@ai-ide-bridge/cli 1.0.4 → 1.1.0

package/src/oauth/lifecycle.ts

@@ -0,0 +1,77 @@
+import type { OAuthConfig, StoredToken, TokenStore } from './types.js';
+
+export interface TokenLifecycleOptions {
+  gracePeriodMs?: number;
+  config?: OAuthConfig;
+}
+
+export class TokenLifecycle {
+  private gracePeriodMs: number;
+  private config?: OAuthConfig;
+
+  constructor(
+    private store: TokenStore,
+    options: TokenLifecycleOptions = {},
+  ) {
+    this.gracePeriodMs = options.gracePeriodMs ?? 0;
+    this.config = options.config;
+  }
+
+  async isValid(provider: string): Promise<boolean> {
+    const token = await this.store.get(provider);
+    if (!token) return false;
+
+    const expiresAt = token.expiresAt - this.gracePeriodMs;
+    return Date.now() < expiresAt;
+  }
+
+  async refresh(provider: string): Promise<StoredToken> {
+    const token = await this.store.get(provider);
+    if (!token?.refreshToken) {
+      throw new Error('No refresh token available');
+    }
+
+    if (!this.config) {
+      throw new Error('OAuthConfig required for token refresh');
+    }
+
+    const params = new URLSearchParams({
+      grant_type: 'refresh_token',
+      refresh_token: token.refreshToken,
+      client_id: this.config.provider.clientId,
+    });
+
+    const response = await fetch(this.config.provider.tokenUrl, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+      body: params.toString(),
+    });
+
+    if (!response.ok) {
+      const body = await response.text();
+      throw new Error(`Token refresh failed: ${response.status} ${body}`);
+    }
+
+    const data = (await response.json()) as Record<string, unknown>;
+
+    if (!data.access_token) {
+      throw new Error('Invalid token response: missing access_token');
+    }
+
+    const newToken: StoredToken = {
+      version: 1,
+      accessToken: data.access_token as string,
+      refreshToken: (data.refresh_token as string) ?? token.refreshToken,
+      expiresAt: Date.now() + ((data.expires_in as number) ?? 3600) * 1000,
+      scopes: token.scopes,
+    };
+
+    await this.store.set(provider, newToken);
+
+    if (this.config.onRefresh) {
+      await this.config.onRefresh(newToken);
+    }
+
+    return newToken;
+  }
+}

package/src/oauth/providers.ts

@@ -0,0 +1,21 @@
+import type { OAuthProvider } from './types.js';
+
+export const providers: Record<string, OAuthProvider> = {
+  copilot: {
+    id: 'copilot',
+    name: 'GitHub Copilot',
+    authUrl: 'https://github.com/login/oauth/authorize',
+    tokenUrl: 'https://github.com/login/oauth/access_token',
+    scopes: ['read:user', 'copilot'],
+    clientId: 'Iv1.2a8e2d1e0e8b4f3a',
+    deviceFlow: true,
+  },
+  cursor: {
+    id: 'cursor',
+    name: 'Cursor',
+    authUrl: 'https://authenticator.cursor.sh/oauth/authorize',
+    tokenUrl: 'https://authenticator.cursor.sh/oauth/token',
+    scopes: ['openid', 'profile', 'email'],
+    clientId: 'cursor-oauth-client',
+  },
+};

