feat: OpenAI backend init

[fluxdiv]

Pull request

Summary

Adds a native OpenAI backend (provider = "openai") that connects directly to the OpenAI Responses API, supporting GPT and o-series models with native reasoning via reasoning_effort. Also adds a seal login openai device-code OAuth flow for ChatGPT/Codex subscription users, with automatic token refresh and credential detection from both ~/.seal/chatgpt-auth.json and ~/.codex/auth.json.

Related issues

SEA-515

Changes

• Adds crates/seal-runtime/src/llm/backends/openai.rs implementing LlmBackend for OpenAI's Responses API with SSE streaming, atomic function call delivery via response.output_item.done, o-series reasoning_effort support, and a subscription routing path to chatgpt.com/backend-api/codex
• Adds crates/seal-cli/src/login.rs implementing the OpenAI device-code OAuth flow (seal login openai), persisting tokens to ~/.seal/chatgpt-auth.json with account ID extracted from the id_token JWT
• Adds crates/seal-runtime/src/llm/chatgpt_token_refresh.rs for proactive JWT expiry detection and single-flight token refresh via POST https://auth.openai.com/oauth/token
• Refactors llm_request_streaming and llm_request_streaming_async to accept a parse_sse callback, decoupling the Anthropic-specific SSE parser from the shared request loop
• Renames parse_sse_streaming → parse_sse_streaming_anthropic and makes it pub so both the Anthropic and OpenRouter backends can pass it as the callback
• Adds lookup_openai(), read_openai_credential(), and openai_subscription_available() to seal-utils/credentials, with priority ordering: seal chatgpt-auth.json → Codex auth.json → OPENAI_API_KEY env
• Adds ChatGptSubscription and OpenAiApiKey provider choices to the init wizard TUI, including AwaitingChatGptLogin state with r-to-retry and Esc-to-back key handling
• Wires provider = "openai" in build_llm_from_manifest, adds account_id and uses_subscription fields to BackendConfig, and adds openai_api_key() to seal-utils
• Updates install and provider-backends docs to document the OpenAI backend, both auth paths, model selection, and reasoning knobs; removes the "planned for launch" notice

Test plan

• Unit tests cover build_body shape (input items, instructions, streaming flag, max_output_tokens omission for subscription), reasoning_effort presence/absence across ThinkingMode variants, tool serialization, map_openai_response_status mapping, effective_max_tokens/effective_context_length clamping, caching, and user-override behavior via wiremock
• SSE parser tests cover text delta streaming, output_item.done message fallback when no deltas arrived, deduplication when deltas were already received, function call emission with tool_use stop reason, response.failed surfaced as LlmError::Api, and clean end_turn completion
• JWT expiry tests cover realistic payload parsing, API key passthrough (non-JWT), past expiry, within-window expiry, and far-future non-expiry
• Credential priority tests cover seal chatgpt-auth.json winning over OPENAI_API_KEY env, and env fallback when no auth file exists
• Live tests (#[ignore = "live"]) cover model_info and a basic chat turn against api.openai.com, and subscription chat/tool execution against chatgpt.com/backend-api/codex
• All existing Anthropic and OpenRouter SSE streaming tests updated to pass the parse_sse_streaming_anthropic callback explicitly and continue to pass

Notes for reviewers

The parse_sse callback is Clone + Send + Sync + 'static to satisfy the retry loop cloning it across attempts. The OpenAI SSE parser mirrors the Anthropic parser's heartbeat, inter-chunk timeout, retry_eligible, and events_pushed logic so retry/resume behavior is consistent across backends. The ChatGPT subscription path omits max_output_tokens from the request body and adds OAI-Product-Sku: codex and ChatGPT-Account-ID headers. StreamOutcome is now pub to allow the OpenAI parser to return it from outside the streaming module. Codex auth files are read-only — if a Codex token expires, the user is directed to run seal login openai to create a fresh seal-managed token.

---

^{Need help on this PR? Tag @codesmith with what you need. Autofix is disabled.}

[fluxdiv]

• fix: fix copy of wrapped codeblock cutting off post-wrap line #508
• feat: OpenAI backend init #408 👈 (View in Graphite)
• main

---

How to use the Graphite Merge Queue

Add either label to this PR to merge it via the merge queue:

• Merge Queue - adds this PR to the back of the merge queue
• Merge Queue Fast Track - for urgent changes, fast-track this PR to the front of the merge queue

You must have a Graphite account in order to use the merge queue. Sign up using this link.

An organization admin has required the Graphite Merge Queue in this repository.

Please do not merge from GitHub as this will restart CI on PRs being processed by the merge queue.

This stack of pull requests is managed by Graphite. Learn more about stacking.

[github-actions]

Docs preview: https://7648320f.seal-docs.pages.dev

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

📝 Walkthrough

Walkthrough

Adds a complete OpenAI/ChatGPT integration alongside existing Claude/Anthropic support. Users can now run seal login openai to authenticate via device-code flow, saved tokens refresh automatically, and Seal routes requests to the new OpenAI Responses API backend with streaming, tool calls, reasoning-state propagation, context-length auto-detection, and account/subscription routing. TUI wizard onboarding supports both OAuth and API key paths.

