AxApp
diff --git a/‎.agents/skills/gettokens-codex-account-list/SKILL.md‎
Lines changed: 97 additions & 0 deletions b/‎.agents/skills/gettokens-codex-account-list/SKILL.md‎
Lines changed: 97 additions & 0 deletions
diff --git a/‎.agents/skills/gettokens-domain-engineering/SKILL.md‎
Lines changed: 1 addition & 0 deletions b/‎.agents/skills/gettokens-domain-engineering/SKILL.md‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎AGENTS.md‎
Lines changed: 3 additions & 2 deletions b/‎AGENTS.md‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎app.go‎
Lines changed: 103 additions & 0 deletions b/‎app.go‎
Lines changed: 103 additions & 0 deletions
diff --git a/‎app_mappers.go‎
Lines changed: 92 additions & 33 deletions b/‎app_mappers.go‎
Lines changed: 92 additions & 33 deletions
@@ -0,0 +1,97 @@
+---
+name: gettokens-codex-account-list
+description: GetTokens Codex 账号列表：账号请求顺序、路由探测、模型映射、OAuth 透传语义、openai-compatible 映射保存与浏览器预览。
+---
+
+# GetTokens Codex Account List
+
+当任务涉及 `frontend/src/features/codex/CodexAccountListFeature.tsx`、Codex 账号请求顺序、路由探测、模型映射、OAuth/auth-file 映射、openai-compatible provider 映射，或后端 `ProbeCodexAccountRouting` / OAuth model alias 时使用本 skill。
+
+## 1. 业务边界
+- Codex 账号列表是请求调试与账号顺序工作台，不是账号创建页。
+- 账号来源统一展示，但语义保持分离：
+  - `auth-file` / OAuth Codex
+  - `codex-api-key`
+  - `openai-compatible`
+- 禁用账号保留在排序中，但不参与运行时请求候选。
+- 请求测试顺序只来自当前可请求账号的拖拽顺序，从上到下执行。
+- 不再维护第二套独立策略顺序；允许/排除只过滤候选，不重排候选。
+
+## 2. 前端结构
+- `CodexAccountListFeature.tsx` 保持为 controller：
+  - Wails/browser 数据加载
+  - 顺序保存
+  - 路由探测调度
+  - modal 打开/关闭与 hash 同步
+  - 模型映射保存编排
+- UI 组件放在 `frontend/src/features/codex/components/`：
+  - `CodexRouteProbeCard.tsx`
+  - `CodexAccountOrderRow.tsx`
+  - `CodexAccountDetailModal.tsx`
+  - `ModelCombobox.tsx`
+  - `codexAccountPresentation.ts`
+- 纯模型逻辑放在 `frontend/src/features/codex/model/`：
+  - `codexAccountList.ts`：账号合并、排序、优先级更新
+  - `codexModelMappings.ts`：OAuth/openai-compatible 模型映射归一
+  - `codexRoutePolicy.ts`：候选过滤、探测日志、路由状态
+- 不新增 catch-all helper 文件；按账号、映射、路由策略拆分。
+
+## 3. 模型映射语义
+- openai-compatible 映射方向固定为：真实模型 `models[].name` -> Codex 模型 `models[].alias || name`。
+- openai-compatible 保存时按 `name + alias` 去重，允许同一个真实模型映射到多个 Codex alias。
+- OAuth/auth-file 默认原样穿透模型名，不展示同名 `model -> model` 映射。
+- OAuth/auth-file 只有配置显式 alias 后才关闭默认透传；保存空映射应删除 channel alias。
+- OAuth 映射按 provider/channel 生效，同一 `codex` channel 共享映射。
+- 模型选择使用项目自定义 combobox，不回退到原生 `datalist`。
+
+## 4. 路由探测语义
+- `ProbeCodexAccountRouting` 使用页面传入的候选约束发起最小 relay 请求。
+- 前端传给后端的 `orderAccountIDs` 必须是当前拖拽排序后的可请求账号 ID 列表。
+- `allowAccountIDs` 表示首选候选；`denyAccountIDs` 表示排除候选；`allowFallback` 只在设置允许账号后决定是否继续尝试其他未排除账号。
+- 探测结果需要同时展示：
+  - 终端式流输出
+  - 当前候选顺序
+  - 最新命中账号
+  - 对应账号行高亮
+- 连续测试应逐次追加结果，避免等待全部完成后才刷新 UI。
+
+## 5. 浏览器预览
+- `#frame=codex&workspace=account-list` 必须可在普通浏览器预览。
+- 缺少 `window.go.main.App` 时使用 `previewData.ts`，不能让页面空白。
+- 浏览器预览中的排序、启停、模型映射保存是本地状态更新，并需要给出 preview-only 提示。
+- 视觉或交互调整要优先用浏览器预览快速验证；涉及真实 sidecar、Wails 绑定或账号命中时，再用桌面环境补验。
+
+## 6. UI 规则
+- 保持 Swiss-industrial 风格：硬边框、黑白灰、紧凑高密度、monospace 辅助信息。
+- 账号行固定为单一请求顺序列表，不再额外渲染重复策略账号列表。
+- 账号行主体点击打开详情；嵌套按钮、switch、combobox、策略控件必须阻止冒泡。
+- 策略控件常驻行内：默认 / 允许 / 排除。
+- 路由探测卡片独立于账号顺序卡片；测试流常驻显示，不使用卡中卡文本模块。
+
+## 7. 后端 / Wails 边界
+- 新增 Wails-facing 方法时必须同时检查：
+  - `internal/wailsapp`
+  - root `app.go`
+  - root DTO / mapper
+  - `frontend/wailsjs`
+- 账号 row id 到 sidecar auth id 的转换必须覆盖：
+  - `auth-file:<name>`
+  - `codex-api-key:<id>`
+  - `openai-compatible:<name>`
+- 路由探测用的 loopback header 是调试口子；不要把它和持久化账号配置混在一起。
+
+## 8. 验证
+- 前端结构或 UI 调整：
+  - `npm --prefix frontend run typecheck`
+  - `npm --prefix frontend run test:unit -- src/features/codex/codexAccountList.test.mjs`
+  - 浏览器打开 `#frame=codex&workspace=account-list` 检查账号行、探测卡、详情 modal 和 combobox。
+- 后端、Wails 或 sidecar 探测调整：
+  - `go test ./internal/wailsapp -run 'TestListOAuthModelAliases|TestUpdateOAuthModelAliases|TestProbeCodexAccountRouting|TestDetectCodexRoutingProbeHit|TestSidecarRelayRequest'`
+  - 涉及公共 DTO 或绑定时重新生成 `frontend/wailsjs` 并跑类型检查。
+- 视觉截图放到 `docs-linhay/spaces/20260511-codex-account-list-tab/screenshots/<YYYYMMDD>/codex/`。
+
+## 9. 文档
+- 需求、验收与截图写入 `docs-linhay/spaces/20260511-codex-account-list-tab/README.md`。
+- 技术拆分、沉淀结论写入 `docs-linhay/dev/`。
+- 稳定决策和用户偏好写入 `docs-linhay/memory/YYYY-MM-DD.md`。
+- 文档或记忆写回后运行 `qmd update` 与 `qmd embed`。
@@ -79,6 +79,7 @@ This skill unifies the technical rules for building, styling, and debugging GetT
 