package/src/oauth/storage-file.ts

@@ -0,0 +1,77 @@
+import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'node:crypto';
+import { readFileSync, writeFileSync, existsSync, mkdirSync } from 'node:fs';
+import { homedir, hostname } from 'node:os';
+import { join } from 'node:path';
+import type { StoredToken, TokenStore } from './types.js';
+
+const ALGORITHM = 'aes-256-cbc';
+const KEY_LENGTH = 32;
+const IV_LENGTH = 16;
+
+function getEncryptionKey(): Buffer {
+  const machineId = [process.platform, hostname(), homedir()].join(':');
+  return scryptSync(machineId, 'llm-bridge-oauth', KEY_LENGTH);
+}
+
+function getTokenFilePath(): string {
+  const dir = join(homedir(), '.config', 'llm-bridge');
+  mkdirSync(dir, { recursive: true });
+  return join(dir, 'tokens.enc');
+}
+
+function encrypt(data: string): string {
+  const iv = randomBytes(IV_LENGTH);
+  const cipher = createCipheriv(ALGORITHM, getEncryptionKey(), iv);
+  let encrypted = cipher.update(data, 'utf8', 'hex');
+  encrypted += cipher.final('hex');
+  return iv.toString('hex') + ':' + encrypted;
+}
+
+function decrypt(encryptedData: string): string {
+  const [ivHex, encrypted] = encryptedData.split(':');
+  const iv = Buffer.from(ivHex, 'hex');
+  const decipher = createDecipheriv(ALGORITHM, getEncryptionKey(), iv);
+  let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+  decrypted += decipher.final('utf8');
+  return decrypted;
+}
+
+export function createFileStore(): TokenStore {
+  return {
+    async set(provider: string, token: StoredToken): Promise<void> {
+      const file = getTokenFilePath();
+      const existing: Record<string, StoredToken> = existsSync(file)
+        ? JSON.parse(decrypt(readFileSync(file, 'utf8')))
+        : {};
+      existing[provider] = token;
+      writeFileSync(file, encrypt(JSON.stringify(existing)));
+    },
+
+    async get(provider: string): Promise<StoredToken | null> {
+      const file = getTokenFilePath();
+      if (!existsSync(file)) return null;
+      try {
+        const existing: Record<string, StoredToken> = JSON.parse(
+          decrypt(readFileSync(file, 'utf8')),
+        );
+        return existing[provider] ?? null;
+      } catch {
+        return null;
+      }
+    },
+
+    async delete(provider: string): Promise<void> {
+      const file = getTokenFilePath();
+      if (!existsSync(file)) return;
+      try {
+        const existing: Record<string, StoredToken> = JSON.parse(
+          decrypt(readFileSync(file, 'utf8')),
+        );
+        delete existing[provider];
+        writeFileSync(file, encrypt(JSON.stringify(existing)));
+      } catch {
+        // Ignore errors on delete
+      }
+    },
+  };
+}

package/src/oauth/storage.ts

@@ -0,0 +1,6 @@
+import type { TokenStore } from './types.js';
+import { createFileStore } from './storage-file.js';
+
+export function createTokenStore(): TokenStore {
+  return createFileStore();
+}

package/src/oauth/types.ts

@@ -0,0 +1,50 @@
+export interface OAuthProvider {
+  id: string;
+  name: string;
+  authUrl: string;
+  tokenUrl: string;
+  scopes: string[];
+  clientId: string;
+  deviceFlow?: boolean;
+}
+
+export interface StoredToken {
+  version: 1;
+  accessToken: string;
+  refreshToken?: string;
+  expiresAt: number;
+  scopes: string[];
+}
+
+export interface TokenStore {
+  set(provider: string, token: StoredToken): Promise<void>;
+  get(provider: string): Promise<StoredToken | null>;
+  delete(provider: string): Promise<void>;
+}
+
+export interface OAuthConfig {
+  provider: OAuthProvider;
+  store: TokenStore;
+  onRefresh?: (newToken: StoredToken) => Promise<void>;
+  redirectUri?: string;
+}
+
+export interface PKCEState {
+  codeVerifier: string;
+  codeChallenge: string;
+  state: string;
+}
+
+export interface DeviceCodeResponse {
+  deviceCode: string;
+  userCode: string;
+  verificationUri: string;
+  expiresIn: number;
+  interval: number;
+}
+
+export interface RefreshQueueEntry {
+  promise: Promise<StoredToken>;
+  resolve: (token: StoredToken) => void;
+  reject: (error: Error) => void;
+}

package/src/plugins/copilot/auth.ts

@@ -0,0 +1,39 @@
+import type { CopilotConfig } from './types.js';
+import { createTokenStore } from '../../oauth/index.js';
+
+const COPILOT_API_BASE = 'https://api.github.com';
+
+export async function validateToken(token: string): Promise<boolean> {
+  try {
+    const response = await fetch(`${COPILOT_API_BASE}/copilot_internal/v2/token`, {
+      method: 'GET',
+      headers: {
+        Authorization: `Bearer ${token}`,
+        Accept: 'application/json',
+      },
+    });
+    return response.ok;
+  } catch {
+    return false;
+  }
+}
+
+export async function getToken(config: CopilotConfig): Promise<string | null> {
+  if (config.COPILOT_TOKEN) return config.COPILOT_TOKEN;
+
+  const store = createTokenStore();
+  const token = await store.get('copilot');
+  if (token && Date.now() < token.expiresAt) {
+    return token.accessToken;
+  }
+
+  return config.COPILOT_OAUTH_TOKEN ?? null;
+}
+
+export async function refreshOAuthToken(
+  _refreshToken: string,
+  _clientId: string,
+  _clientSecret: string,
+): Promise<{ accessToken: string; refreshToken: string } | null> {
+  return null;
+}

package/src/plugins/copilot/index.ts

@@ -0,0 +1,5 @@
+export { CopilotBridgePlugin } from './plugin.js';
+export { CopilotBridgeSession } from './session.js';
+export type { CopilotModel, CopilotConfig } from './types.js';
+export { COPILOT_MODELS } from './types.js';
+export { validateToken, getToken } from './auth.js';