Changes

OpenAI/ChatGPT Backend Integration

Layer / File(s)	Summary
CLI login flow and credential APIs crates/seal-cli/Cargo.toml, crates/seal-cli/src/lib.rs, crates/seal-cli/src/login.rs, crates/seal-cli/src/main.rs, crates/seal-utils/src/env.rs, crates/seal-utils/src/credentials.rs	Device-code OAuth login (seal login openai), credential discovery across seal-managed OAuth JSON, Codex fallback, and OPENAI_API_KEY env; CLI wiring detects configured status from auth files or env.
ChatGPT token refresh service crates/seal-runtime/src/llm/chatgpt_token_refresh.rs	Runtime-owned service keeps access tokens fresh via expiry polling, single-flight refresh on OAuth endpoint, and persistent storage of rotated tokens.
Reasoning-state protocol variants wit/seal.wit, crates/seal-runtime/src/llm/mod.rs	WIT contract and LLM protocol add opaque reasoning_state(string) variants to message content and chat events for provider reasoning payload.
Reasoning state capture in turns crates/seal-agent/src/agent_loop/turn.rs, crates/seal-agent/src/agent_loop/history.rs, crates/seal-agent/src/agent_loop/compact.rs	Agent turns collect ChatEvent::ReasoningState, persist as ContentBlock::ReasoningState blocks after text, skip in compaction summaries.
WIT↔native type conversions crates/seal-agent/src/agent_loop/wit_convert.rs, crates/seal-runtime/src/engine/conversions.rs, crates/seal-runtime/src/engine/stream_chat.rs, crates/seal-agent/src/messages.rs, crates/seal-agent/src/host.rs	JSON serialization, roundtrip conversions, request-shape tracing, and chat event streaming for reasoning-state variant.
SSE parser injection and generalization crates/seal-runtime/src/llm/streaming.rs	Refactor streaming to inject provider-specific parse_sse closure; promote Anthropic parser to public parse_sse_streaming_anthropic; update 30+ test points.
OpenAI Responses API backend crates/seal-runtime/src/llm/backends/openai.rs, crates/seal-runtime/src/llm/backends/mod.rs	New backend with model-cap discovery, request building (streaming, tool schema, reasoning config), SSE frame parsing, token refresh, and 100+ unit/integration tests.
Other backend updates crates/seal-runtime/src/llm/backends/anthropic.rs, crates/seal-runtime/src/llm/backends/openrouter.rs, crates/seal-runtime/src/llm/backends/mock.rs, crates/seal-runtime/src/llm/tests_common.rs	Wire new SSE parser injection; add context-length pinning; strip reasoning state before non-OpenAI serialization; extend test configs.
Model limits (context_length) configuration crates/seal-policy/src/manifest.rs, crates/seal-policy/src/grant.rs, crates/seal-runtime/src/llm/mod.rs	Add optional context_length field to manifest [model] section, propagate through grants, extend BackendConfig with account_id/uses_subscription for OpenAI routing.
Model limits test updates crates/seal-policy/src/manifest/tests/*.rs, crates/seal-runtime/src/grant_store.rs	Update manifest parsing, grant synthesis, and roundtrip tests to include context_length.
TUI wizard ChatGPT/OpenAI providers crates/seal-tui/src/wizard/state.rs, crates/seal-tui/src/wizard/submit.rs, crates/seal-tui/src/wizard/input.rs, crates/seal-tui/src/wizard/rendering.rs, crates/seal-tui/src/wizard/tests.rs	Add ChatGptSubscription (OAuth) and OpenAiApiKey provider choices; classify credentials and render awaiting-login state; support async login flow.
Documentation and schema docs/site/src/content/docs/install.mdx, docs/site/src/content/docs/provider-backends.mdx, docs/site/src/content/docs/reference/manifest/*.mdx, docs/ARCHITECTURE.md, docs/MANIFEST.md, schemas/seal.toml.json	Document seal login openai, OpenAI backend config/auth/models, context-length auto-resolution, update schema for new fields.

🎯 4 (Complex) | ⏱️ ~60 minutes

A rabbit hops through clouds of tokens,
Each login yields a fresh OAuth moment,
Reasoning flows like carrots down a stream,
Context limits dream their OpenAI dream,
🐰 munches thoughtfully 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'feat: OpenAI backend init' is specific and directly related to the main change: implementing a new OpenAI backend. It clearly summarizes the primary contribution of this changeset.
Description check	✅ Passed	The description provides comprehensive coverage of the OpenAI backend implementation, OAuth login flow, token refresh, and related changes. It directly relates to the changeset content and explains the scope, implementation details, testing approach, and design decisions.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch 05-30-sea-515

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[blacksmith-sh]

I'm on it! Give me a moment to analyze the code and I'll respond shortly.

 

_{For changes to be attributed to you in commits, consider linking your GitHub account to Blacksmith.}

[fluxdiv]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[blacksmith-sh]

@fluxdiv

@codesmith review this PR

Here's my review of #408. I found three issues worth fixing before merge — one of them is a real security regression — plus a couple of smaller nits.

