v3.11.9: fix Antigravity — preserve functionCall/functionResponse (PR #10)

- Merge PR #5 from cobra91: concurrency semaphore, auto-continue, SO_REUSEADDR,
  proxy-stderr.log, stream diagnostics, timeout handler, restart proxy fix
- Tool call argument normalizer, smart-continue loop, XML extraction
- API key hot-reload with mtime tracking + /admin/ endpoints
- GUI hot-reload on endpoint edit with upstream verification
- Synthetic tool-results disabled (caused deepseek-v4-pro truncation)
- Version bump 3.10.12 -> 3.11.0, rebuild .deb

CHANGELOG.md

@@ -1,5 +1,119 @@
 # Changelog
 
+## v3.11.9 (2026-05-26)
+
+**Antigravity Fix: Preserve functionCall/functionResponse in Gemini Sanitizer (PR #10)**
+
+### Bug Fixes
+
+- **Fix Antigravity multi-turn tool use**: The Gemini message sanitizer was incorrectly merging/dropping `functionCall` and `functionResponse` turns, causing Antigravity to think forever without responding. These turns are now always preserved as separate messages.
+- **Merge PR #10**: `fix: preserve functionCall/functionResponse in Gemini sanitizer` (qwen-chat coder)
+
+## v3.11.8 (2026-05-26)
+
+## v3.11.8 (2026-05-26)
+
+**Vision Cache Persistence, PR #8 Merge**
+
+### New Features
+
+- **Vision description cache persisted across requests**: Image descriptions from the vision fallback API are now cached in a file (`~/.cache/codex-proxy/vision-cache.json`) so the same image URL is never described twice — saves API calls and latency
+- **Merge PR #8**: `fix: persist vision description cache across requests` (cobra91)
+
+## v3.11.7 (2026-05-26)
+
+**Vision Auto-Detect, Proactive Non-Vision Model Detection, Unit Tests, Bug Fixes**
+
+### New Features
+
+- **Vision auto-detect fallback**: When no explicit vision fallback is configured, automatically uses the current provider's own vision model (e.g., `0G-Qwen-VL` for OpenAdapter) as the image description API — no separate API key needed
+- **Proactive non-vision model detection**: Models matching name patterns (`glm`, `deepseek`, `llama`, `qwen` without `vl`, etc.) are detected as non-vision on first request without waiting for an error from the provider
+- **Vision preprocessing is now the primary image handling solution**: Replaces old `_strip_images_from_input()` (which just removed images with a placeholder). Images are now described via API and sent as rich text descriptions to text-only models
+- **Merge PR #6**: Vision/OCR preprocessing for text-only models (cobra91)
+- **Merge PR #7**: 177 unit tests for translate-proxy.py (cobra91)
+
+### Bug Fixes
+
+- **AttributeError fix**: `image_url` field can be a string (bare URL) not always a dict — fixed in both `_preprocess_vision_input()` and old strip function
+- **Auth os error 2 fix**: GUI shows "Config missing" message instead of raw OSError when `~/.codex/` directory doesn't exist
+- **Removed duplicate vision functions**: Cleaned up duplicate `_vision_describe_image()`, `_preprocess_vision()`, `_preprocess_vision_input()` from merge
+
+## v3.11.6 (2026-05-26)
+
+**Antigravity Loop Breakers, Vision/OCR Preprocessing, has_content Fix, Auth Error Fix**
+
+### New Features (Antigravity-only, no other providers affected)
+
+- **Per-session loop tracking**: `_ANTIGRAVITY_LOOP_TRACKER` global dict with `_antigravity_loop_key()` function tracks state per session: `latest_user_hash`, `nudge_injected`, `latest_user_appended`, `tool_calls_for_request`, `repeated_tool`, `force_finalize`, `last_tool`, `last_tool_count`
+- **Edit-intent nudge injection**: Injected only on the first turn per request, preventing duplicate nudges across retries
+- **Latest user instruction append**: Appended exactly once per request to prevent redundant instruction stacking
+- **Loop breaker**: If the same tool + arguments is repeated ≥ 5 times in a session, `force_finalize` is triggered to break the infinite loop
+- **Detailed `[antigravity-loop]` logging**: All tracking fields logged on every Antigravity request for debugging
+
+### New Features (All OpenAI-compatible providers)
+
+- **Vision/OCR preprocessing**: When a provider doesn't support images (detected via error messages like "unknown variant image_url", "does not support image"), the proxy automatically calls a configurable vision fallback API (default: Kilo.ai) to describe images as text, then replaces image blocks with text descriptions before sending to text-only models
+- **`_vision_describe_image()`**: Calls vision fallback model to describe a single image, with MD5-based caching to avoid re-describing same URL
+- **`_preprocess_vision()`**: Replaces `image_url`/`input_image` blocks in Chat Completions message format with text descriptions when provider lacks vision support
+- **`_preprocess_vision_input()`**: Same for Responses API input format — runs BEFORE adapter conversion so images are replaced early
+- **Vision error retry**: On HTTP 4xx errors containing image-related keywords, automatically retries with images preprocessed instead of failing
+- **Configurable via env vars**: `VISION_FALLBACK_URL`, `VISION_FALLBACK_MODEL`, `VISION_FALLBACK_KEY`
+- **ProviderSchema `supports_vision` field**: Auto-detected from error responses and persisted in provider-caps.json
+
+### Critical Fixes
+
+- **`has_content` now includes `function_call`** (v3.11.5 fix): `_observe_event` only checked for `"type": "message"` — when models return only tool calls (no text), `has_content` was `False`, causing Codex to loop infinitely and build context until `context_length_exceeded`. Now checks both `"message"` and `"function_call"`.
+- **`has_message`/`has_tool_call` initialized in all 5 locations**: Previous fix added variables inside `_observe_event` closure but missed 4 other `has_content = False` locations, causing `NameError: name 'has_message' is not defined` crashes.
+- **Auth config-not-found error handling**: When Codex's `config.toml` is missing or deleted, `codex login status` returns "Error loading configuration: No such file or directory (os error 2)". Now caught specifically (`OSError errno==2`) and returns ("not_configured", "Config missing — launch once to create") with clear GUI guidance.
+
+### Bug Fixes (GUI)
+
+- **Active endpoint sync**: GUI auto-removes stale endpoint references on startup
+
+## v3.11.5 (2026-05-26)
+
+**Vision Filter, Token-Aware Compaction, Universal Adaptive Compaction, Smart-Continue Text Detection**
+
+### Critical Fixes
+
+- **Token-aware compaction for small-context models (FIX)**: `_crof_compact_for_retry()` had an early return at `len(input_data) <= limit` (item count) — if you had 25 items × 1600 tokens = 40K tokens, it skipped compaction entirely because 25 < 30 (the default item limit). Now also checks estimated token count vs learned model max, and compacts when either item count OR token count exceeds limits. Fixes repeated `context_length_exceeded` errors on models like 0G-GLM-5.1 (~35K token context).
+- **Proactive compaction now token-aware**: Previously only triggered when item count > 30. Now also triggers when estimated tokens exceed 80% of the model's learned token limit, even if item count is below the threshold. Prevents the first-request failure pattern on small-context models.
+- **Compaction aggression threshold**: Changed `est > max_tok` to `est >= max_tok * 0.9` to avoid edge case where estimated tokens exactly equal the limit and compaction is skipped.
+- **Removed all `crof.ai` gates from adaptive compaction**: Proactive compaction, `finish_reason=length` retry, `_crof_record`, and compaction logging were gated behind `"crof.ai" in TARGET_URL`. These gates prevented OpenAdapter and other providers from getting proactive/retry compaction, causing repeated `context_length_exceeded` failures. Now applies universally to ALL providers.
+
+### New Features
+
+- **Vision model detection + image stripping**: `_strip_images_from_input()` and `_model_supports_vision()` detect vision capability by model name pattern. Non-vision models (deepseek, glm, mixtral, llama, command, dbrx, qwen, phi-3) have `input_image`/`image_url` parts stripped and replaced with `[User attached image: filename — this model does not support vision]` text notice. Vision models (gpt-4o, gemini, claude, qwen-vl, glm-5v) keep images intact. Applied in 3 paths: main request, context_length_exceeded retry, smart-continue nudge.
+- **Token estimation and per-model limit learning**: `_estimate_tokens()`, `_estimate_input_tokens()`, `_get_model_max_tokens()`, `_set_model_max_tokens()`. Extracts `~N tokens` from `context_length_exceeded` error messages and stores per-model token limits. Used by proactive compaction and retry compaction to adjust `keep` count dynamically.
+- **Compaction aggression levels**: `_crof_compact_for_retry()` accepts `aggression` parameter (0=normal, 1=extreme). Extreme mode kicks in when estimated tokens > 1.5× the learned limit or on 2nd+ retry attempt. Reduces `keep` count to minimum, ensuring the compacted request fits within model limits.
+- **Smart-continue text-tool detection**: Removed hard requirement for `has_function_call_output(input_data)`. Added `_TOOL_CALL_TEXT_PATTERNS` and `_text_looks_like_tool_calls()` to trigger nudging when model outputs text matching tool-call patterns (e.g., `• (exec_command cmd ...)`, `write_to_file`, `exec_command`) even without prior `function_call_output` in context. Essential for models like 0G-GLM-5.1 that never emit real `function_call_output` items.
+- **Parenthesized tool call regex**: `_PAREN_TC_RE` pattern to match `• (name args...)` format from non-vision models that output tool calls as parenthesized text.
+
+### GUI Fixes
+
+- **Active endpoint sync**: Added `set_active_endpoint()` and `validate_active_endpoint()` to Linux GTK GUI. Syncs `.active-endpoint.json` with `config.toml` on every launch; auto-removes stale references to deleted providers. Fixed `"Error loading configuration: No such file or directory (os error 2)"` crash when active endpoint referenced a deleted provider.
+- **Config state**: `~/.codex/.active-endpoint.json` and `config.toml` model catalog path validated and auto-corrected on GUI startup.
+
+## v3.11.0 (2026-05-26)
+
+**Cobra PR Merge + Smart Continuation + API Key Hot-Reload**
+
+### New Features
+- **Concurrency semaphore (max 3)**: limits parallel upstream requests to prevent rate-limiting
+- **Auto-continue for truncated text**: detects text ending in `:`, `(`, `;`, `…` or `finish_reason=length`, continues seamlessly
+- **SO_REUSEADDR on sticky port**: prevents `TIME_WAIT` from changing port on restart
+- **proxy-stderr.log**: persistent log file for proxy errors
+- **Stream diagnostics**: logs event count, finish reason, content flag, elapsed time after each stream
+- **Timeout/OSError handler**: sends proper `response.failed` SSE event instead of silently dropping connection
+- **Restart Proxy button**: now only restarts proxy without killing Codex Desktop
+- **Tool call argument normalizer**: fixes capital-A `Arguments` key, strips markdown/JSON code block wrapping from tool call arguments
+- **Smart-continue loop (2× retries)**: escalating nudge messages when model returns text-only stop mid-task
+- **XML tool call extraction**: parses `<tool_call>name{args}</tool_call>` from model text output, injects as real `function_call` items
+- **Auto-continue + smart-continue ordered with skip guard**: prevents both from double-firing on the same response
+- **API key hot-reload**: mtime tracking detects config changes, `/admin/reload` endpoint triggers hot-reload, `/admin/verify-key` tests key against upstream
+- **GUI hot-reload**: auto-refreshes proxy key on endpoint edit, verifies with upstream — no proxy restart needed
+- **Synthetic tool-results disabled**: was causing deepseek-v4-pro truncation on opencode.ai
+
 ## v3.10.12 (2026-05-26)
 
