[codex] Desktop local-first Rust daemon MVP

.gitignore

@@ -10,11 +10,16 @@ venv/
 .DS_Store
 dump/
 /scripts/
+!/scripts/
+!/scripts/hybrid-local.sh
 *.zip
 *.wav
 node_modules
 yarn.lock
 
+# Cursor (agent-generated plans; rules/hooks remain tracked)
+.cursor/plans/
+
 # Coordination (AI agent collab manifests)
 .coordination/
 
@@ -30,7 +35,9 @@ yarn.lock
 build/
 dist/
 .build/
+**/.build-*/
 .swiftpm/
+**/target/
 
 # VS Code
 .vscode/*
@@ -103,7 +110,10 @@ web/app/public/firebase-messaging-sw.js
 !app/pubspec.lock
 !app/ios/Podfile.lock
 !mcp/uv.lock
+desktop/codex-proxy/target/
+desktop/local-asr-helper/target/
 *.lock
+!desktop/codex-proxy/Cargo.lock
 *.log
 *.swo
 *.swp
@@ -221,3 +231,7 @@ app/macos/Runner/LocalDev.entitlements
 # Generated browser snapshots (contain PII)
 builds-snapshot.md
 *-snapshot.md
+
+# Cursor / agent local artifacts
+.cursor/plans/
+desktop/Desktop/.build-*/

Makefile

@@ -0,0 +1,26 @@
+# Hybrid local development (desktop local daemon + Omi Dev app).
+# See desktop/local-backend/docs/local-mvp-runbook.md
+
+.PHONY: help serve-local down-local local-asr-fixture
+
+help:
+	@echo "Hybrid local development targets:"
+	@echo "  make serve-local   Start omi-local-backend + Omi Dev (tmux when available)"
+	@echo "  make down-local    Stop tmux session, daemon, and dev desktop app"
+	@echo "  make local-asr-fixture"
+	@echo "                     Build a production-shaped Local Whisper fixture manifest"
+	@echo ""
+	@echo "Optional env: OMI_LOCAL_DAEMON_URL, OMI_LOCAL_BACKEND_DATA_DIR,"
+	@echo "              OMI_HYBRID_LOCAL_TMUX_SESSION (default: omi-hybrid-local)"
+	@echo "              OMI_HYBRID_LOCAL_ATTACH=0  start tmux detached"
+	@echo "              OMI_LOCAL_ASR_PYTHON       Python with mlx-whisper for local ASR fixture"
+	@echo "              OMI_LOCAL_ASR_FIXTURE_DIR  fixture output dir (default: /tmp/omi-local-asr-fixture)"
+
+serve-local:
+	@bash "$(CURDIR)/scripts/hybrid-local.sh" up
+
+down-local:
+	@bash "$(CURDIR)/scripts/hybrid-local.sh" down
+
+local-asr-fixture:
+	@bash "$(CURDIR)/desktop/local-asr-addon/build_dev_fixture.sh"

backend/database/users.py

@@ -215,6 +215,64 @@ def clear_byok_active(uid: str):
     )
 
 
+def get_chatgpt_state(uid: str) -> dict:
+    user_ref = db.collection('users').document(uid)
+    data = user_ref.get().to_dict() or {}
+    return data.get('chatgpt', {})
+
+
+def is_chatgpt_active(uid: str) -> bool:
+    """True if user enrolled ChatGPT/Codex tier (LLM-only; separate from four-key BYOK)."""
+    state = get_chatgpt_state(uid)
+    if not state.get('active'):
+        return False
+    last_seen = state.get('last_seen_at')
+    if not last_seen:
+        return False
+    if isinstance(last_seen, datetime):
+        age = (datetime.now(timezone.utc) - last_seen).total_seconds()
+    else:
+        return False
+    return age <= BYOK_HEARTBEAT_TTL_SECONDS
+
+
+def set_chatgpt_active(uid: str, fingerprint: str):
+    user_ref = db.collection('users').document(uid)
+    user_ref.set(
+        {
+            'chatgpt': {
+                'active': True,
+                'fingerprint': fingerprint,
+                'last_seen_at': datetime.now(timezone.utc),
+            }
+        },
+        merge=True,
+    )
+
+
+def touch_chatgpt_heartbeat(uid: str):
+    """Refresh ChatGPT tier heartbeat (called when a valid fingerprint is on the request)."""
+    user_ref = db.collection('users').document(uid)
+    user_ref.set(
+        {'chatgpt': {'last_seen_at': datetime.now(timezone.utc)}},
+        merge=True,
+    )
+
+
+def clear_chatgpt_active(uid: str):
+    user_ref = db.collection('users').document(uid)
+    user_ref.set(
+        {
+            'chatgpt': {
+                'active': False,
+                'fingerprint': '',
+                'last_seen_at': datetime.now(timezone.utc),
+            }
+        },
+        merge=True,
+    )
+
+
 def set_user_deletion_feedback(uid: str, reason: Optional[str], reason_details: Optional[str] = None):
     # Stored in a top-level collection so it survives the user record being deleted.
     db.collection('account_deletions').document(uid).set(