Blockers

1. ~/.seal/chatgpt-auth.json is world-readable on disk. In crates/seal-cli/src/login.rs:227-232, the chmod step is:

#[cfg(unix)]
{
    seal_utils::io::ensure_dir_with_mode(&path, 0o600).ok();
}

ensure_dir_with_mode calls ensure_dir(path) → std::fs::create_dir_all(path) on what is already a file, returns Err, and .ok() silently discards it. The chmod never runs. The actual write went through seal_utils::io::write, which applies default_file_mode() = 0o644 (crates/seal-utils/src/io.rs:341-346). The end state: the file holding access_token, refresh_token, and id_token is 0644 instead of 0600. Same bug recurs on refresh in crates/seal-runtime/src/llm/chatgpt_token_refresh.rs:128-153 — write_refreshed_token calls plain io::write with no tightening at all. There isn't a public seal-utils helper for "atomic-write a file at mode N"; either add one (mirroring ensure_dir_with_mode) or chmod the file via the unix PermissionsExt path after the write returns.

2. Token refresh is dead code. chatgpt_token_refresh::ensure_fresh_token is implemented (and well-tested), but nobody calls it. OpenAiBackend stores chatgpt_auth_path (crates/seal-runtime/src/llm/backends/openai.rs:131,150-153) and build_llm_from_manifest populates it (crates/seal-runtime/src/llm/mod.rs:511-514), but chat() builds the auth header straight from self.config.api_key and never consults the path. Once the persisted JWT crosses its 5-minute window the user will see 401s until they manually re-run seal login openai. The PR description and the new docs both promise the opposite ("The daemon auto-refreshes seal-managed OAuth tokens before they expire"). The fix is to call ensure_fresh_token(&path, &api_key).await inside chat() (or earlier, in body_fut) when chatgpt_auth_path.is_some(), and rebuild the Authorization header from the returned token. The current build_headers closure captures api_key by value at construction time, so the refresh path also needs to plumb the fresh token into the header builder per-request, not at Self::new time.

3. seal "<prompt>" refuses to start for ChatGPT-subscription users. In crates/seal-cli/src/main.rs:312-324 the "openai" arm of the has_key check is only:

"openai" => seal_utils::env::openai_api_key().is_some(),

So with provider = "openai" and only ~/.seal/chatgpt-auth.json (or ~/.codex/auth.json) on disk, the CLI bails out with "No API key found for provider 'openai'" before the daemon ever sees the manifest. The "anthropic" arm right next to it fans out to env-var OR credentials file OR keychain; the openai arm should do the same — call seal_utils::credentials::lookup_openai() (or read_openai_credential()) and treat any CredentialState::Present as a pass.

Smaller things

• build_body always sets tool_choice: "auto" and parallel_tool_calls: true, even when tools is empty (crates/seal-runtime/src/llm/backends/openai.rs:233-244). The Responses API rejects tool_choice without tools on some configurations; gate both behind if !tools.is_empty() for safety.
• handle_apikey_key's AwaitingChatGptLogin arm has a KeyCode::Char('l') | KeyCode::Char('L') => {} no-op (crates/seal-cli/src/tui/init/input.rs:151) but the rendering and footer never mention l — the helper text says "Run seal login openai in another terminal" then press r. The 'l' handler is dead; drop it.
• chatgpt_token_refresh::do_refresh hand-rolls form encoding via form_urlencode. The crate already pulls in reqwest with the form feature for login.rs; .form(&[("grant_type","refresh_token"), ("refresh_token", refresh_token), ("client_id", CLIENT_ID)]) would replace the helper and the explicit body-building. Not a correctness issue, just consistency with login.rs.
• Docs nit (non-blocking): provider-backends.mdx lists o4/o4-mini/gpt-5/gpt-5-mini but the default model in state.rs is gpt-5.4, and rendering.rs advertises gpt-5.5, gpt-4o-mini. Worth picking one model name set and using it everywhere before launch.

What's good

The SSE refactor reads cleanly — passing parse_sse as a Clone + Send + Sync + 'static callback into llm_request_streaming is the right shape, and the Anthropic/OpenRouter call sites in tests all got updated. The OpenAI SSE parser mirrors the Anthropic parser's heartbeat / inter-chunk-timeout / retry-eligible / events-pushed semantics so the resumable-vs-terminal classification stays consistent across backends. Test coverage is solid: build_body shape, reasoning_effort matrix, subscription-vs-API-key header/body differences, the deduplication path where output_item.done arrives after deltas, response.failed surfaced as LlmError::Api, JWT expiry edges, credential priority. The split of parse_sse_streaming → parse_sse_streaming_anthropic is the right rename now that it's no longer the only SSE parser.

Happy to fix any of the three blockers in a follow-up if you want — just say the word.

