Skip to content

feat: add Codex-authored API proxy dashboard#118

Open
mingisrookie wants to merge 10 commits into
170-carry:mainfrom
mingisrookie:codex/official-dashboard-metrics-ui
Open

feat: add Codex-authored API proxy dashboard#118
mingisrookie wants to merge 10 commits into
170-carry:mainfrom
mingisrookie:codex/official-dashboard-metrics-ui

Conversation

@mingisrookie
Copy link
Copy Markdown

@mingisrookie mingisrookie commented May 10, 2026

Summary

This PR is intentionally Codex-authored. The dashboard metrics and UI changes were implemented by Codex, and the UI keeps a noticeable Codex-style information-dense dashboard aesthetic.

It combines the upstream-facing parts of our dashboard work into one reviewable branch because the UI depends on the runtime metrics/data plumbing.

Preview

API Proxy dashboard Codex preview

What changed

  • Adds an API proxy runtime dashboard surface for request volume, failure rate, latency, token usage, cache hits/misses, in-flight requests, top models/accounts/endpoints, recent requests, and recent failures.
  • Adds backend dashboard metrics recording around proxy request lifecycles, including SSE terminal outcome tracking and client-disconnect classification.
  • Adds a dedicated Dashboard tab/panel with a calmer card layout, trend chart, ranking sections, and readable recent request/failure tables.
  • Keeps axis labels and narrow-width behavior readable with a small dashboard axis helper.
  • Updates API proxy documentation for the dashboard/images routes and diagnostic behavior.

Authorship note

Implemented by Codex. This is not hand-written UI polish; reviewers should treat the UI direction as a Codex-authored proposal and feel free to request visual simplification if it does not match the project style.

Verification

  • npm run lint
  • npm run build
  • cargo test --manifest-path src-tauri/Cargo.toml proxy_service::tests:: -- --nocapture

Note: npm run build still emits the existing Vite chunk-size warning only.

Codex Agent added 10 commits May 4, 2026 17:09
Let operators disable bad accounts before proxy routing burns latency
c2a93d6 
The proxy was still willing to consider every imported account, so blocked or free accounts could sit ahead of healthier paid accounts and slow request fallback. This adds a persisted account enabled flag, UI toggles, refresh/proxy filtering, candidate ordering tests, and a lightweight dashboard surface for proxy request health.

Constraint: Existing account stores must deserialize without an enabled field and continue to default to enabled.
Constraint: Live app replacement is intentionally left to a separate deployment step; this commit only builds into a temporary target.
Rejected: Reuse auth_refresh_blocked as the manual toggle | it represents automatic refresh suspension and would mix user intent with auth health.
Rejected: Stage temporary build and OMX artifacts | they are local verification/runtime state, not source.
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Do not let disabled accounts participate in refresh, smart switch, or proxy candidate selection without an explicit product decision.
Tested: rustfmt --edition 2021 --check src\models.rs src\account_service.rs src\proxy_service.rs src\lib.rs
Tested: npm run lint
Tested: git diff --check
Tested: cargo test --lib enabled
Tested: cargo test --lib proxy_candidates_prefer_unblocked_paid_accounts
Tested: cargo test --lib
Tested: npm run build
Tested: npm run tauri -- build --no-bundle -- --target-dir F:\codex-tools\.tmp-official-target
Not-tested: Manual click-through of the Tauri UI against a live installed app.
Keep proxy retries from poisoning account auth state
501ff5a 
Proxy routing may touch several candidate accounts while looking for a working upstream. Persisting refresh-token failures from that automatic retry path made the account management UI show broad "reauthorize" errors even though the proxy could still complete using a later account. The proxy now treats failed candidate refresh as a per-request routing failure and only persists successful token refreshes.

Constraint: Manual account refresh and reauthorization flows still own durable auth-health state.
Constraint: The proxy must continue to skip already-blocked candidates and continue retrying other accounts.
Rejected: Disable every failed account automatically | it converts transient routing probes into user-visible account state and caused the reported all-expired UI.
Rejected: Hide authRefreshBlocked in the UI | it would mask real manual refresh failures instead of fixing the proxy side effect.
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Do not persist proxy candidate refresh failures into authRefreshBlocked without a separate non-UI health channel.
Tested: rustfmt --edition 2021 --check src\proxy_service.rs
Tested: cargo test --lib proxy_candidates_prefer_unblocked_paid_accounts
Tested: npm run lint
Tested: cargo test --lib
Tested: npm run tauri -- build --no-bundle -- --target-dir F:\codex-tools\.tmp-official-target
Tested: live replacement of F:\Codex Tools\app.exe and F:\codex-tools\src-tauri\target\release\app.exe
Tested: cleared polluted live authRefreshBlocked flags, then 8666 /v1/responses twice returned OK without sustained auth-block growth
Not-tested: Full manual UI click-through inside the visible Tauri window.
Stop usage refresh from turning transient auth failures into relogin …
3cdd7c9 
…prompts

The account page uses authRefreshBlocked/authRefreshError as the durable signal for reauthorization prompts. Automatic usage refresh and proxy retry paths were writing that signal when a token refresh failed, so one background sweep could make many accounts look like they all needed manual login. Refresh failures now remain request/usage errors while successful refreshes still write updated tokens and clear stale auth state.