 **Sticky Endpoint, Claude Fixes, Guardrail Skip, Anti-Stall**

README.md

@@ -130,6 +130,14 @@ A three-component system:
 - **Response store TTL** — evicts stored responses older than 10 minutes, prevents memory leaks
 - **Bounded stream buffers** — 8MB cap prevents OOM on pathological responses
 - **Dual logging** — all proxy messages written to both stderr and `~/.cache/codex-proxy/proxy.log`
+- **Vision model detection** (v3.11.5) — automatically strips images for non-vision models (DeepSeek, GLM, Qwen, etc.) and replaces with text notice; vision-capable models (GPT-4o, Gemini, Claude, Qwen-VL) keep images intact
+- **Token-aware compaction** (v3.11.5) — learns per-model token limits from `context_length_exceeded` errors; proactively compacts when estimated tokens exceed 80% of limit; prevents repeated context overflow on small-context models (~35K tokens)
+- **Universal adaptive compaction** (v3.11.5) — compaction now works for ALL providers (was Crof.ai-only); proactive + retry compaction with aggression levels (normal/extreme)
+- **Smart-continue text detection** (v3.11.5) — triggers continuation nudging when model outputs text matching tool-call patterns, essential for text-only models that never emit real `function_call_output` items
+- **Antigravity loop breakers** (v3.11.6) — per-session tracking with automatic finalization when same tool+args repeats 5+ times; edit-intent nudge injected only on first turn; latest user instruction appended exactly once per request
+- **has_content function_call fix** (v3.11.6) — tool-call-only responses now correctly flagged as having content, preventing infinite loops on OpenAdapter/Z.AI/OpenRouter providers
+- **Vision/OCR preprocessing** (v3.11.6) — when provider rejects images, automatically calls a configurable vision fallback API (Kilo.ai) to describe images as text for text-only models; MD5-cached; retries on vision errors with preprocessed text
+- **Auth config-missing fix** (v3.11.6) — graceful handling when Codex config.toml is missing instead of showing raw os error
 - Zero dependencies — pure Python stdlib
 