package/src/plugins/copilot/plugin.ts

@@ -0,0 +1,31 @@
+import type { BridgePlugin, BridgeSession, ModelInfo } from '../../core/index.js';
+import { CopilotBridgeSession } from './session.js';
+import { COPILOT_MODELS, type CopilotConfig } from './types.js';
+import { validateToken, getToken } from './auth.js';
+
+export class CopilotBridgePlugin implements BridgePlugin {
+  name = 'copilot';
+  version = '2.0.0';
+
+  async authenticate(config: Record<string, string>): Promise<boolean> {
+    const token = await getToken(config as CopilotConfig);
+    if (!token) return false;
+    return validateToken(token);
+  }
+
+  async listModels(config: Record<string, string>): Promise<ModelInfo[]> {
+    const token = await getToken(config as CopilotConfig);
+    if (!token) throw new Error('Missing COPILOT_TOKEN');
+    return COPILOT_MODELS.map((m) => ({
+      id: m.id,
+      name: m.name,
+      capabilities: m.capabilities,
+    }));
+  }
+
+  async createSession(config: Record<string, string>, model: string): Promise<BridgeSession> {
+    const token = await getToken(config as CopilotConfig);
+    if (!token) throw new Error('Missing COPILOT_TOKEN');
+    return new CopilotBridgeSession(token, model);
+  }
+}

package/src/plugins/copilot/session.ts

@@ -0,0 +1,130 @@
+import type { BridgeSession, Message, ToolDefinition, StreamChunk } from '../../core/index.js';
+import { translateTools } from './tools.js';
+
+const COPILOT_API_BASE = 'https://api.github.com';
+
+export class CopilotBridgeSession implements BridgeSession {
+  private token: string;
+  private modelId: string;
+
+  constructor(token: string, modelId: string) {
+    this.token = token;
+    this.modelId = modelId;
+  }
+
+  async *send(messages: Message[], tools?: ToolDefinition[]): AsyncIterable<StreamChunk> {
+    const body = {
+      model: this.modelId,
+      messages: messages.map((m) => ({
+        role: m.role,
+        content: m.content ?? '',
+        ...(m.tool_calls && { tool_calls: m.tool_calls }),
+        ...(m.tool_call_id && { tool_call_id: m.tool_call_id }),
+      })),
+      ...(tools && { tools: translateTools(tools) }),
+      stream: true,
+    };
+
+    try {
+      const response = await fetch(`${COPILOT_API_BASE}/copilot_internal/chat/completions`, {
+        method: 'POST',
+        headers: {
+          Authorization: `Bearer ${this.token}`,
+          'Content-Type': 'application/json',
+          Accept: 'text/event-stream',
+        },
+        body: JSON.stringify(body),
+      });
+
+      if (!response.ok) {
+        const errorText = await response.text();
+        yield {
+          type: 'error',
+          content: `Copilot API error: ${response.status} ${errorText}`,
+          finishReason: 'error',
+        };
+        return;
+      }
+
+      const reader = response.body?.getReader();
+      if (!reader) {
+        yield { type: 'error', content: 'No response body', finishReason: 'error' };
+        return;
+      }
+
+      const decoder = new TextDecoder();
+      let buffer = '';
+      let finished = false;
+
+      while (true) {
+        const { done, value } = await reader.read();
+        if (done) break;
+
+        buffer += decoder.decode(value, { stream: true });
+        const lines = buffer.split(/\r?\n/);
+        buffer = lines.pop() ?? '';
+
+        for (const line of lines) {
+          const trimmed = line.trim();
+          if (!trimmed || !trimmed.startsWith('data:')) continue;
+
+          const data = trimmed.slice(5).trim();
+          if (data === '[DONE]') {
+            if (!finished) {
+              yield { type: 'done', finishReason: 'stop' };
+            }
+            return;
+          }
+
+          try {
+            const parsed = JSON.parse(data);
+            const delta = parsed.choices?.[0]?.delta;
+
+            if (delta?.content) {
+              yield { type: 'text', content: delta.content };
+            }
+
+            if (delta?.tool_calls) {
+              for (const tc of delta.tool_calls) {
+                yield {
+                  type: 'tool_call',
+                  toolCall: {
+                    id: tc.id ?? '',
+                    name: tc.function?.name ?? '',
+                    arguments: tc.function?.arguments ?? '',
+                  },
+                };
+              }
+            }
+
+            if (parsed.choices?.[0]?.finish_reason && !finished) {
+              const reason = parsed.choices[0].finish_reason;
+              const finishReason =
+                reason === 'stop'
+                  ? 'stop'
+                  : reason === 'tool_calls'
+                    ? 'tool_calls'
+                    : reason === 'length'
+                      ? 'length'
+                      : 'error';
+              yield {
+                type: 'done',
+                finishReason,
+              };
+              finished = true;
+            }
+          } catch {
+            // Skip malformed SSE data
+          }
+        }
+      }
+    } catch (e) {
+      const msg = e instanceof Error ? e.message : String(e);
+      yield { type: 'error', content: msg, finishReason: 'error' };
+    }
+  }
+
+  async dispose(): Promise<void> {
+    // No persistent connections to dispose
+  }
+}

