npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

codex-provider

v0.1.0-alpha.0

Published

Provider compatibility SDK that lets non-OpenAI models participate in the Codex native tool-call loop.

Readme

CodexProvider

codex-provider is a provider compatibility SDK for Codex app-server integrations. It lets non-OpenAI models participate in the Codex native tool-call loop by exposing a Responses-compatible surface over provider-specific Chat Completions APIs.

This project is not affiliated with OpenAI. CodexBridge and CodexNext are consumers, not owners of this package.

Fixed Goal

Let non-OpenAI models participate in the Codex native tool-call loop.

This package exists so DeepSeek, OpenRouter, Claude-compatible adapters, and other OpenAI-compatible upstreams can be used by Codex app-server while preserving the Codex loop:

Codex app-server
  -> Responses API request and SSE events
  -> CodexProvider
  -> upstream provider API
  -> translated Responses events
  -> Codex local tool execution and continuation

Non-Goals

  • Do not merge codex-native-api into this package.
  • Do not move host-app session stores, platform adapters, or Web UI state into this package.
  • Do not pretend every upstream provider has OpenAI hosted tools.
  • Do not hardcode host-app-specific runtime state.

Canonical Strategy

The default strategy is codex-local-first.

Codex app-server remains responsible for local tools, approvals, workspace operations, MCP tools, and continuation orchestration. The provider adapter is responsible for model protocol compatibility and tool-call event translation.

Provider-native tools and adapter-emulated tools are explicit opt-ins:

  • codex-local-first: keep Codex as the tool executor and translate model tool calls.
  • provider-native: forward provider-supported hosted tools when the upstream truly supports them.
  • adapter-emulated: implement missing hosted tools in the provider adapter or via MCP/search/file services.

provider-native and adapter-emulated profiles must include explicit hosted tool declarations. A profile cannot silently claim hosted tool behavior just because a provider appears compatible.

First Stable Surface

This package currently defines the fixed target, tool strategy types, protocol-aware Codex provider config builders, high-level official/mixed/pure API profile builders, Codex++-style local proxy URL helpers, protocol converters, provider capability presets, and the local Responses adapter server.

For responses upstreams, Codex provider base_url points at the upstream Responses endpoint. For chat-completions upstreams, Codex provider base_url points at this package's local Responses proxy, while the third-party Chat Completions endpoint remains provider-owned configuration. This is required so the Codex native tool-call loop passes through conversion instead of bypassing it.

CodexProviderRuntime starts and stops the built-in local Responses adapter server by default, exposes the local baseUrl, and returns Codex app-server launch config. Advanced hosts can still override adapterServerFactory, but CodexBridge, CodexNext, or any future app-server project no longer needs a second package to start the provider adapter lifecycle.

Adapter-emulated hosted tools have a package-level executor registry. When a host declares web_search or file_search as adapter-emulated and registers a matching executor, the local adapter exposes that capability to Chat Completions upstreams as a function tool, executes the returned tool call inside the adapter, appends the tool output, and continues the upstream model loop before returning a Codex-compatible Responses result. Streaming clients keep a real streaming path: the provider adapter consumes internal streamed tool-call deltas, runs the executor, then forwards the follow-up upstream answer stream through the existing Responses SSE translator.

Hosts that need UI observability can enable emitHostedToolSseEvents. This opt-in stream emits hosted_tool.started, hosted_tool.delta, hosted_tool.completed, and hosted_tool.failed before the normal Responses SSE events. The default stays off so Codex-compatible clients are not forced to accept non-standard event names.

Hosts can bring their own executor or use the built-in createCodexProviderWebSearchExecutor factory for CodexProvider native metasearch. It supports Tavily, Brave Search, SerpApi, and Serper API engines, no-key HTML engines, endpoint adapters, retrieval/chunking, local cache indexes for external_web_access=false, and synthetic web_search_call / citation output. Metasearch page retrieval is enabled by default with bounded budgets (low = 1 page, medium = 3 pages, high = 5 pages); set fetchPages: false to keep result-snippet-only search. The SDK only accepts keys through runtime options; it does not load or store provider secrets.

For UI observability, prefer include: ["web_search_call.action.sources"] and read web_search_call.action.sources as the primary OpenAI-guided path for the complete consulted URL list. include: ["web_search_call.results"] remains supported as an adapter/debug/compatibility enhancement for raw normalized search results, but UI layers should not treat it as the only source-disclosure path. Detailed open_page / find_in_page web_search_call items are intentionally off by default; request include: ["web_search_call.actions"] or set exposeWebSearchDetailedActions: true when debugging or running parity checks.

web_search.return_token_budget follows OpenAI-strict validation by default: only "default" and "unlimited" are accepted, while null, numbers, and other strings are rejected with invalid_request_error. Hosts that need temporary third-party-client leniency can set webSearchInvalidParameterStrategy: "drop" or CODEX_PROVIDER_WEB_SEARCH_INVALID_PARAMETER_STRATEGY=drop; invalid values are removed and recorded as warnings/trace adjustments.