 ### Command Code Adapter

install.ps1

@@ -0,0 +1,127 @@
+<#
+.SYNOPSIS
+    Codex Launcher Windows Installer
+.DESCRIPTION
+    Installs Codex Launcher for the current user.
+.NOTES
+    Requires: Python 3.8+ (stdlib only, zero pip dependencies).
+#>
+
+param(
+    [switch]$Uninstall
+)
+
+$ErrorActionPreference = 'Stop'
+$BinDir = Join-Path $env:LOCALAPPDATA 'Programs\Codex-Launcher'
+$StartMenu = Join-Path $env:APPDATA 'Microsoft\Windows\Start Menu\Programs'
+
+if ($Uninstall) {
+    Write-Host 'Uninstalling Codex Launcher...' -ForegroundColor Yellow
+
+    if (Test-Path $BinDir) {
+        Remove-Item -Recurse -Force $BinDir
+        Write-Host "  Removed $BinDir"
+    }
+
+    $shortcut = Join-Path $StartMenu 'Codex Launcher.lnk'
+    if (Test-Path $shortcut) {
+        Remove-Item -Force $shortcut
+        Write-Host '  Removed Start Menu shortcut'
+    }
+
+    $userPath = [Environment]::GetEnvironmentVariable('PATH', 'User')
+    if ($userPath -like "*$BinDir*") {
+        $newPath = ($userPath -split ';' | Where-Object { $_ -ne $BinDir }) -join ';'
+        [Environment]::SetEnvironmentVariable('PATH', $newPath, 'User')
+        Write-Host '  Removed from PATH'
+    }
+
+    Write-Host 'Uninstall complete.' -ForegroundColor Green
+    return
+}
+
+Write-Host ''
+Write-Host '  Codex Launcher - Windows Installer' -ForegroundColor Cyan
+Write-Host '  ====================================' -ForegroundColor Cyan
+Write-Host ''
+
+# Check Python
+$pythonExe = Get-Command python -ErrorAction SilentlyContinue
+if (-not $pythonExe) {
+    $pythonExe = Get-Command python3 -ErrorAction SilentlyContinue
+}
+if (-not $pythonExe) {
+    Write-Host 'ERROR: Python not found. Install Python 3.8+ and add to PATH.' -ForegroundColor Red
+    exit 1
+}
+Write-Host "  Python: $($pythonExe.Source)" -ForegroundColor Gray
+
+# Create install directory
+New-Item -ItemType Directory -Force -Path $BinDir | Out-Null
+
+# Copy files
+$srcDir = Join-Path $PSScriptRoot 'src'
+$files = @(
+    'translate-proxy.py',
+    'codex-launcher-gui.py',
+    'codex_launcher_lib.py',
+    'cleanup-codex-stale.py'
+)
+
+foreach ($file in $files) {
+    $src = Join-Path $srcDir $file
+    if (Test-Path $src) {
+        Copy-Item -Force $src $BinDir
+        Write-Host "  Installed: $file" -ForegroundColor Green
+    } else {
+        Write-Host "  WARNING: $file not found in src/" -ForegroundColor Yellow
+    }
+}
+
+# Create Start Menu shortcut
+$WshShell = New-Object -ComObject WScript.Shell
+$shortcutPath = Join-Path $StartMenu 'Codex Launcher.lnk'
+$Shortcut = $WshShell.CreateShortcut($shortcutPath)
+
+# Find pythonw.exe for no-console launch
+$pythonw = Get-Command pythonw -ErrorAction SilentlyContinue
+if (-not $pythonw) {
+    $pythonDir = Split-Path $pythonExe.Source
+    $pythonwCandidate = Join-Path $pythonDir 'pythonw.exe'
+    if (Test-Path $pythonwCandidate) {
+        $pythonw = $pythonwCandidate
+    }
+}
+
+if ($pythonw) {
+    $targetPath = if ($pythonw.Source) { $pythonw.Source } else { $pythonw }
+} else {
+    $targetPath = $pythonExe.Source
+}
+$Shortcut.TargetPath = $targetPath
+$guiPath = Join-Path $BinDir 'codex-launcher-gui.py'
+$Shortcut.Arguments = $guiPath
+$Shortcut.WorkingDirectory = $BinDir
+$Shortcut.Description = 'Launch Codex Desktop with any AI provider'
+$Shortcut.Save()
+Write-Host '  Created Start Menu shortcut' -ForegroundColor Green
+
+# Add to PATH
+$userPath = [Environment]::GetEnvironmentVariable('PATH', 'User')
+if ($userPath -notlike "*$BinDir*") {
+    $newUserPath = $userPath + ';' + $BinDir
+    [Environment]::SetEnvironmentVariable('PATH', $newUserPath, 'User')
+    $env:PATH = $env:PATH + ';' + $BinDir
+    Write-Host '  Added to user PATH' -ForegroundColor Green
+}
+
+# Verify
+Write-Host ''
+Write-Host '  Installation complete!' -ForegroundColor Cyan
+Write-Host "  Install dir: $BinDir" -ForegroundColor Gray
+Write-Host ''
+Write-Host '  Launch options:' -ForegroundColor White
+Write-Host '    Start Menu:  Codex Launcher' -ForegroundColor Gray
+Write-Host '    Command:     codex-launcher-gui.py' -ForegroundColor Gray
+Write-Host '    Uninstall:   powershell -File install.ps1 -Uninstall' -ForegroundColor Gray
+Write-Host ''