[coderabbitai]

Actionable comments posted: 13

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/seal-cli/src/login.rs`:
- Around line 180-201: The PkceCodes struct and the code_challenge value are
unused noise: remove the code_challenge parameter from the function
(exchange_code_for_tokens or the surrounding function that constructs
PkceCodes), delete the code_challenge field from the PkceCodes struct, and stop
constructing/storing code_challenge; keep and send only code_verifier in the
form post to "{issuer}/oauth/token". Update any call sites and type uses that
reference PkceCodes or the now-removed code_challenge parameter to use only the
code_verifier value.
- Around line 59-61: The HTTP client is built without a per-request timeout, so
a single hung request can block the login flow (see client built in this file
and the poll_for_token/MAX_WAIT loop); update the reqwest::Client::builder()
call to set a per-request timeout (e.g., using std::time::Duration and
.timeout(...)) to a value smaller than MAX_WAIT (so each request fails fast and
the poll loop can respect the overall 15-minute budget), and add the necessary
import for Duration; ensure the chosen timeout applies to the token-polling and
token-exchange requests made by poll_for_token.
- Around line 30-41: deser_interval currently always deserializes the field as a
String which fails for numeric JSON; update deser_interval to accept both
numeric and string JSON by attempting to deserialize into an Option<u64> (or a
u64 then wrap) first and falling back to String->parse if needed so that the
struct field interval: Option<u64> and its deserializer (deser_interval) handle
both JSON numbers and numeric strings when deserializing UserCodeResp; reference
the deser_interval function and the interval field to locate where to implement
this dual-path deserialization.
- Around line 234-237: persist_tokens currently writes chatgpt-auth.json using
home_dir().join(".seal") and then mistakenly calls ensure_dir_with_mode on the
full file path (ensure_dir_with_mode(&path, 0o600)) which is a directory helper
and thus never applies file mode; also reads use seal_utils::paths::seal_home()
causing SEAL_HOME inconsistency. Fix by using seal_utils::paths::seal_home() to
compute the directory, call seal_utils::io::ensure_dir_with_mode on that
directory (not the file) to ensure the directory exists, write the file via
seal_utils::io::write to seal_home().join("chatgpt-auth.json"), and on Unix
explicitly set the file's mode to 0o600 after writing (e.g. with
std::fs::set_permissions or libc/nix chmod) rather than calling
ensure_dir_with_mode on the file path; update references in persist_tokens and
any token-read logic to consistently use seal_utils::paths::seal_home().

In `@crates/seal-cli/src/main.rs`:
- Line 314: The "openai" match arm in run_agent currently gates access using
only seal_utils::env::openai_api_key(), which blocks OAuth-only users; update
the "openai" condition in run_agent to allow either an API key OR presence of
OAuth credential files (e.g., ~/.seal/chatgpt-auth.json and ~/.codex/auth.json)
or by delegating to the same credential lookup used by the daemon; modify the
"openai" branch so it checks seal_utils::env::openai_api_key().is_some() ||
oauth_file_exists("~/.seal/chatgpt-auth.json") ||
oauth_file_exists("~/.codex/auth.json") (or call the shared credential lookup
helper) before returning the "No API key found" error.

In `@crates/seal-runtime/src/llm/backends/openai.rs`:
- Around line 1526-1531: The live tool-call test is invoking backend.chat with
an empty tool list, so the model cannot legally produce a ToolUseStart event.
Update the test setup in openai.rs around backend.chat to pass the relevant
ToolDefinition(s) used by this scenario instead of &[], ensuring the request
actually advertises callable tools. Use the existing test harness and
backend.chat call site to locate the change, and keep the system prompt and
stream assertions aligned with the intended tool-use behavior.
- Around line 41-57: fetch_openai_model_field_at currently tries to read
unsupported fields (like max_output_tokens and context_length) from the OpenAI
/v1/models/{model} response; remove that probing by changing
fetch_openai_model_field_at (and the callers fetch_openai_max_output_tokens_at
and fetch_openai_context_length_at if needed) to not call the models endpoint
for those fields and instead return None (or use a maintained internal
model-capacity mapping) so model_info() relies on correct defaults/mapping
rather than always-failing API probes. Ensure you only touch
fetch_openai_model_field_at (and update fetch_openai_max_output_tokens_at /
fetch_openai_context_length_at) and leave other request logic unchanged.
- Around line 239-245: The request body currently sets "store": false and
"include": [] which drops stateless reasoning context; when reasoning is
enabled, add "reasoning.encrypted_content" to the include array (so change the
body construction around the include field), ensure any extracted reasoning
items' encrypted_content from responses are captured, and append those encrypted
reasoning items into the next request's input_items (and into the input array)
so subsequent calls resend the encrypted reasoning state; also update the
include existence checks (the logic around lines testing include at 269–272) to
handle the "reasoning.encrypted_content" entry.

In `@crates/seal-runtime/src/llm/chatgpt_token_refresh.rs`:
- Around line 128-134: The POST to auth.openai.com currently has no per-request
timeout and can hang; add a bounded timeout around the request (either via
reqwest's per-request .timeout(Duration::from_secs(<N>)) on the client.post(...)
builder or by wrapping the .send().await call with
tokio::time::timeout(Duration::from_secs(<N>))). Update the code around
client.post(...).body(body).send().await to enforce this timeout, convert the
timeout error into the existing error flow (map_err with a clear message like
"refresh request timed out") and import std::time::Duration (or tokio::time) and
adjust error mapping so both network and timeout failures return an Err string
consistent with the current pattern.
- Around line 96-103: The refresh flow currently only extracts access_token in
do_refresh and then ensure_fresh_token calls write_refreshed_token with the old
stored.refresh_token; if the OAuth server rotates refresh tokens the new
refresh_token must be persisted. Update do_refresh to parse and return the
rotated refresh_token (e.g., return a struct or tuple with access_token and
optional refresh_token), and modify ensure_fresh_token to call
write_refreshed_token with the new refresh_token when present (fall back to
stored.refresh_token only if the response lacks a rotated token); reference
do_refresh, ensure_fresh_token, write_refreshed_token, and stored.refresh_token
to locate the changes.