 ## 3.1 Codex Workspace & Local Config Surfaces
 - **Codex Binary**: For Codex CLI binary version/source management, use the dedicated `gettokens-codex-binary-management` skill. Keep it as an independent binary-management business; do not merge it into account pool, local apply, usage, session, or routing flows.
+- **Codex Account List**: For Codex account request order, route probing, OAuth/auth-file model aliasing, openai-compatible model mappings, and `#frame=codex&workspace=account-list`, use the dedicated `gettokens-codex-account-list` skill. Keep request order semantics in that skill: draggable account order is the test order, while allow/deny only filters candidates.
 - **Browser Support**: New Codex workspace tabs must be usable in a normal browser preview when the interaction is layout/config-flow checkable. Do not let missing `window.go.main.App` make the page blank; provide explicit preview data and visible preview-only save behavior.
 - **Frame URL Rule**: Modal/detail layers opened from Codex workspaces should preserve the frame hash, for example `#frame=codex&workspace=<key>&detail=<id>`, when the surrounding feature already follows frame/detail routing. Closing a modal should remove only the detail marker.
 - **Wails Binding Boundary**: Any Wails-facing Codex method added under `internal/wailsapp` must also be exposed through root `app.go`, mirrored in root DTOs/mappers when needed, and regenerated into `frontend/wailsjs`. Frontend should import from generated bindings only after the root `main.App` method exists.
 