Constraint: Reauthorization prompts must come from deliberate account-management flows, not incidental proxy or usage probes.
Constraint: Successful token refresh still needs to persist new auth_json and clear stale errors.
Rejected: Hide authRefreshBlocked in the frontend | it would keep bad state in storage and mask the real write-side problem.
Rejected: Restore old candidate ordering only | it would reduce exposure but leave the same persistent side effect waiting for the next refresh sweep.
Confidence: high
Scope-risk: moderate
Reversibility: clean
Directive: Keep authRefreshBlocked as a durable/manual account-health signal; do not set it from automatic routing or usage probes.
Tested: rustfmt --edition 2021 --check src\account_service.rs src\proxy_service.rs
Tested: npm run lint
Tested: cargo test --lib
Tested: npm run tauri -- build --no-bundle -- --target-dir F:\codex-tools\.tmp-official-target
Tested: live replacement of F:\Codex Tools\app.exe and F:\codex-tools\src-tauri\target\release\app.exe
Tested: cleared polluted live flags, then two 8666 /v1/responses smokes returned OK and authRefreshBlocked/authRefreshError stayed 0/11
Not-tested: Full visible-window manual UI inspection.
Prepare the account-health release for distribution
812166d 
The account enablement, proxy health dashboard, and auth-state hardening work now has release-facing metadata. This bumps the app/package versions to 1.8.5 and documents the operator-visible behavior in the README and changelog without touching local build artifacts.

Constraint: Keep the release metadata patch separate from existing local runtime/temp artifacts.
Rejected: Push a release tag from this cleanup step | the user asked to push git changes, not to publish a release.
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep package.json, package-lock.json, Cargo.toml, Cargo.lock, and tauri.conf.json versions in sync for desktop releases.
Tested: npm run lint
Tested: npm run build
Tested: cargo test --manifest-path src-tauri\Cargo.toml --lib
Tested: git diff --check
Tested: npm run tauri -- build --no-bundle -- --target-dir F:\codex-tools\.tmp-official-target
Not-tested: GitHub Actions release workflow; no release tag was pushed.
Align account health work after the published image release
661f418 
GitHub already published v1.8.5 for the Codex image proxy and stream compatibility baseline. The account-health branch now merges that release line instead of reusing the same version number, then documents the account toggles, proxy candidate hardening, dashboard metrics, auth-state fix, and GPT-5.5 limit settings as v1.8.6.

Constraint: origin/main v1.8.5 is already tagged and must remain the image-proxy release baseline.
Constraint: The standalone proxyd crate reuses shared proxy_service.rs, so it must declare dashboard_metrics when proxy metrics are added.
Rejected: Keep account-health as v1.8.5 | conflicts with the existing GitHub v1.8.5 release tag and changelog semantics.
Rejected: Drop the upstream v1.8.5 changelog bullets | would hide already-published image proxy work.
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Compare against origin/main and existing tags before bumping release metadata; never reuse a published version for new feature work.
Tested: npm run lint
Tested: npm run build
Tested: cargo test --manifest-path src-tauri\proxyd\Cargo.toml
Tested: cargo test --manifest-path src-tauri\Cargo.toml --lib
Tested: git diff --check && git diff --cached --check
Tested: npm run tauri -- build --no-bundle -- --target-dir F:\codex-tools\.tmp-official-target
Not-tested: Release tag push or GitHub Actions release workflow.
Separate GPT-5.5 settings from the proxy control row
b2824c2 
The API proxy header row was carrying port, two GPT-5.5 setting groups, autostart, and action buttons in one grid. On the running layout this squeezed the right-side controls vertically. Move the context and auto-compact controls into a dedicated panel below the row so the primary proxy controls remain stable while the larger model settings have their own horizontal space.

Constraint: Keep the existing settings fields and persistence behavior unchanged.
Rejected: Shrink button labels or numeric values | it hides the layout pressure instead of fixing the control grouping.
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Keep large model tuning controls out of the primary proxy start/stop row unless the layout is verified at the app viewport width.
Tested: npm run lint
Tested: npm run build
Tested: git diff --check
Not-tested: Full Tauri visual click-through; browser screenshot attempt was blocked by missing local Playwright module.
Release the proxy layout fix as a patch version
657eeb5 
The v1.8.6 release tag was already published before the API proxy layout fix, so this bumps the app and proxyd crates to v1.8.7 and records the layout correction in the changelog instead of moving the existing tag.

Constraint: Published release tags should remain immutable.
Rejected: Retag v1.8.6 | would rewrite a published release boundary.
Confidence: high
Scope-risk: narrow
Reversibility: clean
Directive: Use a new patch version for post-release UI corrections once a tag has been pushed.
Tested: npm run lint
Tested: npm run build
Tested: cargo test --manifest-path src-tauri\Cargo.toml --lib proxy_candidates_prefer_unblocked_paid_accounts
Tested: git diff --check
Tested: npm run tauri -- build --no-bundle -- --target-dir F:\codex-tools\.tmp-official-target
Not-tested: Signed installer GitHub Actions matrix; fork default branch does not expose release.yml.
Merge origin main into v1.9.0 work
9ff86b5
Release v1.9.0 dashboard and proxy updates
00061b4
Prepare dashboard changes for upstream review
b6c5e21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mingisrookie