labring · Che-Zhu · May 8, 2026 · May 7, 2026 · chatgpt-codex-connector · May 8, 2026
diff --git a/app/api/aiproxy/provision/route.ts b/app/api/aiproxy/provision/route.ts
@@ -0,0 +1,50 @@
+import { NextRequest, NextResponse } from 'next/server'
+import { provisionUserAiProxyApiKey } from '@/lib/aiproxy/api-key-provisioning'
+import { getSessionFromReq } from '@/lib/session/server'
+
+export const runtime = 'nodejs'
+export const dynamic = 'force-dynamic'
+
+function getFailureStatus(reason: string): number {
+  if (reason === 'missing_kubeconfig') {
+    return 400
+  }
+
+  if (reason === 'request_failed') {
+    return 502
+  }
+
+  return 500
+}
+
+export async function POST(req: NextRequest) {
+  try {
+    const session = await getSessionFromReq(req)
+
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const body = (await req.json().catch(() => ({}))) as { kubeconfig?: unknown }
+    const result = await provisionUserAiProxyApiKey({
+      kubeconfig: typeof body.kubeconfig === 'string' ? body.kubeconfig : null,
+      userId: session.user.id,
+    })
+
+    if (result.ok) {
+      return NextResponse.json({ success: true })
+    }
+
+    return NextResponse.json(
+      {
+        diagnostic: result.diagnostic,
+        error: 'Failed to provision AIProxy configuration',
+        reason: result.reason,
+      },
+      { status: getFailureStatus(result.reason) },
+    )
+  } catch {
+    console.error('Failed to provision AIProxy configuration')
+    return NextResponse.json({ error: 'Failed to provision AIProxy configuration' }, { status: 500 })
+  }
+}
diff --git a/components/repo-commits.tsx b/components/repo-commits.tsx
@@ -9,6 +9,7 @@ import { useTasks } from '@/components/app-layout'
 import { useRouter } from 'next/navigation'
 import { toast } from 'sonner'
 import { RevertCommitDialog } from '@/components/revert-commit-dialog'
+import { ensureAiProxyProvisioned } from '@/lib/aiproxy/client-provisioning'
 
 function formatDistanceToNow(date: Date): string {
   const now = new Date()
@@ -89,6 +90,13 @@ export function RepoCommits({ owner, repo }: RepoCommitsProps) {
     keepAlive: boolean
   }) => {
     try {
+      const isAiProxyProvisioned = await ensureAiProxyProvisioned()
+
+      if (!isAiProxyProvisioned) {
+        toast.error('Failed to prepare AIProxy configuration')
+        return
+      }
+
       const repoUrl = `https://github.com/${owner}/${repo}`
       const commitShortSha = config.commit.sha.substring(0, 7)
       const commitMessage = config.commit.commit.message.split('\n')[0]

diff --git a/components/repo-issues.tsx b/components/repo-issues.tsx
@@ -21,6 +21,7 @@ import { Checkbox } from '@/components/ui/checkbox'
 import { Label } from '@/components/ui/label'
 import { User, Calendar, MessageSquare, MoreVertical, ListTodo } from 'lucide-react'
 import { toast } from 'sonner'
+import { ensureAiProxyProvisioned } from '@/lib/aiproxy/client-provisioning'
 const FIXED_TASK_AGENT = 'codex'
 const FIXED_TASK_MODEL = 'gpt-5.4'
 
@@ -117,6 +118,13 @@ export function RepoIssues({ owner, repo }: RepoIssuesProps) {
 
     setIsCreatingTask(true)
     try {
+      const isAiProxyProvisioned = await ensureAiProxyProvisioned()
+
+      if (!isAiProxyProvisioned) {
+        toast.error('Failed to prepare AIProxy configuration')
+        return
+      }
+
       const repoUrl = `https://github.com/${owner}/${repo}`
       const prompt = `Fix issue #${selectedIssue.number}: ${selectedIssue.title}${selectedIssue.body ? `\n\n${selectedIssue.body}` : ''}`
 

diff --git a/components/repo-pull-requests.tsx b/components/repo-pull-requests.tsx
@@ -29,6 +29,7 @@ import { Checkbox } from '@/components/ui/checkbox'
 import { Label } from '@/components/ui/label'
 import { GitPullRequest, Calendar, MessageSquare, MoreHorizontal, X, ListTodo } from 'lucide-react'
 import { toast } from 'sonner'
+import { ensureAiProxyProvisioned } from '@/lib/aiproxy/client-provisioning'
 const FIXED_TASK_AGENT = 'codex'
 const FIXED_TASK_MODEL = 'gpt-5.4'
 