In `@crates/seal-runtime/src/llm/mod.rs`:
- Around line 488-491: The debug log prints the full CredentialSource (including
user file paths) which leaks identifiers; change the eprintln! in the llm/mod.rs
snippet to print only the credential source kind instead of the full value.
Locate the eprintln! that references model_config.name and source and replace
the direct interpolation of source with either a short helper (e.g.,
CredentialSource::kind() or a match on source matching
SealChatGptAuthFile/CodexAuthFile/etc.) that returns only the variant/kind
string (e.g., "AuthFile", "Env", "Default"), and log that kind string.

In `@crates/seal-utils/src/credentials.rs`:
- Around line 188-190: In read_openai_credential(), instead of returning
Err(NoCredentialError) when user_env_has("OPENAI_API_KEY") is true, return the
stored value from the user_env; call the corresponding getter (e.g.,
user_env_get("OPENAI_API_KEY") or equivalent) and return that credential
(wrapped in the function's success type) so lookup_openai() can use the
fallback; update the branch that currently does "if
user_env_has(\"OPENAI_API_KEY\") { return Err(NoCredentialError); }" to retrieve
and return the value instead.

In `@docs/site/src/content/docs/provider-backends.mdx`:
- Around line 18-23: The Aside note is broken by an extra blank line causing the
sentence to split and show a dangling "+"; edit the Aside block containing the
text fragments `provider = "openai"` and `OPENAI_API_KEY` (the <Aside>
component) to remove the empty line so the two lines form one continuous
sentence and also delete the stray "+" if still present.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: b4a339fc-3c98-4346-ba79-8472c21baf19

📥 Commits

Reviewing files that changed from the base of the PR and between cf450c1 and 5e82513.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (21)

• crates/seal-cli/Cargo.toml
• crates/seal-cli/src/lib.rs
• crates/seal-cli/src/login.rs
• crates/seal-cli/src/main.rs
• crates/seal-cli/src/tui/init/input.rs
• crates/seal-cli/src/tui/init/rendering.rs
• crates/seal-cli/src/tui/init/state.rs
• crates/seal-cli/src/tui/init/submit.rs
• crates/seal-cli/src/tui/init/tests.rs
• crates/seal-runtime/src/llm/backends/anthropic.rs
• crates/seal-runtime/src/llm/backends/mod.rs
• crates/seal-runtime/src/llm/backends/openai.rs
• crates/seal-runtime/src/llm/backends/openrouter.rs
• crates/seal-runtime/src/llm/chatgpt_token_refresh.rs
• crates/seal-runtime/src/llm/mod.rs
• crates/seal-runtime/src/llm/streaming.rs
• crates/seal-runtime/src/llm/tests_common.rs
• crates/seal-utils/src/credentials.rs
• crates/seal-utils/src/env.rs
• docs/site/src/content/docs/install.mdx
• docs/site/src/content/docs/provider-backends.mdx

[greptile-apps]

Greptile Summary

This PR adds a native OpenAI backend targeting the Responses API, a seal login openai device-code OAuth flow, proactive JWT-expiry token refresh, and wires both ChatGPT-subscription and API-key paths through the init wizard. The issues flagged in the previous review cycle (world-readable token files, dead code_challenge parameter, silently-discarded rotated refresh token, token refresh never invoked) have all been addressed by follow-up commits.

• openai.rs implements LlmBackend with SSE streaming, atomic function-call delivery via response.output_item.done, reasoning_effort for o-series models, and a subscription routing path; the token-refresh call is correctly wired into chat() via refresh_chatgpt_token_if_needed, which reads and updates the shared Arc<Mutex<String>> that build_headers captures.
• chatgpt_token_refresh.rs adds single-flight JWT refresh with write_private (0o600) for the token file; parse_refresh_response now captures an optional rotated refresh_token and falls back to the stored value when absent.
• streaming.rs decouples the Anthropic SSE parser from the shared retry loop via a parse_sse callback, making the new OpenAI parser a first-class citizen without duplicating retry/resume logic.

Confidence Score: 4/5

Safe to merge after confirming the reasoning-state assembly order in turn.rs (noted in a prior outside-diff comment) is addressed; all auth/security fixes from the previous review cycle are in place.

The critical auth and file-permission issues from earlier rounds are resolved. One outstanding concern flagged in a previous outside-diff comment — the assistant content being assembled as Text → ReasoningState → ToolUse rather than the API's emission order of ReasoningState → Text → ToolUse — means replayed history has items in the wrong order, which can trigger 400s from the Responses API on subsequent turns that include reasoning. That item is unresolved in the current HEAD.

crates/seal-agent/src/agent_loop/turn.rs — the reasoning-state ordering fix from the prior review comment has not yet landed.

