codex-${activeProviderRaw}`
-      : null;
-  const activeModel =
-    typeof activeModelRaw === 'string' && activeModelRaw.length > 0 ? activeModelRaw : null;
-
   // Backfill defaultModel for the active provider so the UI has something to
-  // offer by default. Non-active providers keep an empty defaultModel and
-  // the user picks one on first activation.
+  // offer by default even if the provider block did not declare a model.
   if (activeProviderId !== null && activeModel !== null) {
     const entry = providers.find((p) => p.id === activeProviderId);
     if (entry !== undefined) entry.defaultModel = activeModel;

apps/desktop/src/main/index.ts

@@ -43,7 +43,7 @@ import {
 } from './onboarding-ipc';
 import { readPersisted as readPreferences, registerPreferencesIpc } from './preferences-ipc';
 import { preparePromptContext } from './prompt-context';
-import { resolveActiveModel } from './provider-settings';
+import { isKeylessProviderAllowed, resolveActiveModel } from './provider-settings';
 import { safeInitSnapshotsDb } from './snapshots-db';
 import { registerSnapshotsIpc, registerSnapshotsUnavailableIpc } from './snapshots-ipc';
 
@@ -437,6 +437,7 @@ function registerIpcHandlers(): void {
     } catch {
       apiKey = '';
     }
+    const allowKeyless = isKeylessProviderAllowed(active.model.provider);
     // Once we've snapped to the canonical active provider, the renderer-supplied
     // baseUrl can no longer be trusted — it may belong to a different (stale)
     // provider and would route the active provider's API key to the wrong host.
@@ -468,7 +469,7 @@ function registerIpcHandlers(): void {
       modelId: active.model.modelId,
     };
     coreLogger.info('[generate] step=validate_provider', stepCtx);
-    if (apiKey.length === 0) {
+    if (apiKey.length === 0 && !allowKeyless) {
       coreLogger.error('[generate] step=validate_provider.fail', {
         provider: active.model.provider,
         reason: 'missing_api_key',
@@ -518,6 +519,7 @@ function registerIpcHandlers(): void {
           ...(baseUrl !== undefined ? { baseUrl } : {}),
           wire: active.wire,
           ...(active.httpHeaders !== undefined ? { httpHeaders: active.httpHeaders } : {}),
+          ...(allowKeyless ? { allowKeyless: true } : {}),
           signal: controller.signal,
           logger: coreLogger,
         },
@@ -575,6 +577,7 @@ function registerIpcHandlers(): void {
     } catch {
       apiKey = '';
     }
+    const allowKeyless = isKeylessProviderAllowed(active.model.provider);
     // See codesign:v1:generate above — renderer baseUrl is ignored post-snap.
     const baseUrl = active.baseUrl ?? undefined;
     if (active.overridden) {
@@ -617,6 +620,7 @@ function registerIpcHandlers(): void {
           ...(baseUrl !== undefined ? { baseUrl } : {}),
           wire: active.wire,
           ...(active.httpHeaders !== undefined ? { httpHeaders: active.httpHeaders } : {}),
+          ...(allowKeyless ? { allowKeyless: true } : {}),
           signal: controller.signal,
         },
         id,
@@ -672,6 +676,7 @@ function registerIpcHandlers(): void {
     } catch {
       apiKey = '';
     }
+    const allowKeyless = isKeylessProviderAllowed(active.model.provider);
     const baseUrl = active.baseUrl ?? undefined;
     const promptContext = await preparePromptContext({
       attachments: payload.attachments,
@@ -706,6 +711,7 @@ function registerIpcHandlers(): void {
         ...(baseUrl !== undefined ? { baseUrl } : {}),
         wire: active.wire,
         ...(active.httpHeaders !== undefined ? { httpHeaders: active.httpHeaders } : {}),
+        ...(allowKeyless ? { allowKeyless: true } : {}),
       });
       logIpc.info('applyComment.ok', {
         ms: Date.now() - t0,
@@ -740,7 +746,13 @@ function registerIpcHandlers(): void {
       provider: cfg.activeProvider,
       modelId: cfg.activeModel,
     });
-    const apiKey = getApiKeyForProvider(active.model.provider);
+    let apiKey: string;
+    try {
+      apiKey = getApiKeyForProvider(active.model.provider);
+    } catch {
+      apiKey = '';
+    }
+    const allowKeyless = isKeylessProviderAllowed(active.model.provider);
     const baseUrl = active.baseUrl ?? undefined;
     return generateTitle({
       prompt,
@@ -749,6 +761,7 @@ function registerIpcHandlers(): void {
       ...(baseUrl !== undefined ? { baseUrl } : {}),
       wire: active.wire,
       ...(active.httpHeaders !== undefined ? { httpHeaders: active.httpHeaders } : {}),
+      ...(allowKeyless ? { allowKeyless: true } : {}),
     });
   });
 