@@ -98,8 +98,9 @@ Git `worktree` 治理：
 2. 涉及文档写回、memory 写回、`qmd update` / `qmd embed` 同步时，优先使用 `gettokens-ops-governance`。
 3. 涉及 AGENTS 级长期治理规则时，优先使用 `gettokens-ops-governance`；若用户明确说“整理”，同时使用 `gettokens-session-skill-distill`。
 4. 涉及账号池、quota、视觉系统、前端调试归因或 CLIProxyAPI fork 维护时，优先使用 `gettokens-domain-engineering`。
-5. 涉及“主控 agent 监督、subagent 实做、直到完整需求闭环才停止”的执行模式时，优先使用 `gettokens-ops-governance` 中的 `Subagent Delivery Loop`。
-6. 若用户希望用显式 skill 名称触发该模式，使用 `gettokens-subagent-supervision`；它是监督交付模式的轻量触发入口。
+5. 涉及 Codex 账号列表、请求顺序、路由探测、OAuth/openai-compatible 模型映射时，优先使用 `gettokens-codex-account-list`。
+6. 涉及“主控 agent 监督、subagent 实做、直到完整需求闭环才停止”的执行模式时，优先使用 `gettokens-ops-governance` 中的 `Subagent Delivery Loop`。
+7. 若用户希望用显式 skill 名称触发该模式，使用 `gettokens-subagent-supervision`；它是监督交付模式的轻量触发入口。
 
 ## 5. 记忆系统规则（必须）
 
 
@@ -151,6 +151,40 @@ func (a *App) UpdateAccountPriority(input UpdateAccountPriorityInput) error {
 	})
 }
 
+func (a *App) ProbeCodexAccountRouting(input ProbeCodexAccountRoutingInput) (*CodexAccountRoutingProbeResult, error) {
+	result, err := a.core.ProbeCodexAccountRouting(wailsapp.ProbeCodexAccountRoutingInput{
+		Model:           input.Model,
+		Attempts:        input.Attempts,
+		AllowAccountIDs: append([]string(nil), input.AllowAccountIDs...),
+		DenyAccountIDs:  append([]string(nil), input.DenyAccountIDs...),
+		OrderAccountIDs: append([]string(nil), input.OrderAccountIDs...),
+		AllowFallback:   input.AllowFallback,
+	})
+	if err != nil {
+		return nil, err
+	}
+	attempts := make([]CodexAccountRoutingProbeAttempt, 0, len(result.Attempts))
+	for _, attempt := range result.Attempts {
+		attempts = append(attempts, CodexAccountRoutingProbeAttempt{
+			Index:        attempt.Index,
+			Success:      attempt.Success,
+			StatusCode:   attempt.StatusCode,
+			AccountID:    attempt.AccountID,
+			AccountLabel: attempt.AccountLabel,
+			Provider:     attempt.Provider,
+			Message:      attempt.Message,
+			Evidence:     attempt.Evidence,
+			ResponseBody: attempt.ResponseBody,
+			StartedAt:    attempt.StartedAt,
+			FinishedAt:   attempt.FinishedAt,
+		})
+	}
+	return &CodexAccountRoutingProbeResult{
+		Model:    result.Model,
+		Attempts: attempts,
+	}, nil
+}
+
 func (a *App) UploadAuthFiles(files []UploadFilePayload) error {
 	payload := make([]wailsapp.UploadFilePayload, 0, len(files))
 	for _, file := range files {
@@ -166,6 +200,35 @@ func (a *App) GetAuthFileModels(name string) ([]map[string]interface{}, error) {
 	return a.core.GetAuthFileModels(name)
 }
 