Important Files Changed

Filename	Overview
crates/seal-runtime/src/llm/backends/openai.rs	New OpenAI Responses API backend with SSE streaming, subscription routing, reasoning_effort, and atomic function call delivery. Well-structured with good test coverage; OpenAI-Beta: assistants=v2 header is wrong (Assistants API, not Responses API) but harmless.
crates/seal-runtime/src/llm/chatgpt_token_refresh.rs	New JWT expiry detection and single-flight token refresh. Issues from previous review rounds (rotated refresh token discarded, world-readable file after refresh) are addressed: parse_refresh_response now captures the new refresh_token, and write_refreshed_token uses seal_utils::io::write_private (0o600).
crates/seal-cli/src/login.rs	Device-code OAuth flow for ChatGPT/Codex. Previous issues (world-readable token file, dead code_challenge arg) addressed: persist_tokens now calls seal_utils::io::write_private; exchange_code_for_tokens uses only code_verifier.
crates/seal-agent/src/agent_loop/turn.rs	Adds ReasoningState accumulation and commit_partial_assistant_state propagation. Assembly order (Text → ReasoningState → ToolUse) is inverted relative to the API's emission order — flagged in a prior outside-diff review comment and not yet corrected.
crates/seal-utils/src/credentials.rs	Adds OpenAI credential lookup with correct priority ordering: seal chatgpt-auth.json → Codex auth.json → OPENAI_API_KEY env. Returns access token, source, and account_id; handles empty-token sentinel correctly.
crates/seal-utils/src/io.rs	Adds write_private for atomic writes with 0o600 permissions outside the security tree. Correctly creates parent directories and has a test confirming permission enforcement.
crates/seal-runtime/src/llm/mod.rs	Adds ReasoningState ContentBlock variant, chatgpt_token_refresh module, account_id/uses_subscription fields to BackendConfig, and strip_openai_reasoning_state to guard Anthropic/OpenRouter backends from opaque OpenAI state. Clean wiring in build_llm_from_manifest.
crates/seal-runtime/src/llm/streaming.rs	Refactors llm_request_streaming to accept a parse_sse callback, decoupling the Anthropic parser from the shared retry loop. Renames parse_sse_streaming → parse_sse_streaming_anthropic and makes StreamOutcome pub. All existing tests updated correctly.
crates/seal-tui/src/wizard/state.rs	Adds ChatGptSubscription and OpenAiApiKey provider choices with correct manifest_provider, default_model, env_var, and dashboard_url implementations.

_{Reviews (14): Last reviewed commit: "test: add OPENAI_API_KEY to workflows an..." | Re-trigger Greptile}

[coderabbitai]

Actionable comments posted: 4

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

wit/seal.wit (1)

1-1: ⚠️ Potential issue | 🟠 Major | ⚡ Quick win

Bump the WIT package version for this ABI change.

Adding new cases to exported variants changes the component contract. Keeping seal:agent@0.3.0 makes old generated bindings and mixed host/guest builds look compatible when they are not.

Suggested fix

-package seal:agent@0.3.0;
+package seal:agent@0.4.0;

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@wit/seal.wit` at line 1, The package version in the WIT file still reads
"package seal:agent@0.3.0" despite ABI-breaking changes (new variant cases);
update the package declaration to a new patch/minor version (e.g., "package
seal:agent@0.4.0" or appropriate semver bump) so generated bindings and
host/guest mixes are flagged as incompatible; modify the line with the package
declaration in seal.wit to the bumped version.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/seal-cli/src/login.rs`:
- Around line 156-167: The poll_for_token loop currently only retries for
specific HTTP statuses and bails on other responses; update poll_for_token to
parse the response body (resp.text().await or preferably resp.json()) and handle
RFC 8628 errors: if the returned error field is "authorization_pending" then
continue polling as before, if it's "slow_down" increase the interval (e.g.,
interval = interval.saturating_add(5) or add 5 seconds) for subsequent sleeps,
and only bail for other error values; make sure to still enforce the MAX_WAIT
via start.elapsed() and to apply the adjusted interval when computing sleep (the
variables to update are poll_for_token, resp/body parsing, interval, start, and
the sleep call).

In `@crates/seal-cli/src/main.rs`:
- Around line 152-158: The login branch unnecessarily creates a nested tokio
Runtime and uses block_on; since main is already annotated with #[tokio::main],
remove the Runtime::new() and rt.block_on(...) calls and instead directly await
the async login function (call seal_cli::login::run_device_code_login().await).
Update the match arm for LoginProvider::OpenAi to call the async function with
.await and remove the surrounding runtime allocation so spawned tasks use the
existing runtime.

In `@crates/seal-cli/src/tui/init/rendering.rs`:
- Around line 128-130: The example model IDs shown for the OpenAI provider are
inconsistent with the canonical default model; update the string returned in the
match arm for ProviderChoice::ChatGptSubscription | ProviderChoice::OpenAiApiKey
to use "gpt-5.4, gpt-4o-mini" (or otherwise indicate the example is not the
default) so the UI example aligns with the canonical default model used
elsewhere (e.g., where gpt-5.4 is expected).