install.sh

@@ -3,11 +3,13 @@ set -e
 
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 
-if [ -f "$SCRIPT_DIR/codex-launcher_3.10.12_all.deb" ]; then
-    echo "Installing codex-launcher_3.10.12_all.deb ..."
-    sudo dpkg -i "$SCRIPT_DIR/codex-launcher_3.10.12_all.deb"
-    echo ""
-    echo "Installed v3.10.12 via .deb package."
+if [ -f "$SCRIPT_DIR/codex-launcher_3.11.6_all.deb" ]; then
+    echo "Installing codex-launcher_3.11.6_all.deb ..."
+    sudo dpkg -i "$SCRIPT_DIR/codex-launcher_3.11.6_all.deb"
+else
+    echo "WARNING: codex-launcher_3.11.6_all.deb not found; copying files manually."
+fi
+echo "Installed v3.11.6 via .deb package."
     echo "  translate-proxy.py   -> /usr/bin/translate-proxy.py"
     echo "  codex-launcher-gui   -> /usr/bin/codex-launcher-gui"
     echo "  cleanup-codex-stale  -> /usr/bin/cleanup-codex-stale.sh"

src/codex-launcher-gui

@@ -20,12 +20,56 @@ BGP_POOLS_FILE = HOME / ".codex/bgp-pools.json"
 LOG_DIR = HOME / ".cache/codex-desktop"
 LAUNCH_LOG = LOG_DIR / "launcher.log"
 PROXY_CONFIG_DIR = HOME / ".cache/codex-proxy"
+ACTIVE_ENDPOINT_FILE = HOME / ".codex/.active-endpoint.json"
 DEFAULT_CONFIG = """model = ""
 model_provider = ""
 model_catalog_json = ""
 """
 
 CHANGELOG = [
+    ("3.11.9", "2026-05-26", [
+        "Fix Antigravity: preserve functionCall/functionResponse (PR #10)",
+        "Prevents tool responses from being dropped in multi-turn sessions",
+    ]),
+    ("3.11.8", "2026-05-26", [
+        "Vision cache persisted across requests (PR #8 merge)",
+        "No redundant vision API calls for same image URL",
+    ]),
+    ("3.11.7", "2026-05-26", [
+        "Vision auto-detect: uses provider's vision model for image description",
+        "Vision preprocessing replaces image stripping",
+        "Fix AttributeError in image_url string handling",
+        "Merge PR #6: vision/OCR preprocessing, PR #7: 177 unit tests",
+        "Auth os error 2 fix: proper config-missing message in GUI",
+    ]),
+    ("3.11.6", "2026-05-26", [
+        "Antigravity loop breakers: per-session tracking, repeated tool detection",
+        "has_content fix: function_call counts as valid output",
+        "Latest user instruction appended once per request for Antigravity",
+        "Antigravity-only changes, no touch to other providers",
+    ]),
+    ("3.11.5", "2026-05-26", [
+        "Token-aware compaction: fixes context_length_exceeded on small-context models",
+        "Proactive compaction triggers on token count, not just item count",
+        "Universal adaptive compaction for all providers (removed crof.ai gates)",
+        "Vision model detection + image stripping for non-vision models",
+        "Per-model token limit learning from error messages",
+        "Smart-continue text-tool detection for text-only models",
+        "Active endpoint sync: auto-removes stale references on startup",
+    ]),
+    ("3.11.0", "2026-05-26", [
+        "Merge cobra PR: concurrency semaphore (max 3), auto-continue for truncated text",
+        "SO_REUSEADDR on sticky port, proxy-stderr.log, stream diagnostics logging",
+        "Timeout/OSError handler sends response.failed SSE instead of silent drop",
+        "Restart Proxy button: only restarts proxy without killing Codex Desktop",
+        "Tool call argument normalizer: fixes Arguments→arguments, strips markdown wrapping",
+        "Smart-continue loop (2× retries): escalating nudges when model stops text-only mid-task",
+        "XML tool call extraction: parses <name> patterns from text, injects as real calls",
+        "Auto-continue + smart-continue ordered with skip guard to avoid double-firing",
+        "API key hot-reload with mtime tracking + /admin/reload + /admin/verify-key endpoints",
+        "GUI hot-reload: auto-refreshes proxy key on endpoint edit, verifies with upstream",
+        "Synthetic tool-results disabled: was causing deepseek-v4-pro truncation on opencode.ai",
+    ]),
     ("3.10.4", "2026-05-25", [
         "OAuth Secrets editor in GUI — update client ID/secret without editing files",
         "Secrets stored in ~/.config/codex-launcher/oauth-secrets.json (not in repo)",
@@ -361,7 +405,7 @@ PROVIDER_PRESETS = {
     },
     "Google Antigravity (OAuth)": {
         "backend_type": "gemini-oauth-antigravity",
-        "base_url": "https://daily-cloudcode-pa.sandbox.googleapis.com",
+        "base_url": "https://cloudcode-pa.googleapis.com",
         "oauth_provider": "google-antigravity",
         "models": [
             "Gemini 3.5 Flash (High)", "Gemini 3.5 Flash (Medium)", "Gemini 3.5 Flash (Low)",
@@ -910,6 +954,27 @@ def restore_config():
         shutil.copy2(str(CONFIG_BAK), str(tmp))
         os.replace(str(tmp), str(CONFIG))
 
+def set_active_endpoint(name):
+    ACTIVE_ENDPOINT_FILE.parent.mkdir(parents=True, exist_ok=True)
+    write_secure_text(ACTIVE_ENDPOINT_FILE, json.dumps({"active": name}, indent=2))
+
+def validate_active_endpoint(logfn=None):
+    if not ACTIVE_ENDPOINT_FILE.exists():
+        return
+    try:
+        d = json.loads(ACTIVE_ENDPOINT_FILE.read_text())
+        active = d.get("active", "")
+        if not active:
+            return
+        eps = load_endpoints()
+        names = {ep.get("name", "") for ep in eps}
+        if active not in names:
+            ACTIVE_ENDPOINT_FILE.unlink()
+            if logfn:
+                logfn(f"Removed stale active-endpoint '{active}' (provider no longer exists)")
+    except Exception:
+        pass
+
 def write_secure_text(path, text):
     path.parent.mkdir(parents=True, exist_ok=True)
     tmp = path.with_suffix(path.suffix + ".tmp")
@@ -1253,6 +1318,9 @@ def _check_codex_auth():
         if out.returncode == 0 and text:
             return ("logged_in", text)
         if text:
+            _tl = text.lower()
+            if "no such file" in _tl or "os error 2" in _tl or "not found" in _tl:
+                return ("not_configured", "Config missing — launch once to create")
             return ("error", text)
         return ("unknown", "No output from codex login status")
     except FileNotFoundError:
@@ -1782,6 +1850,64 @@ class AIMonitoringWindow(Gtk.Window):
 # Main window
 # ═══════════════════════════════════════════════════════════════════
 