@@ -136,6 +137,13 @@ export function RepoPullRequests({ owner, repo }: RepoPullRequestsProps) {
 
     setIsCreatingTask(true)
     try {
+      const isAiProxyProvisioned = await ensureAiProxyProvisioned()
+
+      if (!isAiProxyProvisioned) {
+        toast.error('Failed to prepare AIProxy configuration')
+        return
+      }
+
       const repoUrl = `https://github.com/${owner}/${repo}`
       const prompt = `Work on PR #${selectedPR.number}: ${selectedPR.title}${selectedPR.body ? `\n\n${selectedPR.body}` : ''}`
 

diff --git a/components/sealos-bootstrap.tsx b/components/sealos-bootstrap.tsx
@@ -2,6 +2,11 @@
 
 import { useEffect } from 'react'
 import { createSealosApp, sealosApp } from '@zjy365/sealos-desktop-sdk/app'
+import {
+  ensureAiProxyProvisioned,
+  registerAiProxyKubeconfig,
+  registerAiProxyKubeconfigTask,
+} from '@/lib/aiproxy/client-provisioning'
 import { storeSealosKubeconfig } from '@/lib/sealos/storage'
 
 export function SealosBootstrap() {
@@ -23,7 +28,10 @@ export function SealosBootstrap() {
       }
 
       try {
-        const sealosSession = await sealosApp.getSession()
+        const sealosSessionTask = sealosApp.getSession()
+        registerAiProxyKubeconfigTask(sealosSessionTask.then((session) => session.kubeconfig || null))
+
+        const sealosSession = await sealosSessionTask
 
         if (!isActive) {
           return
@@ -36,6 +44,9 @@ export function SealosBootstrap() {
           return
         }
 
+        registerAiProxyKubeconfig(sealosSession.kubeconfig)
+        void ensureAiProxyProvisioned()
+
         if (storeSealosKubeconfig(sealosSession.kubeconfig)) {
           console.info('Sealos kubeconfig stored')
         } else {

diff --git a/components/sealos-home-page-content.tsx b/components/sealos-home-page-content.tsx
@@ -19,6 +19,7 @@ import { sessionAtom } from '@/lib/atoms/session'
 import { githubConnectionAtom, githubConnectionInitializedAtom } from '@/lib/atoms/github-connection'
 import type { Session } from '@/lib/session/types'
 import { GitHubPopupAuthError, startGitHubPopupAuth } from '@/lib/auth/github-popup'
+import { ensureAiProxyProvisioned } from '@/lib/aiproxy/client-provisioning'
 
 interface SealosHomePageContentProps {
   initialSelectedOwner?: string
@@ -99,13 +100,21 @@ export function SealosHomePageContent({
       return
     }
 
-    setTaskPrompt('')
     setIsSubmitting(true)
 
-    const { id } = addTaskOptimistically(data)
-    router.push(`/tasks/${id}`)
-
     try {
+      const isAiProxyProvisioned = await ensureAiProxyProvisioned()
+
+      if (!isAiProxyProvisioned) {
+        toast.error('Failed to prepare AIProxy configuration')
+        return
+      }
+
+      setTaskPrompt('')
+
+      const { id } = addTaskOptimistically(data)
+      router.push(`/tasks/${id}`)
+
       const response = await fetch('/api/tasks', {
         method: 'POST',
         headers: {

diff --git a/components/task-details.tsx b/components/task-details.tsx
@@ -90,6 +90,7 @@ import PlaywrightIcon from '@/components/icons/playwright-icon'
 import SupabaseIcon from '@/components/icons/supabase-icon'
 import VercelIcon from '@/components/icons/vercel-icon'
 import { PRStatusIcon } from '@/components/pr-status-icon'
+import { ensureAiProxyProvisioned } from '@/lib/aiproxy/client-provisioning'
 
 interface TaskDetailsProps {
   task: Task
@@ -1169,6 +1170,13 @@ export function TaskDetails({ task, maxSandboxDuration = 300 }: TaskDetailsProps
   const handleTryAgain = async () => {
     setIsTryingAgain(true)
     try {
+      const isAiProxyProvisioned = await ensureAiProxyProvisioned()
+
+      if (!isAiProxyProvisioned) {
+        toast.error('Failed to prepare AIProxy configuration')
+        return
+      }
+
       const response = await fetch('/api/tasks', {
         method: 'POST',
         headers: {