backend/main.py

@@ -144,8 +144,10 @@
 app.add_middleware(TimeoutMiddleware, methods_timeout=methods_timeout)
 
 from utils.byok import BYOKMiddleware
+from utils.chatgpt import ChatGPTMiddleware
 
 app.add_middleware(BYOKMiddleware)
+app.add_middleware(ChatGPTMiddleware)
 
 
 @app.on_event("shutdown")

backend/routers/users.py

@@ -98,6 +98,7 @@
 from utils.webhooks import webhook_first_time_setup
 from database.action_items import get_action_items as get_standalone_action_items
 from utils.byok import has_byok_keys, invalidate_byok_state_cache
+from utils.chatgpt import chatgpt_request_grants_bypass
 import logging
 
 logger = logging.getLogger(__name__)
@@ -813,6 +814,47 @@ def deactivate_byok_endpoint(uid: str = Depends(auth.get_current_user_uid_no_byo
     return {"active": False}
 
 
+class ChatGPTActivateRequest(BaseModel):
+    fingerprint: str
+
+
+@router.post('/v1/users/me/chatgpt-active', tags=['v1'])
+def activate_chatgpt_endpoint(
+    data: ChatGPTActivateRequest, uid: str = Depends(auth.get_current_user_uid_no_byok_validation)
+):
+    """Enroll ChatGPT / Codex subscription tier (LLM workloads only; no provider keys stored)."""
+    if not _SHA256_HEX_RE.match(data.fingerprint):
+        raise HTTPException(
+            status_code=400,
+            detail='Invalid fingerprint: expected lowercase hex SHA-256 (64 chars)',
+        )
+    users_db.set_chatgpt_active(uid, data.fingerprint)
+    clear_trial_paywall_cache(uid)
+    return {"active": True}
+
+
+@router.delete('/v1/users/me/chatgpt-active', tags=['v1'])
+def deactivate_chatgpt_endpoint(uid: str = Depends(auth.get_current_user_uid_no_byok_validation)):
+    """Drop ChatGPT / Codex tier enrollment."""
+    users_db.clear_chatgpt_active(uid)
+    clear_trial_paywall_cache(uid)
+    return {"active": False}
+
+
+def _chatgpt_unlimited_subscription() -> Subscription:
+    return Subscription(
+        plan=PlanType.unlimited,
+        status=SubscriptionStatus.active,
+        features=["chatgpt"],
+        limits=PlanLimits(
+            transcription_seconds=None,
+            words_transcribed=None,
+            insights_gained=None,
+            memories_created=None,
+        ),
+    )
+
+
 def _byok_unlimited_subscription() -> Subscription:
     """BYOK free plan: unlimited limits, marked with the `byok` feature flag."""
     return Subscription(
@@ -844,6 +886,22 @@ def get_user_subscription_endpoint(
     # these users aren't surprised by a disabled phone-call feature.
     unlimited_phone_quota = PhoneCallQuota(has_access=True, is_paid=True)
 