apps/desktop/src/main/onboarding-ipc.ts

@@ -25,6 +25,7 @@ import {
   assertProviderHasStoredSecret,
   computeDeleteProviderResult,
   getAddProviderDefaults,
+  isKeylessProviderAllowed,
   toProviderRows,
 } from './provider-settings';
 import { buildAppPaths } from './storage-settings';
@@ -94,7 +95,7 @@ function toState(cfg: Config | null): OnboardingState {
   }
   const active = cfg.activeProvider;
   const ref = cfg.secrets[active];
-  if (ref === undefined) {
+  if (ref === undefined && !isKeylessProviderAllowed(active)) {
     return {
       hasKey: false,
       provider: active,
@@ -617,14 +618,7 @@ async function runImportCodex(imported: CodexImport): Promise<OnboardingState> {
       const envValue = process.env[entry.envKey];
       if (envValue !== undefined && envValue.length > 0) {
         nextSecrets[entry.id] = { ciphertext: encryptSecret(envValue) };
-      } else if (nextSecrets[entry.id] === undefined) {
-        // env var not exported — store empty key so the provider is
-        // usable for keyless endpoints (IP-whitelisted proxies).
-        nextSecrets[entry.id] = { ciphertext: encryptSecret('') };
       }
-    } else if (nextSecrets[entry.id] === undefined) {
-      // No env_key at all — likely a keyless proxy.
-      nextSecrets[entry.id] = { ciphertext: encryptSecret('') };
     }
   }
   const fallbackActive = imported.providers[0];

apps/desktop/src/main/provider-settings.test.ts

@@ -13,6 +13,7 @@ function makeCfg(input: {
   modelPrimary: string;
   secrets?: Record<string, { ciphertext: string }>;
   baseUrls?: Record<string, string>;
+  providers?: Record<string, import('@open-codesign/shared').ProviderEntry>;
 }): Config {
   const providers: Record<string, import('@open-codesign/shared').ProviderEntry> = {
     anthropic: {
@@ -39,6 +40,7 @@ function makeCfg(input: {
       baseUrl: input.baseUrls?.['openrouter'] ?? 'https://openrouter.ai/api/v1',
       defaultModel: 'anthropic/claude-sonnet-4.6',
     },
+    ...(input.providers ?? {}),
   };
   return hydrateConfig({
     version: 3,
@@ -126,6 +128,25 @@ describe('assertProviderHasStoredSecret', () => {
 
     expect(() => assertProviderHasStoredSecret(cfg, 'anthropic')).toThrow(CodesignError);
   });
+
+  it('allows imported Codex providers without a stored API key', () => {
+    const cfg = makeCfg({
+      provider: 'codex-proxy',
+      modelPrimary: 'gpt-5.3-codex',
+      providers: {
+        'codex-proxy': {
+          id: 'codex-proxy',
+          name: 'Codex (imported)',
+          builtin: false,
+          wire: 'openai-responses',
+          baseUrl: 'https://proxy.example.com/v1',
+          defaultModel: 'gpt-5.3-codex',
+        },
+      },
+    });
+
+    expect(() => assertProviderHasStoredSecret(cfg, 'codex-proxy')).not.toThrow();
+  });
 });
 