In `@wit/seal.wit`:
- Around line 623-624: The opaque variant reasoning-state(string) must carry
provider provenance so backends can detect foreign state; change the definition
of reasoning-state to include provider and schema metadata (e.g., replace or
extend reasoning-state(string) with a structured variant containing {payload:
string, provider: string, provider_version?: string, schema?: string} or add an
accompanying provider field) or alternatively document and implement an explicit
"strip-on-provider-change" rule before accepting reasoning-state into generic
history; update any uses/serializers/deserializers that reference
reasoning-state (and the similar variant around lines referenced) to read/write
the new metadata so replay can be gated by provider/schema checks.

---

Outside diff comments:
In `@wit/seal.wit`:
- Line 1: The package version in the WIT file still reads "package
seal:agent@0.3.0" despite ABI-breaking changes (new variant cases); update the
package declaration to a new patch/minor version (e.g., "package
seal:agent@0.4.0" or appropriate semver bump) so generated bindings and
host/guest mixes are flagged as incompatible; modify the line with the package
declaration in seal.wit to the bumped version.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 40642b28-0ac3-47c3-b3f9-d0aa81ce0249

📥 Commits

Reviewing files that changed from the base of the PR and between 5e82513 and 662a446.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (41)

• crates/seal-agent/src/agent_loop/compact.rs
• crates/seal-agent/src/agent_loop/history.rs
• crates/seal-agent/src/agent_loop/turn.rs
• crates/seal-agent/src/agent_loop/wit_convert.rs
• crates/seal-agent/src/host.rs
• crates/seal-agent/src/messages.rs
• crates/seal-cli/Cargo.toml
• crates/seal-cli/src/lib.rs
• crates/seal-cli/src/login.rs
• crates/seal-cli/src/main.rs
• crates/seal-cli/src/tui/init/input.rs
• crates/seal-cli/src/tui/init/rendering.rs
• crates/seal-cli/src/tui/init/state.rs
• crates/seal-cli/src/tui/init/submit.rs
• crates/seal-cli/src/tui/init/tests.rs
• crates/seal-policy/src/grant.rs
• crates/seal-policy/src/manifest.rs
• crates/seal-policy/src/manifest/tests/basic_parsing.rs
• crates/seal-policy/src/manifest/tests/thinking_config.rs
• crates/seal-runtime/src/engine/conversions.rs
• crates/seal-runtime/src/engine/stream_chat.rs
• crates/seal-runtime/src/grant_store.rs
• crates/seal-runtime/src/llm/backends/anthropic.rs
• crates/seal-runtime/src/llm/backends/mock.rs
• crates/seal-runtime/src/llm/backends/mod.rs
• crates/seal-runtime/src/llm/backends/openai.rs
• crates/seal-runtime/src/llm/backends/openrouter.rs
• crates/seal-runtime/src/llm/chatgpt_token_refresh.rs
• crates/seal-runtime/src/llm/mod.rs
• crates/seal-runtime/src/llm/streaming.rs
• crates/seal-runtime/src/llm/tests_common.rs
• crates/seal-utils/src/credentials.rs
• crates/seal-utils/src/env.rs
• docs/ARCHITECTURE.md
• docs/MANIFEST.md
• docs/site/src/content/docs/install.mdx
• docs/site/src/content/docs/provider-backends.mdx
• docs/site/src/content/docs/reference/manifest/index.mdx
• docs/site/src/content/docs/reference/manifest/model.mdx
• schemas/seal.toml.json
• wit/seal.wit

[coderabbitai]

Actionable comments posted: 4

♻️ Duplicate comments (1)

crates/seal-runtime/src/llm/backends/openai.rs (1)

82-119: ⚠️ Potential issue | 🟠 Major

This reintroduces the unsupported /v1/models/{id} capability probe.

The official Models API describes the model object as basic metadata (id, created, object, owned_by); it does not expose max_output_tokens or context_length. As written, these helpers will keep falling back for unknown models, and the fetch/live tests below are pinning the same undocumented schema instead of a real API contract. (platform.openai.com)

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@crates/seal-runtime/src/llm/backends/openai.rs` around lines 82 - 119, The
helpers fetch_openai_max_output_tokens_at, fetch_openai_context_length_at and
fetch_openai_model_field_at are probing the unsupported /v1/models/{id} response
for undocumented fields (max_output_tokens, context_length); remove that
behavior by stopping calls to fetch_openai_model_field_at and either return None
(or a safe default) from fetch_openai_max_output_tokens_at and
fetch_openai_context_length_at, and delete or noop fetch_openai_model_field_at;
update any callers to treat None as “unknown” rather than relying on these
undocumented fields so the code only uses the official Models API surface.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@crates/seal-policy/src/manifest.rs`:
- Around line 115-117: Manifest currently accepts context_length = 0 which
defers errors to runtime; update Manifest::load to validate that the parsed
model.context_length (the struct field context_length: Option<u64>) if Some(v)
must be > 0 and otherwise return a clear manifest load error. Locate
Manifest::load and after parsing/reading the model entry, check the
context_length Option and return an error (with a helpful message) when value ==
0; leave None unchanged so backend resolution still works. Ensure the error
type/message matches existing Manifest load error conventions so callers can
handle it consistently.

