@aexol/spectral 0.7.1 → 0.7.5

package/dist/pi/ai/utils/node-http-proxy.js

@@ -0,0 +1,96 @@
+import { HttpProxyAgent } from "http-proxy-agent";
+import { HttpsProxyAgent } from "https-proxy-agent";
+const DEFAULT_PROXY_PORTS = {
+    ftp: 21,
+    gopher: 70,
+    http: 80,
+    https: 443,
+    ws: 80,
+    wss: 443,
+};
+export const UNSUPPORTED_PROXY_PROTOCOL_MESSAGE = "Unsupported proxy protocol. SOCKS and PAC proxy URLs are not supported; use an HTTP or HTTPS proxy URL.";
+function getProxyEnv(key) {
+    return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || "";
+}
+function parseProxyTargetUrl(targetUrl) {
+    if (targetUrl instanceof URL) {
+        return targetUrl;
+    }
+    try {
+        return new URL(targetUrl);
+    }
+    catch {
+        return undefined;
+    }
+}
+function shouldProxyHostname(hostname, port) {
+    const noProxy = getProxyEnv("no_proxy").toLowerCase();
+    if (!noProxy) {
+        return true;
+    }
+    if (noProxy === "*") {
+        return false;
+    }
+    return noProxy.split(/[,\s]/).every((proxy) => {
+        if (!proxy) {
+            return true;
+        }
+        const parsedProxy = proxy.match(/^(.+):(\d+)$/);
+        let proxyHostname = parsedProxy ? parsedProxy[1] : proxy;
+        const proxyPort = parsedProxy ? Number.parseInt(parsedProxy[2], 10) : 0;
+        if (proxyPort && proxyPort !== port) {
+            return true;
+        }
+        if (!/^[.*]/.test(proxyHostname)) {
+            return hostname !== proxyHostname;
+        }
+        if (proxyHostname.startsWith("*")) {
+            proxyHostname = proxyHostname.slice(1);
+        }
+        return !hostname.endsWith(proxyHostname);
+    });
+}
+function getProxyForUrl(targetUrl) {
+    const parsedUrl = parseProxyTargetUrl(targetUrl);
+    if (!parsedUrl?.protocol || !parsedUrl.host) {
+        return "";
+    }
+    const protocol = parsedUrl.protocol.split(":", 1)[0];
+    const hostname = parsedUrl.host.replace(/:\d*$/, "");
+    const port = Number.parseInt(parsedUrl.port, 10) || DEFAULT_PROXY_PORTS[protocol] || 0;
+    if (!shouldProxyHostname(hostname, port)) {
+        return "";
+    }
+    let proxy = getProxyEnv(`${protocol}_proxy`) || getProxyEnv("all_proxy");
+    if (proxy && !proxy.includes("://")) {
+        proxy = `${protocol}://${proxy}`;
+    }
+    return proxy;
+}
+export function resolveHttpProxyUrlForTarget(targetUrl) {
+    const proxy = getProxyForUrl(targetUrl);
+    if (!proxy) {
+        return undefined;
+    }
+    let proxyUrl;
+    try {
+        proxyUrl = new URL(proxy);
+    }
+    catch (error) {
+        throw new Error(`Invalid proxy URL ${JSON.stringify(proxy)}: ${error instanceof Error ? error.message : String(error)}`);
+    }
+    if (proxyUrl.protocol !== "http:" && proxyUrl.protocol !== "https:") {
+        throw new Error(`${UNSUPPORTED_PROXY_PROTOCOL_MESSAGE} Got ${proxyUrl.protocol}`);
+    }
+    return proxyUrl;
+}
+export function createHttpProxyAgentsForTarget(targetUrl) {
+    const proxyUrl = resolveHttpProxyUrlForTarget(targetUrl);
+    if (!proxyUrl) {
+        return undefined;
+    }
+    return {
+        httpAgent: new HttpProxyAgent(proxyUrl),
+        httpsAgent: new HttpsProxyAgent(proxyUrl),
+    };
+}

package/dist/pi/ai/utils/oauth/anthropic.js

@@ -0,0 +1,334 @@
+/**
+ * Anthropic OAuth flow (Claude Pro/Max)
+ *
+ * NOTE: This module uses Node.js http.createServer for the OAuth callback server.
+ * It is only intended for CLI use, not browser environments.