+    if chatgpt_request_grants_bypass(uid):
+        return UserSubscriptionResponse(
+            subscription=_chatgpt_unlimited_subscription(),
+            transcription_seconds_used=0,
+            transcription_seconds_limit=0,
+            words_transcribed_used=0,
+            words_transcribed_limit=0,
+            insights_gained_used=0,
+            insights_gained_limit=0,
+            memories_created_used=0,
+            memories_created_limit=0,
+            available_plans=[],
+            show_subscription_ui=False,
+            phone_call_quota=unlimited_phone_quota,
+        )
+
     if users_db.is_byok_active(uid) and has_byok_keys():
         return UserSubscriptionResponse(
             subscription=_byok_unlimited_subscription(),
@@ -1053,6 +1111,18 @@ def get_user_chat_usage_quota(
     # BYOK free plan: user brings their own keys, so there's no Omi-side cost
     # to meter. Only return unlimited when BYOK headers are on the request (desktop).
     # Mobile (no headers) should see real quota.
+    if chatgpt_request_grants_bypass(uid):
+        return ChatUsageQuota(
+            plan='Free (ChatGPT)',
+            plan_type=PlanType.unlimited.value,
+            unit=ChatQuotaUnit.questions,
+            used=0.0,
+            limit=None,
+            percent=0.0,
+            allowed=True,
+            reset_at=None,
+        )
+
     if users_db.is_byok_active(uid) and has_byok_keys():
         return ChatUsageQuota(
             plan='Free (BYOK)',

backend/tests/unit/test_chatgpt_enrollment.py

@@ -0,0 +1,35 @@
+"""Unit tests for ChatGPT / Codex tier enrollment (standalone, no Firestore imports)."""
+
+import re
+from datetime import datetime, timedelta, timezone
+
+_SHA256_HEX_RE = re.compile(r'^[a-f0-9]{64}$')
+_SHA256 = 'a' * 64
+_CHATGPT_TTL_SECONDS = 7 * 24 * 60 * 60
+
+
+def _is_chatgpt_active_state(state: dict) -> bool:
+    if not state.get('active'):
+        return False
+    last_seen = state.get('last_seen_at')
+    if not isinstance(last_seen, datetime):
+        return False
+    age = (datetime.now(timezone.utc) - last_seen).total_seconds()
+    return age <= _CHATGPT_TTL_SECONDS
+
+
+def test_fingerprint_must_be_sha256_hex():
+    assert _SHA256_HEX_RE.match(_SHA256)
+    assert not _SHA256_HEX_RE.match('not-hex')
+    assert not _SHA256_HEX_RE.match('A' * 64)
+
+
+def test_chatgpt_active_ttl():
+    fresh = {'active': True, 'last_seen_at': datetime.now(timezone.utc) - timedelta(days=1)}
+    assert _is_chatgpt_active_state(fresh) is True
+
+    stale = {'active': True, 'last_seen_at': datetime.now(timezone.utc) - timedelta(days=30)}
+    assert _is_chatgpt_active_state(stale) is False
+
+    inactive = {'active': False, 'last_seen_at': datetime.now(timezone.utc)}
+    assert _is_chatgpt_active_state(inactive) is False