In `@crates/seal-runtime/src/llm/backends/openai.rs`:
- Around line 253-258: refresh_chatgpt_token_if_needed updates self.auth_token
but the model-cap probes still clone self.config.api_key, causing probes (e.g.,
the /v1/models requests in the effective_* probe functions) to use an expired
key; update those probe paths to use the refreshed bearer token by calling the
runtime accessor (current_auth_token() or the auth token field) instead of
self.config.api_key so both chat requests and model-info probes use the same
fresh token (look for functions named refresh_chatgpt_token_if_needed, any
effective_* probe helpers, and model_info()/model probe code and replace cloning
of self.config.api_key with current_auth_token() or equivalent).
- Around line 135-145: messages_to_input_items in openai.rs currently drops
OpenAI's assistant "phase" because the Message/ContentBlock model in llm/mod.rs
has only role + content; to fix, either (a) extend the Message and ContentBlock
types in llm/mod.rs to include an optional phase field (and update
constructors/consumers) so messages_to_input_items can round‑trip phase, or (b)
embed the phase into the serialized content (e.g., an additional metadata field
in the JSON item created by messages_to_input_items) and update any
deserialization paths to read that metadata; update references to Message,
ContentBlock, and messages_to_input_items accordingly and add/adjust tests in
openai.rs to assert phase preservation.
- Around line 586-606: The SSE parser currently only splits frames on "\n\n" and
overwrites event_data for each "data: " line, which breaks CRLF-framed events
and multiline data fields; update the loop that processes buffer to detect both
CRLF and LF frame boundaries (e.g., search for "\r\n\r\n" first then "\n\n") and
when parsing each frame (the code that iterates frame.lines()) accumulate data
lines instead of assigning—append each data fragment (preserving a single "\n"
between fragments per the SSE spec) to event_data and trim only the "data:"
prefix (allow optional leading space), and keep existing logic for event_type
(event_type variable) and JSON parse after assembling the full event_data.

---

Duplicate comments:
In `@crates/seal-runtime/src/llm/backends/openai.rs`:
- Around line 82-119: The helpers fetch_openai_max_output_tokens_at,
fetch_openai_context_length_at and fetch_openai_model_field_at are probing the
unsupported /v1/models/{id} response for undocumented fields (max_output_tokens,
context_length); remove that behavior by stopping calls to
fetch_openai_model_field_at and either return None (or a safe default) from
fetch_openai_max_output_tokens_at and fetch_openai_context_length_at, and delete
or noop fetch_openai_model_field_at; update any callers to treat None as
“unknown” rather than relying on these undocumented fields so the code only uses
the official Models API surface.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 373ba33f-e63b-4f38-9d17-faf66fc9edcd

📥 Commits

Reviewing files that changed from the base of the PR and between 46f6a75 and 5bc379c.

⛔ Files ignored due to path filters (1)

• Cargo.lock is excluded by !**/*.lock

📒 Files selected for processing (41)

• crates/seal-agent/src/agent_loop/compact.rs
• crates/seal-agent/src/agent_loop/history.rs
• crates/seal-agent/src/agent_loop/turn.rs
• crates/seal-agent/src/agent_loop/wit_convert.rs
• crates/seal-agent/src/host.rs
• crates/seal-agent/src/messages.rs
• crates/seal-cli/Cargo.toml
• crates/seal-cli/src/lib.rs
• crates/seal-cli/src/login.rs
• crates/seal-cli/src/main.rs
• crates/seal-policy/src/grant.rs
• crates/seal-policy/src/manifest.rs
• crates/seal-policy/src/manifest/tests/basic_parsing.rs
• crates/seal-policy/src/manifest/tests/thinking_config.rs
• crates/seal-runtime/src/engine/conversions.rs
• crates/seal-runtime/src/engine/stream_chat.rs
• crates/seal-runtime/src/grant_store.rs
• crates/seal-runtime/src/llm/backends/anthropic.rs
• crates/seal-runtime/src/llm/backends/mock.rs
• crates/seal-runtime/src/llm/backends/mod.rs
• crates/seal-runtime/src/llm/backends/openai.rs
• crates/seal-runtime/src/llm/backends/openrouter.rs
• crates/seal-runtime/src/llm/chatgpt_token_refresh.rs
• crates/seal-runtime/src/llm/mod.rs
• crates/seal-runtime/src/llm/streaming.rs
• crates/seal-runtime/src/llm/tests_common.rs
• crates/seal-tui/src/wizard/input.rs
• crates/seal-tui/src/wizard/rendering.rs
• crates/seal-tui/src/wizard/state.rs
• crates/seal-tui/src/wizard/submit.rs
• crates/seal-tui/src/wizard/tests.rs
• crates/seal-utils/src/credentials.rs
• crates/seal-utils/src/env.rs
• docs/ARCHITECTURE.md
• docs/MANIFEST.md
• docs/site/src/content/docs/install.mdx
• docs/site/src/content/docs/provider-backends.mdx
• docs/site/src/content/docs/reference/manifest/index.mdx
• docs/site/src/content/docs/reference/manifest/model.mdx
• schemas/seal.toml.json
• wit/seal.wit