 describe('computeDeleteProviderResult', () => {
@@ -272,4 +293,29 @@ describe('resolveActiveModel', () => {
       resolveActiveModel(cfg, { provider: 'anthropic', modelId: 'claude-sonnet-4-6' }),
     ).toThrowError(CodesignError);
   });
+
+  it('allows active imported Codex providers without a stored secret', () => {
+    const cfg = makeCfg({
+      provider: 'codex-proxy',
+      modelPrimary: 'gpt-5.3-codex',
+      providers: {
+        'codex-proxy': {
+          id: 'codex-proxy',
+          name: 'Codex (imported)',
+          builtin: false,
+          wire: 'openai-responses',
+          baseUrl: 'https://proxy.example.com/v1',
+          defaultModel: 'gpt-5.3-codex',
+        },
+      },
+    });
+
+    const result = resolveActiveModel(cfg, {
+      provider: 'codex-proxy',
+      modelId: 'gpt-5.3-codex',
+    });
+
+    expect(result.model).toEqual({ provider: 'codex-proxy', modelId: 'gpt-5.3-codex' });
+    expect(result.baseUrl).toBe('https://proxy.example.com/v1');
+  });
 });

apps/desktop/src/main/provider-settings.ts

@@ -53,9 +53,14 @@ export function getAddProviderDefaults(
 
 export function assertProviderHasStoredSecret(cfg: Config, provider: string): void {
   if (cfg.secrets[provider] !== undefined) return;
+  if (provider.startsWith('codex-')) return;
   throw new CodesignError(`No API key stored for provider "${provider}".`, 'PROVIDER_KEY_MISSING');
 }
 
+export function isKeylessProviderAllowed(provider: string): boolean {
+  return provider.startsWith('codex-');
+}
+
 function resolveEntryFor(cfg: Config, id: string): ProviderEntry | null {
   const stored = cfg.providers[id];
   if (stored !== undefined) return stored;
@@ -133,7 +138,9 @@ export interface DeleteProviderResult {
  * what the next active provider and model values should be.
  */
 export function computeDeleteProviderResult(cfg: Config, toDelete: string): DeleteProviderResult {
-  const remaining = Object.keys(cfg.secrets).filter((p) => p !== toDelete);
+  const remaining = Object.keys(cfg.providers).filter(
+    (p) => p !== toDelete && (cfg.secrets[p] !== undefined || isKeylessProviderAllowed(p)),
+  );
 
   if (remaining.length === 0) {
     return { nextActive: null, modelPrimary: '' };
@@ -175,7 +182,7 @@ export function resolveActiveModel(
   hint: { provider: string; modelId: string },
 ): ActiveModelResolution {
   const activeId = cfg.activeProvider;
-  if (cfg.secrets[activeId] === undefined) {
+  if (cfg.secrets[activeId] === undefined && !isKeylessProviderAllowed(activeId)) {
     throw new CodesignError(
       `No API key stored for active provider "${activeId}". Re-run onboarding to add one.`,
       'PROVIDER_KEY_MISSING',

apps/desktop/src/renderer/src/store.ts

@@ -13,7 +13,6 @@ import type {
   ModelRef,
   OnboardingState,
   SelectedElement,
-  SupportedOnboardingProvider,
 } from '@open-codesign/shared';
 import { create } from 'zustand';
 import type { StoreApi } from 'zustand';
@@ -396,7 +395,7 @@ function newId(): string {
   return `${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 8)}`;
 }
 
-function modelRef(provider: SupportedOnboardingProvider, modelId: string): ModelRef {
+function modelRef(provider: string, modelId: string): ModelRef {
   return { provider, modelId };
 }
 
@@ -605,7 +604,7 @@ function triggerAutoRenameIfFirst(get: GetState, isFirstPrompt: boolean, prompt:
 
 interface ReadyConfig extends OnboardingState {
   hasKey: true;
-  provider: SupportedOnboardingProvider;
+  provider: string;
   modelPrimary: string;
 }