+ */
+import { oauthErrorHtml, oauthSuccessHtml } from "./oauth-page.js";
+import { generatePKCE } from "./pkce.js";
+let nodeApis = null;
+let nodeApisPromise = null;
+const decode = (s) => atob(s);
+const CLIENT_ID = decode("OWQxYzI1MGEtZTYxYi00NGQ5LTg4ZWQtNTk0NGQxOTYyZjVl");
+const AUTHORIZE_URL = "https://claude.ai/oauth/authorize";
+const TOKEN_URL = "https://platform.claude.com/v1/oauth/token";
+const CALLBACK_HOST = process.env.PI_OAUTH_CALLBACK_HOST || "127.0.0.1";
+const CALLBACK_PORT = 53692;
+const CALLBACK_PATH = "/callback";
+const REDIRECT_URI = `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`;
+const SCOPES = "org:create_api_key user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload";
+async function getNodeApis() {
+    if (nodeApis)
+        return nodeApis;
+    if (!nodeApisPromise) {
+        if (typeof process === "undefined" || (!process.versions?.node && !process.versions?.bun)) {
+            throw new Error("Anthropic OAuth is only available in Node.js environments");
+        }
+        nodeApisPromise = import("node:http").then((httpModule) => ({
+            createServer: httpModule.createServer,
+        }));
+    }
+    nodeApis = await nodeApisPromise;
+    return nodeApis;
+}
+function parseAuthorizationInput(input) {
+    const value = input.trim();
+    if (!value)
+        return {};
+    try {
+        const url = new URL(value);
+        return {
+            code: url.searchParams.get("code") ?? undefined,
+            state: url.searchParams.get("state") ?? undefined,
+        };
+    }
+    catch {
+        // not a URL
+    }
+    if (value.includes("#")) {
+        const [code, state] = value.split("#", 2);
+        return { code, state };
+    }
+    if (value.includes("code=")) {
+        const params = new URLSearchParams(value);
+        return {
+            code: params.get("code") ?? undefined,
+            state: params.get("state") ?? undefined,
+        };
+    }
+    return { code: value };
+}
+function formatErrorDetails(error) {
+    if (error instanceof Error) {
+        const details = [`${error.name}: ${error.message}`];
+        const errorWithCode = error;
+        if (errorWithCode.code)
+            details.push(`code=${errorWithCode.code}`);
+        if (typeof errorWithCode.errno !== "undefined")
+            details.push(`errno=${String(errorWithCode.errno)}`);
+        if (typeof error.cause !== "undefined") {
+            details.push(`cause=${formatErrorDetails(error.cause)}`);
+        }
+        if (error.stack) {
+            details.push(`stack=${error.stack}`);
+        }
+        return details.join("; ");
+    }
+    return String(error);
+}
+async function startCallbackServer(expectedState) {
+    const { createServer } = await getNodeApis();
+    return new Promise((resolve, reject) => {
+        let settleWait;
+        const waitForCodePromise = new Promise((resolveWait) => {
+            let settled = false;
+            settleWait = (value) => {
+                if (settled)
+                    return;
+                settled = true;
+                resolveWait(value);
+            };
+        });
+        const server = createServer((req, res) => {
+            try {
+                const url = new URL(req.url || "", "http://localhost");
+                if (url.pathname !== CALLBACK_PATH) {
+                    res.writeHead(404, { "Content-Type": "text/html; charset=utf-8" });
+                    res.end(oauthErrorHtml("Callback route not found."));
+                    return;
+                }
+                const code = url.searchParams.get("code");
+                const state = url.searchParams.get("state");
+                const error = url.searchParams.get("error");
+                if (error) {
+                    res.writeHead(400, { "Content-Type": "text/html; charset=utf-8" });
+                    res.end(oauthErrorHtml("Anthropic authentication did not complete.", `Error: ${error}`));
+                    return;
+                }
+                if (!code || !state) {
+                    res.writeHead(400, { "Content-Type": "text/html; charset=utf-8" });
+                    res.end(oauthErrorHtml("Missing code or state parameter."));
+                    return;
+                }
+                if (state !== expectedState) {
+                    res.writeHead(400, { "Content-Type": "text/html; charset=utf-8" });
+                    res.end(oauthErrorHtml("State mismatch."));
+                    return;
+                }
+                res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+                res.end(oauthSuccessHtml("Anthropic authentication completed. You can close this window."));
+                settleWait?.({ code, state });
+            }
+            catch {
+                res.writeHead(500, { "Content-Type": "text/plain; charset=utf-8" });
+                res.end("Internal error");
+            }