+func (a *App) ListOAuthModelAliases(channel string) ([]OpenAICompatibleModel, error) {
+	items, err := a.core.ListOAuthModelAliases(channel)
+	if err != nil {
+		return nil, err
+	}
+	out := make([]OpenAICompatibleModel, 0, len(items))
+	for _, item := range items {
+		out = append(out, OpenAICompatibleModel{
+			Name:  item.Name,
+			Alias: item.Alias,
+		})
+	}
+	return out, nil
+}
+
+func (a *App) UpdateOAuthModelAliases(input UpdateOAuthModelAliasesInput) error {
+	models := make([]wailsapp.OpenAICompatibleModel, 0, len(input.Models))
+	for _, model := range input.Models {
+		models = append(models, wailsapp.OpenAICompatibleModel{
+			Name:  model.Name,
+			Alias: model.Alias,
+		})
+	}
+	return a.core.UpdateOAuthModelAliases(wailsapp.UpdateOAuthModelAliasesInput{
+		Channel: input.Channel,
+		Models:  models,
+	})
+}
+
 func (a *App) DownloadAuthFile(name string) (*DownloadFileResponse, error) {
 	result, err := a.core.DownloadAuthFile(name)
 	if err != nil {
@@ -358,6 +421,7 @@ func (a *App) GetCodexSkillsSnapshot() (*CodexSkillsSnapshot, error) {
 func (a *App) SaveCodexSkillEnabled(input SaveCodexSkillEnabledInput) (*SaveCodexSkillEnabledResult, error) {
 	result, err := a.core.SaveCodexSkillEnabled(wailsapp.SaveCodexSkillEnabledInput{
 		Path:    input.Path,
+		Name:    input.Name,
 		Enabled: input.Enabled,
 	})
 	if err != nil {
@@ -369,6 +433,45 @@ func (a *App) SaveCodexSkillEnabled(input SaveCodexSkillEnabledInput) (*SaveCode
 	}, nil
 }
 
+func (a *App) GetCodexSkillFilePreview(input GetCodexSkillFilePreviewInput) (*GetCodexSkillFilePreviewResult, error) {
+	result, err := a.core.GetCodexSkillFilePreview(wailsapp.GetCodexSkillFilePreviewInput{
+		SkillPath: input.SkillPath,
+		FilePath:  input.FilePath,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &GetCodexSkillFilePreviewResult{
+		Path:        result.Path,
+		Content:     result.Content,
+		Previewable: result.Previewable,
+	}, nil
+}
+
+func (a *App) RemoveCodexSkill(input RemoveCodexSkillInput) (*RemoveCodexSkillResult, error) {
+	result, err := a.core.RemoveCodexSkill(wailsapp.RemoveCodexSkillInput{
+		Path: input.Path,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &RemoveCodexSkillResult{
+		ConfigPath:  result.ConfigPath,
+		RemovedPath: result.RemovedPath,
+		Preview:     result.Preview,
+	}, nil
+}
+
+func (a *App) OpenCodexSkillInFinder(input OpenCodexSkillInFinderInput) (*OpenCodexSkillInFinderResult, error) {
+	result, err := a.core.OpenCodexSkillInFinder(wailsapp.OpenCodexSkillInFinderInput{
+		Path: input.Path,
+	})
+	if err != nil {
+		return nil, err
+	}
+	return &OpenCodexSkillInFinderResult{Path: result.Path}, nil
+}
+
 func (a *App) GetCodexMcpServers() (*CodexMcpServersSnapshot, error) {
 	result, err := a.core.GetCodexMcpServers()
 	if err != nil {
 