Agentic deep search is available as a separate opt-in createCodexProviderDeepWebSearchExecutor surface for custom hosted tools such as custom:deep_web_search. It is intentionally not enabled in the default web_search path.

The built-in createCodexProviderFileSearchExecutor now accepts a generic sources list while preserving roots as a local-filesystem shortcut. The local filesystem source never scans the process working directory implicitly, skips common dependency/build/binary paths by default, avoids following symlinks unless enabled, rejects unsafe path_glob traversal, and bounds scanned files, bytes per file, total payload bytes, OpenAI-compatible chunk content, and result count. The memory-documents source lets hosts expose in-memory project notes, summaries, or session records through the same contract without binding the provider adapter to a host app store. The SQLite FTS source accepts an injected database.all(sql, params) or custom query() function, so hosts can connect persistent FTS indexes without adding a sqlite driver dependency to this package.

Semantic file_search is now available through the generic CodexProviderEmbeddingProvider interface, createCodexProviderInMemoryVectorFileSearchSource(), and createCodexProviderLocalVectorFileSearchSource(). The local-vector source scans explicit roots with the same local-fs safety boundary, chunks files, embeds chunks, caches document/chunk embeddings in a pluggable CodexProviderLocalVectorIndexStore, and uses hybrid vector/lexical scoring at query time. createCodexProviderMemoryLocalVectorIndexStore() provides an in-memory store, and createCodexProviderSqliteLocalVectorIndexStore() provides a persistent SQLite store through host-injected database.all/run methods without adding a sqlite driver dependency. createCodexProviderEmbeddingsApiProvider() targets OpenAI-compatible embeddings APIs with host-provided endpoint, model, headers, and API key. The default endpoint/model currently points at OpenRouter's Qwen embedding API only as a convenient starter configuration, and createCodexProviderOpenRouterEmbeddingProvider() remains a thin convenience wrapper over the generic provider.

The profile surface exposes the safe presets app-servers should use:

| Mode | Codex auth | Upstream protocol | Local adapter | Use case | | --- | --- | --- | --- | --- | | official | codex-auth-compatible | responses | No | Direct Responses-compatible provider. | | mixed | codex-auth-compatible | chat-completions | Yes | Codex++ style adapter: Codex sees Responses, the provider adapter owns upstream API calls. | | pure-api | api-key-compatible | chat-completions | Yes | API-key-only fallback for OpenAI-compatible providers. |

Provider profile helpers such as createCodexProviderOpenRouterProfile(), createCodexProviderDeepSeekProfile(), createCodexProviderDashScopeQwenProfile(), createCodexProviderSiliconFlowProfile(), createCodexProviderMiniMaxProfile(), and createCodexProviderMoonshotKimiProfile() provide stable base URLs, env naming, recommended profile modes, and capability metadata for common OpenAI-compatible providers.

Current redacted live evidence covers OpenRouter with deepseek/deepseek-chat, DeepSeek official with deepseek-chat, and DashScope/Qwen with qwen-plus through the mixed local Responses adapter, including normal Responses output, forced custom-tool continuation, adapter-emulated file_search, non-streaming web_search, and streaming web_search. SiliconFlow, MiniMax, Moonshot/Kimi, and OpenAI direct Responses remain credential-gated in the provider matrix. API-backed web-search evidence can use Brave, SerpApi, Serper, or Tavily; built-in no-key metasearch is verified.

The low-level adapter converter is split into request, response, and SSE modules under src/converters/responses-adapter/; new code should use the canonical root package surface instead of underscore-era module paths.

See docs/TARGET.md for the locked target and phased migration plan.

See docs/CODEX_PLUS_PLUS_CONVERSION_PORTING.md for the detailed Codex++ protocol conversion porting checklist.

See docs/OPENAI_BUILTIN_TOOL_COMPATIBILITY.md for hosted tool parity status.

See docs/RECIPES.md and examples for host-neutral integration examples.

See docs/PROVIDER_COMPATIBILITY_MATRIX.md for provider evidence status and preset coverage.

See docs/INDEPENDENT_PACKAGE_CHECKLIST.md for the public alpha package readiness gates.

See docs/LIVE_SMOKE_RECIPES.md, docs/UNSAFE_TOOL_SECURITY.md, docs/PUBLIC_ALPHA_RELEASE_PLAN.md, docs/OBSERVABILITY_AND_ERROR_POLICY.md, and docs/RELEASE_READINESS.md for release-readiness validation.