+def _oauth_discover_project(access_token, token_path, tokens):
+    project_id = ""
+    try:
+        lr = urllib.request.Request(
+            "https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist",
+            data=json.dumps({}).encode(),
+            headers={"Content-Type": "application/json",
+                     "Authorization": f"Bearer {access_token}",
+                     "User-Agent": "google-api-nodejs-client/9.15.1"})
+        lresp = urllib.request.urlopen(lr, timeout=15)
+        ldata = json.loads(lresp.read())
+        p = ldata.get("cloudaicompanionProject", "")
+        if isinstance(p, dict):
+            project_id = p.get("id", "")
+        elif isinstance(p, str):
+            project_id = p
+    except Exception:
+        pass
+    if not project_id:
+        return ""
+    try:
+        test_url = f"https://cloudcode-pa.googleapis.com/v1internal:listModels?project={project_id}"
+        test_req = urllib.request.Request(test_url,
+            headers={"Authorization": f"Bearer {access_token}",
+                     "User-Agent": "google-api-nodejs-client/9.15.1"})
+        urllib.request.urlopen(test_req, timeout=10)
+    except urllib.error.HTTPError as e:
+        if e.code == 403 and "SERVICE_DISABLED" in (e.read().decode()[:500]):
+            print(f"[oauth] project {project_id} has API disabled, searching for valid project...", file=sys.stderr)
+            try:
+                list_req = urllib.request.Request(
+                    "https://cloudresourcemanager.googleapis.com/v1/projects?filter=lifecycleState:ACTIVE",
+                    headers={"Authorization": f"Bearer {access_token}"})
+                list_resp = urllib.request.urlopen(list_req, timeout=15)
+                projects = json.loads(list_resp.read()).get("projects", [])
+                for proj in projects:
+                    pid = proj.get("projectId", "")
+                    if not pid or pid == project_id:
+                        continue
+                    try:
+                        t2 = urllib.request.Request(
+                            f"https://cloudcode-pa.googleapis.com/v1internal:listModels?project={pid}",
+                            headers={"Authorization": f"Bearer {access_token}",
+                                     "User-Agent": "google-api-nodejs-client/9.15.1"})
+                        urllib.request.urlopen(t2, timeout=10)
+                        project_id = pid
+                        print(f"[oauth] found working project: {pid}", file=sys.stderr)
+                        break
+                    except Exception:
+                        continue
+            except Exception:
+                pass
+    tokens["project_id"] = project_id
+    with open(token_path, "w") as f:
+        json.dump(tokens, f, indent=2)
+    os.chmod(token_path, 0o600)
+    return project_id
+
 class LauncherWin(Gtk.Window):
     def __init__(self):
         super().__init__(title="Codex Launcher")
@@ -1791,6 +1917,7 @@ class LauncherWin(Gtk.Window):
         self._proc = None
         self._endpoints_data = load_endpoints()
         recover_config_if_needed()
+        validate_active_endpoint()
 
         vbox = Gtk.Box(orientation=Gtk.Orientation.VERTICAL, spacing=8)
         self.add(vbox)
@@ -1798,7 +1925,7 @@ class LauncherWin(Gtk.Window):
         # header row
         hdr = Gtk.Box(spacing=8)
         vbox.pack_start(hdr, False, False, 0)
-        lbl = Gtk.Label(label="<b>Codex Launcher v3.10.7</b>")
+        lbl = Gtk.Label(label=f"<b>Codex Launcher v{CHANGELOG[0][0]}</b>")
         lbl.set_use_markup(True)
         hdr.pack_start(lbl, False, False, 0)
         changelog_btn = Gtk.Button(label="Changelog")
@@ -2037,6 +2164,8 @@ class LauncherWin(Gtk.Window):
             self._relogin_btn.set_sensitive("cli" not in self._missing)
         elif status == "not_installed":
             self._auth_label.set_markup("<span foreground='#888'>Auth: N/A (CLI not installed)</span>")
+        elif status == "not_configured":
+            self._auth_label.set_markup("<span foreground='#d29922'>⚠ Config missing — launch once to create</span>")
         else:
             self._auth_label.set_markup(f"<span foreground='#d29922'>⚠ Auth: {msg}</span>")
             self._relogin_btn.set_sensitive("cli" not in self._missing)
@@ -2536,6 +2665,8 @@ class LauncherWin(Gtk.Window):
                 begin_config_transaction(f"launch:{ep['name']}")
                 write_config_for_native(ep, model)
 
+            set_active_endpoint(ep["name"])
+
             if target == "desktop":
                 if needs_proxy:
                     _kill_existing_desktop(self.log)
@@ -2593,6 +2724,7 @@ class LauncherWin(Gtk.Window):
 
             begin_config_transaction(f"launch:bgp:{pool['name']}")
             write_config_for_translated(bgp_ep, model, port)
+            set_active_endpoint(pool["name"])
 
             if target == "desktop":
                 _kill_existing_desktop(self.log)
@@ -2832,63 +2964,163 @@ class LauncherWin(Gtk.Window):
         _stop_proxy()
         Gtk.main_quit()
 