backend/utils/chatgpt.py

@@ -0,0 +1,74 @@
+"""Per-request ChatGPT / Codex tier fingerprint plumbing.
+
+Desktop sends ``X-ChatGPT-Fingerprint`` (SHA-256 of Codex account_id) on requests
+while Codex is active. Quota and subscription bypass require a matching enrolled
+fingerprint on the same request — enrollment alone is not enough (mirrors BYOK).
+"""
+
+import logging
+import re
+from contextvars import ContextVar
+from datetime import datetime, timezone
+from typing import Optional
+
+from starlette.middleware.base import BaseHTTPMiddleware
+from starlette.requests import Request
+
+import database.users as users_db
+
+logger = logging.getLogger('chatgpt')
+
+CHATGPT_FINGERPRINT_HEADER = 'x-chatgpt-fingerprint'
+_SHA256_HEX_RE = re.compile(r'^[a-f0-9]{64}$')
+# Refresh Firestore heartbeat at most once per day when desktop sends a valid fingerprint.
+_HEARTBEAT_REFRESH_INTERVAL_SECONDS = 24 * 60 * 60
+
+_chatgpt_fp_ctx: ContextVar[Optional[str]] = ContextVar('chatgpt_fingerprint', default=None)
+
+
+def get_chatgpt_fingerprint() -> Optional[str]:
+    return _chatgpt_fp_ctx.get()
+
+
+def has_chatgpt_fingerprint() -> bool:
+    """True if the current request carries a ChatGPT enrollment fingerprint header."""
+    return bool(_chatgpt_fp_ctx.get())
+
+
+def chatgpt_request_grants_bypass(uid: str) -> bool:
+    """True when enrolled and this request's fingerprint matches Firestore enrollment.
+
+    Refreshes ``last_seen_at`` on success so desktop enrollment stays alive without
+    re-posting to ``/chatgpt-active`` every week.
+    """
+    fp = _chatgpt_fp_ctx.get()
+    if not fp or not _SHA256_HEX_RE.match(fp):
+        return False
+    if not users_db.is_chatgpt_active(uid):
+        return False
+    state = users_db.get_chatgpt_state(uid)
+    if state.get('fingerprint') != fp:
+        return False
+    last_seen = state.get('last_seen_at')
+    if not isinstance(last_seen, datetime):
+        users_db.touch_chatgpt_heartbeat(uid)
+    else:
+        age = (datetime.now(timezone.utc) - last_seen).total_seconds()
+        if age >= _HEARTBEAT_REFRESH_INTERVAL_SECONDS:
+            users_db.touch_chatgpt_heartbeat(uid)
+    return True
+
+
+class ChatGPTMiddleware(BaseHTTPMiddleware):
+    """Extract ChatGPT fingerprint header into a per-request contextvar."""
+
+    async def dispatch(self, request: Request, call_next):
+        raw = request.headers.get(CHATGPT_FINGERPRINT_HEADER)
+        fp = raw.strip() if raw else None
+        if fp and not _SHA256_HEX_RE.match(fp):
+            fp = None
+        token = _chatgpt_fp_ctx.set(fp)
+        try:
+            return await call_next(request)
+        finally:
+            _chatgpt_fp_ctx.reset(token)

backend/utils/subscription.py

@@ -13,6 +13,7 @@
 from database.announcements import compare_versions
 from models.users import PlanType, SubscriptionStatus, Subscription, PlanLimits, TrialMetadata
 from utils.byok import get_byok_key, get_byok_keys
+from utils.chatgpt import chatgpt_request_grants_bypass
 from utils.log_sanitizer import sanitize
 import logging
 
@@ -86,6 +87,8 @@ def _is_trial_expired_uncached(uid: str) -> bool:
             return False
         if users_db.is_byok_active(uid):
             return False
+        if users_db.is_chatgpt_active(uid):
+            return False
         user_record = firebase_auth.get_user(uid)
         creation_ms = user_record.user_metadata.creation_timestamp
         if not creation_ms:
@@ -157,7 +160,12 @@ def get_trial_metadata(uid: str) -> TrialMetadata:
         # Same request-level escape hatch as `_is_trial_expired_cached`: a request
         # carrying all 4 BYOK provider headers is treated as BYOK-active even if
         # Firestore hasn't caught up yet.
-        if plan != PlanType.basic or users_db.is_byok_active(uid) or _request_has_all_byok_keys():
+        if (
+            plan != PlanType.basic
+            or users_db.is_byok_active(uid)
+            or users_db.is_chatgpt_active(uid)
+            or _request_has_all_byok_keys()
+        ):
             return TrialMetadata(
                 trial_expired=False,
                 trial_duration_seconds=TRIAL_LENGTH_SECONDS,
@@ -534,6 +542,10 @@ def enforce_chat_quota(uid: str, platform: Optional[str] = None) -> None:
         )
 
     # BYOK users pay their own LLM provider — no Omi-side cost to cap.
+    # ChatGPT/Codex tier: bypass only when this request proves Codex enrollment (header).
+    if chatgpt_request_grants_bypass(uid):
+        return
+
     # Require an LLM provider key on this request (not just any BYOK header)
     # so a user can't activate with fake fingerprints or send only x-byok-deepgram
     # to bypass chat quota while chat falls back to Omi's OpenAI/Anthropic keys.