+        });
+        server.on("error", (err) => {
+            reject(err);
+        });
+        server.listen(CALLBACK_PORT, CALLBACK_HOST, () => {
+            resolve({
+                server,
+                redirectUri: REDIRECT_URI,
+                cancelWait: () => {
+                    settleWait?.(null);
+                },
+                waitForCode: () => waitForCodePromise,
+            });
+        });
+    });
+}
+async function postJson(url, body) {
+    const response = await fetch(url, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            Accept: "application/json",
+        },
+        body: JSON.stringify(body),
+        signal: AbortSignal.timeout(30_000),
+    });
+    const responseBody = await response.text();
+    if (!response.ok) {
+        throw new Error(`HTTP request failed. status=${response.status}; url=${url}; body=${responseBody}`);
+    }
+    return responseBody;
+}
+async function exchangeAuthorizationCode(code, state, verifier, redirectUri) {
+    let responseBody;
+    try {
+        responseBody = await postJson(TOKEN_URL, {
+            grant_type: "authorization_code",
+            client_id: CLIENT_ID,
+            code,
+            state,
+            redirect_uri: redirectUri,
+            code_verifier: verifier,
+        });
+    }
+    catch (error) {
+        throw new Error(`Token exchange request failed. url=${TOKEN_URL}; redirect_uri=${redirectUri}; response_type=authorization_code; details=${formatErrorDetails(error)}`);
+    }
+    let tokenData;
+    try {
+        tokenData = JSON.parse(responseBody);
+    }
+    catch (error) {
+        throw new Error(`Token exchange returned invalid JSON. url=${TOKEN_URL}; body=${responseBody}; details=${formatErrorDetails(error)}`);
+    }
+    return {
+        refresh: tokenData.refresh_token,
+        access: tokenData.access_token,
+        expires: Date.now() + tokenData.expires_in * 1000 - 5 * 60 * 1000,
+    };
+}
+/**
+ * Login with Anthropic OAuth (authorization code + PKCE)
+ */
+export async function loginAnthropic(options) {
+    const { verifier, challenge } = await generatePKCE();
+    const server = await startCallbackServer(verifier);
+    let code;
+    let state;
+    let redirectUriForExchange = REDIRECT_URI;
+    try {
+        const authParams = new URLSearchParams({
+            code: "true",
+            client_id: CLIENT_ID,
+            response_type: "code",
+            redirect_uri: REDIRECT_URI,
+            scope: SCOPES,
+            code_challenge: challenge,
+            code_challenge_method: "S256",
+            state: verifier,
+        });
+        options.onAuth({
+            url: `${AUTHORIZE_URL}?${authParams.toString()}`,
+            instructions: "Complete login in your browser. If the browser is on another machine, paste the final redirect URL here.",
+        });
+        if (options.onManualCodeInput) {
+            let manualInput;
+            let manualError;
+            const manualPromise = options
+                .onManualCodeInput()
+                .then((input) => {
+                manualInput = input;
+                server.cancelWait();
+            })
+                .catch((err) => {
+                manualError = err instanceof Error ? err : new Error(String(err));
+                server.cancelWait();
+            });
+            const result = await server.waitForCode();
+            if (manualError) {
+                throw manualError;
+            }
+            if (result?.code) {
+                code = result.code;
+                state = result.state;
+                redirectUriForExchange = REDIRECT_URI;
+            }
+            else if (manualInput) {
+                const parsed = parseAuthorizationInput(manualInput);
+                if (parsed.state && parsed.state !== verifier) {
+                    throw new Error("OAuth state mismatch");
+                }
+                code = parsed.code;
+                state = parsed.state ?? verifier;
+            }
+            if (!code) {
+                await manualPromise;
+                if (manualError) {
+                    throw manualError;
+                }
+                if (manualInput) {
+                    const parsed = parseAuthorizationInput(manualInput);
+                    if (parsed.state && parsed.state !== verifier) {
+                        throw new Error("OAuth state mismatch");
+                    }
+                    code = parsed.code;
+                    state = parsed.state ?? verifier;
+                }
+            }
+        }
+        else {
+            const result = await server.waitForCode();
+            if (result?.code) {
+                code = result.code;
+                state = result.state;
+                redirectUriForExchange = REDIRECT_URI;
+            }
+        }
+        if (!code) {
+            const input = await options.onPrompt({