@@ -155,7 +155,12 @@ func mapCodexSkillsSnapshot(result *wailsapp.CodexSkillsSnapshot) *CodexSkillsSn
 	for _, skill := range result.Skills {
 		files := make([]CodexSkillFile, 0, len(skill.Files))
 		for _, file := range skill.Files {
-			files = append(files, CodexSkillFile{Path: file.Path, Kind: file.Kind})
+			files = append(files, CodexSkillFile{
+				Path:        file.Path,
+				Kind:        file.Kind,
+				Content:     file.Content,
+				Previewable: file.Previewable,
+			})
 		}
 		skills = append(skills, CodexSkillRecord{
 			ID:              skill.ID,
@@ -200,45 +205,99 @@ func mapCodexMcpServersSnapshot(result *wailsapp.CodexMcpServersSnapshot) *Codex
 }
 
 func mapCodexMcpServer(server wailsapp.CodexMcpServer) CodexMcpServer {
-	env := make([]CodexMcpEnvRow, 0, len(server.Env))
-	for _, row := range server.Env {
-		env = append(env, CodexMcpEnvRow{Key: row.Key, Value: row.Value})
-	}
 	return CodexMcpServer{
-		ID:                server.ID,
-		Label:             server.Label,
-		Enabled:           server.Enabled,
-		Transport:         server.Transport,
-		Command:           server.Command,
-		Args:              append([]string(nil), server.Args...),
-		URL:               server.URL,
-		Env:               env,
-		BearerTokenEnvVar: server.BearerTokenEnvVar,
-		SourcePath:        server.SourcePath,
-		Status:            server.Status,
-		Warnings:          append([]string(nil), server.Warnings...),
+		ID:                        server.ID,
+		Label:                     server.Label,
+		Enabled:                   server.Enabled,
+		Transport:                 server.Transport,
+		Command:                   server.Command,
+		Args:                      append([]string(nil), server.Args...),
+		Env:                       mapCodexMcpEnvRows(server.Env),
+		EnvVarsRaw:                server.EnvVarsRaw,
+		Cwd:                       server.Cwd,
+		URL:                       server.URL,
+		BearerTokenEnvVar:         server.BearerTokenEnvVar,
+		HTTPHeaders:               mapCodexMcpEnvRows(server.HTTPHeaders),
+		EnvHTTPHeaders:            mapCodexMcpEnvRows(server.EnvHTTPHeaders),
+		ExperimentalEnvironment:   server.ExperimentalEnvironment,
+		Required:                  server.Required,
+		SupportsParallelToolCalls: server.SupportsParallelToolCalls,
+		StartupTimeoutSec:         server.StartupTimeoutSec,
+		ToolTimeoutSec:            server.ToolTimeoutSec,
+		DefaultToolsApprovalMode:  server.DefaultToolsApprovalMode,
+		EnabledTools:              append([]string(nil), server.EnabledTools...),
+		DisabledTools:             append([]string(nil), server.DisabledTools...),
+		Scopes:                    append([]string(nil), server.Scopes...),
+		OAuthResource:             server.OAuthResource,
+		Tools:                     mapCodexMcpToolRows(server.Tools),
+		SourcePath:                server.SourcePath,
+		Status:                    server.Status,
+		Warnings:                  append([]string(nil), server.Warnings...),
 	}
 }
 