-    def _google_reoauth(self, provider):
-        secrets_path = os.path.expanduser("~/.config/codex-launcher/oauth-secrets.json")
-        try:
-            with open(secrets_path) as f:
-                secrets = json.load(f)
-        except Exception:
-            secrets = {}
+    def _google_reoauth(self, provider, parent_dlg=None):
+        import http.server
         is_antigravity = provider == "google-antigravity"
         sec_key = "antigravity" if is_antigravity else "gemini_cli"
-        sec = secrets.get(sec_key, {})
-        client_id = sec.get("client_id", "")
-        client_secret = sec.get("client_secret", "")
-        if not client_id or not client_secret:
+        _sp = os.path.expanduser("~/.config/codex-launcher/oauth-secrets.json")
+        try:
+            with open(_sp) as _f:
+                _secrets_data = json.load(_f)
+        except Exception:
+            _secrets_data = {}
+        sec = _secrets_data.get(sec_key, {})
+        CLIENT_ID = sec.get("client_id", "")
+        CLIENT_SECRET = sec.get("client_secret", "")
+        if not CLIENT_ID or not CLIENT_SECRET:
             self._show_error_dialog("Missing OAuth secrets",
                 f"No client_id/client_secret for {sec_key}.\nSet them in OAuth Secrets first.")
             return
         token_file = "google-antigravity-oauth-token.json" if is_antigravity else "google-cli-oauth-token.json"
         token_path = os.path.expanduser(f"~/.cache/codex-proxy/{token_file}")
-        redirect = "urn:ietf:wg:oauth:2.0:oob"
-        auth_url = (f"https://accounts.google.com/o/oauth2/v2/auth?client_id={client_id}"
-                    f"&redirect_uri={urllib.parse.quote(redirect)}"
-                    f"&response_type=code&scope={urllib.parse.quote('https://www.googleapis.com/auth/cloud-platform')}"
-                    f"&access_type=offline&prompt=consent")
-        webbrowser.open(auth_url)
-        code_dlg = Gtk.Dialog(title=f"Re-OAuth: {'Antigravity' if is_antigravity else 'Gemini CLI'}", parent=self, modal=True)
-        code_dlg.add_button("Cancel", Gtk.ResponseType.CANCEL)
-        code_dlg.add_button("Exchange", Gtk.ResponseType.OK)
-        code_dlg.set_default_size(500, 180)
-        ca = code_dlg.get_content_area()
+        provider_kind = "antigravity" if is_antigravity else "cli"
+
+        if is_antigravity:
+            SCOPES = [
+                "https://www.googleapis.com/auth/cloud-platform",
+                "https://www.googleapis.com/auth/userinfo.email",
+                "https://www.googleapis.com/auth/userinfo.profile",
+                "https://www.googleapis.com/auth/cclog",
+                "https://www.googleapis.com/auth/experimentsandconfigs",
+            ]
+            port = 51121
+            redirect_uri = f"http://localhost:{port}/oauth-callback"
+            callback_path = "/oauth-callback"
+        else:
+            SCOPES = [
+                "https://www.googleapis.com/auth/cloud-platform",
+                "https://www.googleapis.com/auth/userinfo.email",
+                "https://www.googleapis.com/auth/userinfo.profile",
+            ]
+            with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+                s.bind(("127.0.0.1", 0))
+                port = s.getsockname()[1]
+            redirect_uri = f"http://127.0.0.1:{port}/oauth2callback"
+            callback_path = "/oauth2callback"
+
+        state = secrets.token_hex(32)
+        verifier = secrets.token_urlsafe(64)
+        challenge = base64.urlsafe_b64encode(hashlib.sha256(verifier.encode()).digest()).rstrip(b"=").decode()
+
+        scope_str = " ".join(SCOPES)
+        auth_url = (
+            f"https://accounts.google.com/o/oauth2/v2/auth?"
+            f"client_id={CLIENT_ID}"
+            f"&redirect_uri={urllib.parse.quote(redirect_uri)}"
+            f"&response_type=code"
+            f"&scope={urllib.parse.quote(scope_str)}"
+            f"&access_type=offline"
+            f"&prompt=select_account%20consent"
+            f"&state={state}"
+            f"&code_challenge={challenge}"
+            f"&code_challenge_method=S256"
+        )
+
+        oauth_dlg = Gtk.Dialog(title=f"Re-OAuth: {'Antigravity' if is_antigravity else 'Gemini CLI'}", parent=parent_dlg or self, modal=True)
+        oauth_dlg.add_button("Cancel", Gtk.ResponseType.CANCEL)
+        oauth_dlg.set_default_size(520, 200)
+        ca = oauth_dlg.get_content_area()
         ca.set_margin_start(12)
         ca.set_margin_end(12)
         ca.set_spacing(6)
-        ca.pack_start(Gtk.Label(label="Browser opened for Google OAuth.\nPaste the authorization code below:", xalign=0), False, False, 0)
-        code_entry = Gtk.Entry()
-        code_entry.set_placeholder_text("4/0AX...")
-        ca.pack_start(code_entry, False, False, 4)
+        ca.pack_start(Gtk.Label(label=f"<b>Re-authenticating {'Antigravity' if is_antigravity else 'Gemini CLI'}</b>", use_markup=True, xalign=0), False, False, 0)
+        link_lbl = Gtk.Label(label="Click here to open Google authorization", use_markup=True, xalign=0)
+        link_lbl.set_markup(f'<a href="{auth_url}">Click here to open Google authorization</a>')
+        ca.pack_start(link_lbl, False, False, 4)
+        status_lbl = Gtk.Label(label="Waiting for browser callback...", xalign=0)
+        ca.pack_start(status_lbl, False, False, 4)
         ca.show_all()
-        if code_dlg.run() == Gtk.ResponseType.OK:
-            code = code_entry.get_text().strip()
-            if code:
+
+        code_holder = [None]
+        error_holder = [None]
+
+        class OAuthHandler(http.server.BaseHTTPRequestHandler):
+            def do_GET(self2):
+                qs = urllib.parse.urlparse(self2.path).query
+                params = urllib.parse.parse_qs(qs)
+                if "code" in params:
+                    if params.get("state", [None])[0] != state:
+                        self2.send_response(400)
+                        self2.end_headers()
+                        self2.wfile.write(b"CSRF state mismatch")
+                        error_holder[0] = "CSRF state mismatch"
+                        return
+                    code_holder[0] = params["code"][0]
+                    self2.send_response(302)
+                    self2.send_header("Location", "https://developers.google.com/gemini-code-assist/auth_success_gemini")
+                    self2.end_headers()
+                else:
+                    error_holder[0] = params.get("error", ["unknown"])[0]
+                    self2.send_response(302)
+                    self2.send_header("Location", "https://developers.google.com/gemini-code-assist/auth_failure_gemini")
+                    self2.end_headers()
+            def log_message(self2, fmt, *args):
+                pass
+
+        try:
+            bind_host = "localhost" if is_antigravity else "127.0.0.1"
+            server = http.server.HTTPServer((bind_host, port), OAuthHandler)
+        except OSError:
+            status_lbl.set_text(f"Port {port} in use — close other apps and retry.")
+            oauth_dlg.run()
+            oauth_dlg.destroy()
+            return
+
+        def _wait():
+            deadline = time.time() + 120
+            while code_holder[0] is None and error_holder[0] is None and time.time() < deadline:
+                server.handle_request()
+            server.server_close()
+            if code_holder[0]:
                 try:
-                    tok_req = urllib.request.Request("https://oauth2.googleapis.com/token",
-                        data=urllib.parse.urlencode({
-                            "code": code, "client_id": client_id, "client_secret": client_secret,
-                            "redirect_uri": redirect, "grant_type": "authorization_code"
-                        }).encode(),
+                    tok_data = urllib.parse.urlencode({
+                        "code": code_holder[0], "client_id": CLIENT_ID, "client_secret": CLIENT_SECRET,
+                        "redirect_uri": redirect_uri, "grant_type": "authorization_code",
+                        "code_verifier": verifier,
+                    }).encode()
+                    req = urllib.request.Request("https://oauth2.googleapis.com/token", data=tok_data,
                         headers={"Content-Type": "application/x-www-form-urlencoded"})
-                    tok_resp = urllib.request.urlopen(tok_req, timeout=30)
-                    tok_data = json.loads(tok_resp.read())
-                    tok_data["_updated"] = time.time()
+                    resp = urllib.request.urlopen(req, timeout=30)
+                    tokens = json.loads(resp.read())
+                    tokens["client_id"] = CLIENT_ID
+                    tokens["client_secret"] = CLIENT_SECRET
+                    tokens["provider_kind"] = provider_kind
+                    tokens["expires_at"] = time.time() + tokens.get("expires_in", 3600)
                     os.makedirs(os.path.dirname(token_path), exist_ok=True)
                     with open(token_path, "w") as f:
-                        json.dump(tok_data, f, indent=2)
-                    self._log(f"[oauth] Refreshed {provider} token → {token_path}")
+                        json.dump(tokens, f, indent=2)
+                    os.chmod(token_path, 0o600)
+                    project_id = _oauth_discover_project(tokens["access_token"], token_path, tokens)
+                    def _on_success():
+                        status_lbl.set_text(f"Authorization successful! Project: {project_id or 'none'}")
+                        GLib.timeout_add_seconds(2, lambda: oauth_dlg.destroy())
+                        return False
+                    GLib.idle_add(_on_success)
                 except Exception as e:
-                    self._show_error_dialog("Token exchange failed", str(e)[:300])
-        code_dlg.destroy()
+                    def _on_err(exc=str(e)):
+                        status_lbl.set_text(f"Token exchange failed: {exc[:200]}")
+                        return False
+                    GLib.idle_add(_on_err)
+            else:
+                def _on_fail(err=error_holder[0]):
+                    status_lbl.set_text(f"Failed: {err or 'No code received'}")
+                    return False
+                GLib.idle_add(_on_fail)
+
+        webbrowser.open(auth_url)
+        threading.Thread(target=_wait, daemon=True).start()
+        oauth_dlg.run()
+        oauth_dlg.destroy()
 