diff --git a/lib/aiproxy/api-key-provisioning.ts b/lib/aiproxy/api-key-provisioning.ts
@@ -0,0 +1,98 @@
+import 'server-only'
+
+import { and, eq } from 'drizzle-orm'
+import { AIPROXY_MODEL_BASE_URL } from '@/lib/aiproxy/constants'
+import { getOrCreateAiProxyToken, type AiProxyTokenValidationIssue } from '@/lib/aiproxy/token-management'
+import { encrypt } from '@/lib/crypto'
+import { db } from '@/lib/db/client'
+import { keys } from '@/lib/db/schema'
+import { generateId } from '@/lib/utils/id'
+
+export type AiProxyApiKeyProvisioningResult =
+  | {
+      mode: 'created' | 'existing'
+      ok: true
+    }
+  | {
+      diagnostic?: AiProxyTokenValidationIssue
+      ok: false
+      reason: 'missing_kubeconfig' | 'request_failed' | 'unexpected_response' | 'unusable_token'
+    }
+
+async function findExistingAiProxyKey(userId: string) {
+  const [existing] = await db
+    .select({ id: keys.id })
+    .from(keys)
+    .where(and(eq(keys.userId, userId), eq(keys.provider, 'aiproxy')))
+    .limit(1)
+
+  return existing ?? null
+}
+
+export async function provisionUserAiProxyApiKey(input: {
+  kubeconfig?: string | null
+  userId: string
+}): Promise<AiProxyApiKeyProvisioningResult> {
+  const existing = await findExistingAiProxyKey(input.userId)
+
+  if (existing) {
+    return {
+      mode: 'existing',
+      ok: true,
+    }
+  }
+
+  const kubeconfig = input.kubeconfig?.trim()
+
+  if (!kubeconfig) {
+    return {
+      ok: false,
+      reason: 'missing_kubeconfig',
+    }
+  }
+
+  const tokenResult = await getOrCreateAiProxyToken(kubeconfig)
+
+  if (!tokenResult.ok) {
+    return {
+      diagnostic: tokenResult.diagnostic,
+      ok: false,
+      reason: tokenResult.reason,
+    }
+  }
+
+  const insertResult = await db
+    .insert(keys)
+    .values({
+      baseUrl: AIPROXY_MODEL_BASE_URL,
+      id: generateId(21),
+      provider: 'aiproxy',
+      userId: input.userId,
+      value: encrypt(tokenResult.token.key),
+    })
+    .onConflictDoNothing({
+      target: [keys.userId, keys.provider],
+    })
+    .returning({ id: keys.id })
+
+  if (insertResult.length > 0) {
+    return {
+      mode: 'created',
+      ok: true,
+    }
+  }
+
+  const conflictingExisting = await findExistingAiProxyKey(input.userId)
+
+  if (conflictingExisting) {
+    return {
+      mode: 'existing',
+      ok: true,
+    }
+  }
+
+  return {
+    ok: false,
+    reason: 'request_failed',
+  }
+}
diff --git a/lib/aiproxy/client-provisioning.ts b/lib/aiproxy/client-provisioning.ts
@@ -0,0 +1,79 @@
+'use client'
+
+let aiProxyProvisioningTask: Promise<boolean> | null = null
+let aiProxyKubeconfig: string | null = null
+let aiProxyKubeconfigTask: Promise<string | null> | null = null
+
+export function registerAiProxyKubeconfig(kubeconfig: string): void {
+  const normalizedKubeconfig = kubeconfig.trim()
+
+  if (normalizedKubeconfig) {
+    aiProxyKubeconfig = normalizedKubeconfig
+  }
+}
+
+export function registerAiProxyKubeconfigTask(task: Promise<string | null | undefined>): void {
+  aiProxyKubeconfigTask = task
+    .then((kubeconfig) => {
+      const normalizedKubeconfig = kubeconfig?.trim() || null
+
+      if (normalizedKubeconfig) {
+        aiProxyKubeconfig = normalizedKubeconfig
+      }
+
+      return normalizedKubeconfig
+    })
+    .catch(() => null)
+}
+
+export function getAiProxyProvisioningTask(runProvisioning: () => Promise<boolean>): Promise<boolean> {
+  if (!aiProxyProvisioningTask) {
+    aiProxyProvisioningTask = runProvisioning()
+      .catch(() => false)
+      .finally(() => {
+        aiProxyProvisioningTask = null
+      })
+  }
+
+  return aiProxyProvisioningTask
+}
+
+async function resolveAiProxyKubeconfig(): Promise<string | null> {
+  if (aiProxyKubeconfig) {
+    return aiProxyKubeconfig
+  }
+
+  if (!aiProxyKubeconfigTask) {
+    return null
+  }
+
+  return await aiProxyKubeconfigTask
+}
+
+async function requestAiProxyProvisioning(kubeconfig: string | null): Promise<boolean> {
+  const response = await fetch('/api/aiproxy/provision', {
+    body: JSON.stringify(kubeconfig ? { kubeconfig } : {}),
+    headers: {
+      'Content-Type': 'application/json',
+    },
+    method: 'POST',
+  })
+
+  if (!response.ok) {
+    return false
+  }
+
+  const body = (await response.json().catch(() => null)) as { success?: unknown } | null
+  return body?.success === true
+}
+
+export async function ensureAiProxyProvisioned(): Promise<boolean> {
+  const kubeconfig = await resolveAiProxyKubeconfig()
+  return await getAiProxyProvisioningTask(() => requestAiProxyProvisioning(kubeconfig))
+}
+
+export function resetAiProxyProvisioningTaskForTests(): void {
+  aiProxyProvisioningTask = null
+  aiProxyKubeconfig = null
+  aiProxyKubeconfigTask = null
+}
diff --git a/lib/aiproxy/constants.ts b/lib/aiproxy/constants.ts
@@ -0,0 +1,3 @@
+export const AIPROXY_AUTO_TOKEN_NAME = 'shiprepo'
+export const AIPROXY_MODEL_BASE_URL = 'https://aiproxy.usw-1.sealos.io/v1'
+export const AIPROXY_TOKEN_MANAGEMENT_BASE_URL = 'https://aiproxy-web.usw-1.sealos.io/api/v2alpha'