+                message: "Paste the authorization code or full redirect URL:",
+                placeholder: REDIRECT_URI,
+            });
+            const parsed = parseAuthorizationInput(input);
+            if (parsed.state && parsed.state !== verifier) {
+                throw new Error("OAuth state mismatch");
+            }
+            code = parsed.code;
+            state = parsed.state ?? verifier;
+        }
+        if (!code) {
+            throw new Error("Missing authorization code");
+        }
+        if (!state) {
+            throw new Error("Missing OAuth state");
+        }
+        options.onProgress?.("Exchanging authorization code for tokens...");
+        return exchangeAuthorizationCode(code, state, verifier, redirectUriForExchange);
+    }
+    finally {
+        server.server.close();
+    }
+}
+/**
+ * Refresh Anthropic OAuth token
+ */
+export async function refreshAnthropicToken(refreshToken) {
+    let responseBody;
+    try {
+        responseBody = await postJson(TOKEN_URL, {
+            grant_type: "refresh_token",
+            client_id: CLIENT_ID,
+            refresh_token: refreshToken,
+        });
+    }
+    catch (error) {
+        throw new Error(`Anthropic token refresh request failed. url=${TOKEN_URL}; details=${formatErrorDetails(error)}`);
+    }
+    let data;
+    try {
+        data = JSON.parse(responseBody);
+    }
+    catch (error) {
+        throw new Error(`Anthropic token refresh returned invalid JSON. url=${TOKEN_URL}; body=${responseBody}; details=${formatErrorDetails(error)}`);
+    }
+    return {
+        refresh: data.refresh_token,
+        access: data.access_token,
+        expires: Date.now() + data.expires_in * 1000 - 5 * 60 * 1000,
+    };
+}
+export const anthropicOAuthProvider = {
+    id: "anthropic",
+    name: "Anthropic (Claude Pro/Max)",
+    usesCallbackServer: true,
+    async login(callbacks) {
+        return loginAnthropic({
+            onAuth: callbacks.onAuth,
+            onPrompt: callbacks.onPrompt,
+            onProgress: callbacks.onProgress,
+            onManualCodeInput: callbacks.onManualCodeInput,
+        });
+    },
+    async refreshToken(credentials) {
+        return refreshAnthropicToken(credentials.refresh);
+    },
+    getApiKey(credentials) {
+        return credentials.access;
+    },
+};

package/dist/pi/ai/utils/oauth/device-code.js

@@ -0,0 +1,54 @@
+const CANCEL_MESSAGE = "Login cancelled";
+const TIMEOUT_MESSAGE = "Device flow timed out";
+const SLOW_DOWN_TIMEOUT_MESSAGE = "Device flow timed out after one or more slow_down responses. This is often caused by clock drift in WSL or VM environments. Please sync or restart the VM clock and try again.";
+const MINIMUM_INTERVAL_MS = 1000;
+// RFC 8628 section 3.2: if the authorization server omits `interval`, the client must use 5 seconds.
+const DEFAULT_POLL_INTERVAL_SECONDS = 5;
+// RFC 8628 section 3.5: `slow_down` means the polling interval must increase by 5 seconds.
+const SLOW_DOWN_INTERVAL_INCREMENT_MS = 5000;
+function abortableSleep(ms, signal, cancelMessage) {
+    return new Promise((resolve, reject) => {
+        if (signal?.aborted) {
+            reject(new Error(cancelMessage));
+            return;
+        }
+        const onAbort = () => {
+            clearTimeout(timeout);
+            reject(new Error(cancelMessage));
+        };
+        const timeout = setTimeout(() => {
+            signal?.removeEventListener("abort", onAbort);
+            resolve();
+        }, ms);
+        signal?.addEventListener("abort", onAbort, { once: true });
+    });
+}
+export async function pollOAuthDeviceCodeFlow(options) {
+    const deadline = typeof options.expiresInSeconds === "number"
+        ? Date.now() + options.expiresInSeconds * 1000
+        : Number.POSITIVE_INFINITY;
+    let intervalMs = Math.max(MINIMUM_INTERVAL_MS, Math.floor((options.intervalSeconds ?? DEFAULT_POLL_INTERVAL_SECONDS) * 1000));
+    let slowDownResponses = 0;
+    while (Date.now() < deadline) {
+        if (options.signal?.aborted) {
+            throw new Error(CANCEL_MESSAGE);
+        }
+        const remainingMs = deadline - Date.now();
+        await abortableSleep(Math.min(intervalMs, remainingMs), options.signal, CANCEL_MESSAGE);
+        const result = await options.poll();
+        if (result.status === "complete") {
+            return result.accessToken;
+        }
+        if (result.status === "pending") {
+            continue;
+        }
+        if (result.status === "slow_down") {
+            slowDownResponses += 1;
+            // RFC 8628 section 3.5: apply this increase to this and all subsequent requests.
+            intervalMs = Math.max(MINIMUM_INTERVAL_MS, intervalMs + SLOW_DOWN_INTERVAL_INCREMENT_MS);
+            continue;
+        }
+        throw new Error(result.message);
+    }
+    throw new Error(slowDownResponses > 0 ? SLOW_DOWN_TIMEOUT_MESSAGE : TIMEOUT_MESSAGE);
+}