     def _codebuff_reoauth(self):
         self._codebuff_oauth_standalone()
@@ -3019,7 +3251,7 @@ class LauncherWin(Gtk.Window):
             hdr_row.pack_start(Gtk.Label(label=f"\n<b>{section_label}</b>", use_markup=True, xalign=0), True, True, 0)
             reauth_btn = Gtk.Button(label="Re-OAuth")
             reauth_btn.set_size_request(80, -1)
-            reauth_btn.connect("clicked", lambda b, p=oauth_prov: self._google_reoauth(p))
+            reauth_btn.connect("clicked", lambda b, p=oauth_prov: self._google_reoauth(p, dlg))
             hdr_row.pack_end(reauth_btn, False, False, 0)
             import_btn = Gtk.Button(label="Import JSON")
             import_btn.set_size_request(100, -1)
@@ -3868,32 +4100,8 @@ class EditEndpointDialog(Gtk.Dialog):
                         json.dump(tokens, f, indent=2)
                     os.chmod(token_path, 0o600)
                     _oauth_log(f"Token saved to {token_path}")
-                    project_id = ""
-                    try:
-                        _oauth_log("Discovering project ID via loadCodeAssist...")
-                        lr = urllib.request.Request(
-                            "https://cloudcode-pa.googleapis.com/v1internal:loadCodeAssist",
-                            data=json.dumps({}).encode(),
-                            headers={
-                                "Content-Type": "application/json",
-                                "Authorization": f"Bearer {tokens['access_token']}",
-                                "User-Agent": "google-api-nodejs-client/9.15.1",
-                            })
-                        lresp = urllib.request.urlopen(lr, timeout=15)
-                        ldata = json.loads(lresp.read())
-                        p = ldata.get("cloudaicompanionProject", "")
-                        if isinstance(p, dict):
-                            project_id = p.get("id", "")
-                        elif isinstance(p, str):
-                            project_id = p
-                        _oauth_log(f"Project ID: {project_id or '(none)'}")
-                        if project_id:
-                            tokens["project_id"] = project_id
-                            with open(token_path, "w") as f2:
-                                json.dump(tokens, f2, indent=2)
-                            os.chmod(token_path, 0o600)
-                    except Exception as pe:
-                        _oauth_log(f"loadCodeAssist failed (non-fatal): {pe}")
+                    project_id = _oauth_discover_project(tokens["access_token"], token_path, tokens)
+                    _oauth_log(f"Project ID: {project_id or '(none)'}")
                     if is_antigravity:
                         found_models = [
                             "gemini-2.5-flash", "gemini-2.5-pro",
@@ -3915,7 +4123,7 @@ class EditEndpointDialog(Gtk.Dialog):
                         for mc in probe_candidates:
                             try:
                                 pr = urllib.request.Request(
-                                    "https://daily-cloudcode-pa.sandbox.googleapis.com/v1internal:generateContent",
+                                    "https://cloudcode-pa.googleapis.com/v1internal:generateContent",
                                     data=json.dumps({
                                         "project": project_id,
                                         "model": mc,
@@ -4264,10 +4472,54 @@ class EditEndpointDialog(Gtk.Dialog):
                 data["default"] = name
 
         save_endpoints(data)
+        self._hot_reload_proxy_key(new_ep)
         self._parent_mgr._rebuild()
         self._parent_mgr._parent._on_endpoints_updated()
         self.destroy()
 