 func mapWailsCodexMcpServer(server CodexMcpServer) wailsapp.CodexMcpServer {
-	env := make([]wailsapp.CodexMcpEnvRow, 0, len(server.Env))
-	for _, row := range server.Env {
-		env = append(env, wailsapp.CodexMcpEnvRow{Key: row.Key, Value: row.Value})
-	}
 	return wailsapp.CodexMcpServer{
-		ID:                server.ID,
-		Label:             server.Label,
-		Enabled:           server.Enabled,
-		Transport:         server.Transport,
-		Command:           server.Command,
-		Args:              append([]string(nil), server.Args...),
-		URL:               server.URL,
-		Env:               env,
-		BearerTokenEnvVar: server.BearerTokenEnvVar,
-		SourcePath:        server.SourcePath,
-		Status:            server.Status,
-		Warnings:          append([]string(nil), server.Warnings...),
+		ID:                        server.ID,
+		Label:                     server.Label,
+		Enabled:                   server.Enabled,
+		Transport:                 server.Transport,
+		Command:                   server.Command,
+		Args:                      append([]string(nil), server.Args...),
+		Env:                       mapWailsCodexMcpEnvRows(server.Env),
+		EnvVarsRaw:                server.EnvVarsRaw,
+		Cwd:                       server.Cwd,
+		URL:                       server.URL,
+		BearerTokenEnvVar:         server.BearerTokenEnvVar,
+		HTTPHeaders:               mapWailsCodexMcpEnvRows(server.HTTPHeaders),
+		EnvHTTPHeaders:            mapWailsCodexMcpEnvRows(server.EnvHTTPHeaders),
+		ExperimentalEnvironment:   server.ExperimentalEnvironment,
+		Required:                  server.Required,
+		SupportsParallelToolCalls: server.SupportsParallelToolCalls,
+		StartupTimeoutSec:         server.StartupTimeoutSec,
+		ToolTimeoutSec:            server.ToolTimeoutSec,
+		DefaultToolsApprovalMode:  server.DefaultToolsApprovalMode,
+		EnabledTools:              append([]string(nil), server.EnabledTools...),
+		DisabledTools:             append([]string(nil), server.DisabledTools...),
+		Scopes:                    append([]string(nil), server.Scopes...),
+		OAuthResource:             server.OAuthResource,
+		Tools:                     mapWailsCodexMcpToolRows(server.Tools),
+		SourcePath:                server.SourcePath,
+		Status:                    server.Status,
+		Warnings:                  append([]string(nil), server.Warnings...),
+	}
+}
+
+func mapCodexMcpEnvRows(rows []wailsapp.CodexMcpEnvRow) []CodexMcpEnvRow {
+	result := make([]CodexMcpEnvRow, 0, len(rows))
+	for _, row := range rows {
+		result = append(result, CodexMcpEnvRow{Key: row.Key, Value: row.Value})
+	}
+	return result
+}
+
+func mapWailsCodexMcpEnvRows(rows []CodexMcpEnvRow) []wailsapp.CodexMcpEnvRow {
+	result := make([]wailsapp.CodexMcpEnvRow, 0, len(rows))
+	for _, row := range rows {
+		result = append(result, wailsapp.CodexMcpEnvRow{Key: row.Key, Value: row.Value})
 	}
+	return result
+}
+
+func mapCodexMcpToolRows(rows []wailsapp.CodexMcpToolRow) []CodexMcpToolRow {
+	result := make([]CodexMcpToolRow, 0, len(rows))
+	for _, row := range rows {
+		result = append(result, CodexMcpToolRow{Name: row.Name, ApprovalMode: row.ApprovalMode})
+	}
+	return result
+}
+
+func mapWailsCodexMcpToolRows(rows []CodexMcpToolRow) []wailsapp.CodexMcpToolRow {
+	result := make([]wailsapp.CodexMcpToolRow, 0, len(rows))
+	for _, row := range rows {
+		result = append(result, wailsapp.CodexMcpToolRow{Name: row.Name, ApprovalMode: row.ApprovalMode})
+	}
+	return result
 }
 
 func mapCodexMcpSaveResult(result *wailsapp.SaveCodexMcpServerResult) *SaveCodexMcpServerResult {