+    def _hot_reload_proxy_key(self, ep):
+        try:
+            ep_name = ep.get("name", "")
+            proxy_port = None
+            import glob as _glob
+            for cfg_file in _glob.glob(str(PROXY_CONFIG_DIR / "proxy-*.json")):
+                try:
+                    with open(cfg_file) as f:
+                        pcfg = json.load(f)
+                    if ep_name.lower().replace(" ", "-") in cfg_file.lower():
+                        proxy_port = pcfg.get("port")
+                        pcfg["api_key"] = ep.get("api_key", "")
+                        with open(cfg_file, "w") as f:
+                            json.dump(pcfg, f, indent=2)
+                        break
+                except Exception:
+                    continue
+            if proxy_port:
+                import urllib.request as _ur
+                try:
+                    url = f"http://127.0.0.1:{proxy_port}/admin/reload"
+                    resp = _ur.urlopen(url, timeout=3)
+                    result = json.loads(resp.read())
+                    reloaded = result.get("reloaded", False)
+                    preview = result.get("api_key_preview", "?")
+                    self._parent_mgr._parent.log(
+                        f"[hot-reload] key {'updated' if reloaded else 'unchanged'}: {preview}")
+                    if reloaded:
+                        verify_url = f"http://127.0.0.1:{proxy_port}/admin/verify-key"
+                        vresp = _ur.urlopen(verify_url, timeout=10)
+                        vresult = json.loads(vresp.read())
+                        valid = vresult.get("valid", False)
+                        if valid:
+                            self._parent_mgr._parent.log(
+                                f"[hot-reload] key verified OK ({vresult.get('models', '?')} models)")
+                        else:
+                            self._parent_mgr._parent.log(
+                                f"[hot-reload] WARNING: key verification failed: {vresult.get('error', 'unknown')}")
+                except Exception:
+                    pass
+        except Exception:
+            pass
+
     def _show_error(self, msg):
         d = Gtk.MessageDialog(self, 0, Gtk.MessageType.ERROR, Gtk.ButtonsType.OK, msg)
         d.run(); d.destroy()

src/codex_launcher_lib.py

@@ -83,6 +83,53 @@ model_catalog_json = ""
 """
 
 CHANGELOG = [
+    ("3.11.9", "2026-05-26", [
+        "Fix Antigravity: preserve functionCall/functionResponse in Gemini sanitizer (PR #10)",
+        "Prevents tool responses from being merged/dropped in multi-turn Antigravity sessions",
+    ]),
+    ("3.11.8", "2026-05-26", [
+        "Vision description cache persisted across requests (no redundant API calls for same image)",
+        "Merge PR #8: fix vision cache persistence across requests",
+    ]),
+    ("3.11.7", "2026-05-26", [
+        "Vision auto-detect: uses provider's own vision model (e.g. 0G-Qwen-VL) as fallback for image description",
+        "Vision preprocessing replaces image stripping: images described via API instead of just removed",
+        "Fix AttributeError in image_url handling when value is string not dict",
+        "Merge PR #6: vision/OCR preprocessing for text-only models",
+        "Merge PR #7: 177 unit tests for translate-proxy.py",
+        "Auth os error 2 fix: GUI shows config-missing message instead of raw error",
+    ]),
+    ("3.11.6", "2026-05-26", [
+        "Antigravity loop breakers: per-session tracking, edit-intent nudge (first turn only)",
+        "Loop breaker: same tool+args repeated 5+ times triggers force finalization",
+        "Latest user instruction appended exactly once per request",
+        "Detailed [antigravity-loop] logging for all tracking fields",
+        "has_content fix: function_call now counts as valid output (no more infinite loops)",
+        "Antigravity-only changes, no touch to other providers",
+    ]),
+    ("3.11.5", "2026-05-26", [
+        "Token-aware compaction: fixes context_length_exceeded on small-context models (25 items x 1600 tokens)",
+        "Proactive compaction triggers on token count (>80% model limit), not just item count",
+        "Universal adaptive compaction: removed crof.ai-only gates, all providers get compaction",
+        "Vision model detection: strips images for non-vision models, keeps for vision-capable ones",
+        "Per-model token limit learning from context_length_exceeded error messages",
+        "Compaction aggression levels: normal vs extreme when tokens > 1.5x model limit",
+        "Smart-continue text-tool detection: triggers on tool-call text patterns, not just function_call_output",
+        "Active endpoint sync: GUI auto-removes stale endpoint references on startup",
+    ]),
+    ("3.11.0", "2026-05-26", [
+        "Merge cobra PR: concurrency semaphore (max 3), auto-continue for truncated text",
+        "SO_REUSEADDR on sticky port, proxy-stderr.log, stream diagnostics logging",
+        "Timeout/OSError handler sends response.failed SSE instead of silent drop",
+        "Restart Proxy button: only restarts proxy without killing Codex Desktop",
+        "Tool call argument normalizer: fixes Arguments->arguments, strips markdown wrapping",
+        "Smart-continue loop (2x retries): escalating nudges when model stops text-only mid-task",
+        "XML tool call extraction: parses patterns from text, injects as real calls",
+        "Auto-continue + smart-continue ordered with skip guard to avoid double-firing",
+        "API key hot-reload with mtime tracking + /admin/reload + /admin/verify-key endpoints",
+        "GUI hot-reload: auto-refreshes proxy key on endpoint edit, verifies with upstream",
+        "Synthetic tool-results disabled: was causing deepseek-v4-pro truncation on opencode.ai",
+    ]),
     ("3.10.12", "2026-05-26", [
         "Sticky endpoint: caches last working endpoint, sequential fallback on failure",
         "Endpoint order: cloudcode-pa first (matches agy CLI), daily-cloudcode-pa fallback",
@@ -1468,6 +1515,7 @@ def _pick_free_port():
     try:
         saved = int(_PROXY_PORT_FILE.read_text().strip())
         with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
+            s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
             s.bind(("127.0.0.1", saved))
             return saved
     except (ValueError, OSError, FileNotFoundError):
@@ -1559,11 +1607,19 @@ def _start_proxy_with_config(pcfg_path, port, logfn):
     )
     _register_pgid_entry("proxy", _proxy_proc.pid)
 
+    _proxy_log_path = PROXY_CONFIG_DIR / "proxy-stderr.log"
+    _proxy_log_file = open(_proxy_log_path, "a", encoding="utf-8")
+
     def _pipe_stderr():
         if not _proxy_proc.stderr:
             return
         for line in _proxy_proc.stderr:
             logfn(f"[proxy] {line.rstrip()}")
+            try:
+                _proxy_log_file.write(line)
+                _proxy_log_file.flush()
+            except Exception:
+                pass
 
     threading.Thread(target=_pipe_stderr, daemon=True).start()
 
@@ -1681,6 +1737,10 @@ def check_codex_auth():
         return ("unknown", "No output from codex login status")
     except FileNotFoundError:
         return ("not_installed", "codex not found")
+    except OSError as e:
+        if e.errno == 2:
+            return ("not_configured", "Config not found — launch Codex once to create it")
+        return ("error", str(e))
     except Exception as e:
         return ("error", str(e))