package/src/plugins/copilot/tools.ts

@@ -0,0 +1,21 @@
+import type { ToolDefinition } from '../../core/index.js';
+
+export interface CopilotTool {
+  type: 'function';
+  function: {
+    name: string;
+    description?: string;
+    parameters: Record<string, unknown>;
+  };
+}
+
+export function translateTools(tools: ToolDefinition[]): CopilotTool[] {
+  return tools.map((tool) => ({
+    type: 'function' as const,
+    function: {
+      name: tool.function.name,
+      description: tool.function.description,
+      parameters: tool.function.parameters as Record<string, unknown>,
+    },
+  }));
+}

package/src/plugins/copilot/types.ts

@@ -0,0 +1,43 @@
+export interface CopilotModel {
+  id: string;
+  name: string;
+  capabilities: {
+    streaming: boolean;
+    tools: boolean;
+    vision?: boolean;
+  };
+}
+
+export const COPILOT_MODELS: CopilotModel[] = [
+  {
+    id: 'gpt-4-copilot',
+    name: 'GPT-4 (Copilot)',
+    capabilities: { streaming: true, tools: true },
+  },
+  {
+    id: 'gpt-4o-copilot',
+    name: 'GPT-4o (Copilot)',
+    capabilities: { streaming: true, tools: true },
+  },
+  {
+    id: 'claude-3.5-sonnet-copilot',
+    name: 'Claude 3.5 Sonnet (Copilot)',
+    capabilities: { streaming: true, tools: true },
+  },
+  {
+    id: 'o1-copilot',
+    name: 'o1 (Copilot)',
+    capabilities: { streaming: true, tools: true },
+  },
+  {
+    id: 'o1-mini-copilot',
+    name: 'o1-mini (Copilot)',
+    capabilities: { streaming: true, tools: false },
+  },
+];
+
+export interface CopilotConfig {
+  COPILOT_TOKEN?: string;
+  COPILOT_OAUTH_TOKEN?: string;
+  COPILOT_OAUTH_REFRESH_TOKEN?: string;
+}

package/src/plugins/cursor/index.ts

@@ -0,0 +1,2 @@
+export { CursorBridgePlugin } from './plugin.js';
+export { CursorBridgeSession } from './session.js';

package/src/plugins/cursor/plugin.ts

@@ -0,0 +1,37 @@
+import { Cursor } from '@cursor/sdk';
+import type { BridgePlugin, BridgeSession, ModelInfo } from '../../core/index.js';
+import { CursorBridgeSession } from './session.js';
+
+export class CursorBridgePlugin implements BridgePlugin {
+  name = 'cursor';
+  version = '2.0.0';
+
+  async authenticate(config: Record<string, string>): Promise<boolean> {
+    const apiKey = config.CURSOR_API_KEY;
+    if (!apiKey) return false;
+    try {
+      await Cursor.me({ apiKey });
+      return true;
+    } catch {
+      return false;
+    }
+  }
+
+  async listModels(config: Record<string, string>): Promise<ModelInfo[]> {
+    const apiKey = config.CURSOR_API_KEY;
+    if (!apiKey) throw new Error('Missing CURSOR_API_KEY');
+    const models = await Cursor.models.list({ apiKey });
+    return models.map((m) => ({
+      id: m.id,
+      name: m.id,
+      capabilities: { streaming: true, tools: true },
+    }));
+  }
+
+  async createSession(config: Record<string, string>, model: string): Promise<BridgeSession> {
+    const apiKey = config.CURSOR_API_KEY;
+    if (!apiKey) throw new Error('Missing CURSOR_API_KEY');
+    const cwd = config.CURSOR_OPENCODE_BRIDGE_CWD ?? process.cwd();
+    return new CursorBridgeSession(apiKey, model, cwd);
+  }
+}

package/src/plugins/cursor/session.ts

@@ -0,0 +1,78 @@
+import { Agent } from '@cursor/sdk';
+import type { SDKAgent, SendOptions } from '@cursor/sdk';
+import type { BridgeSession, Message, ToolDefinition, StreamChunk } from '../../core/index.js';
+import { translateTools } from './tools.js';
+
+export class CursorBridgeSession implements BridgeSession {
+  private agent: SDKAgent | null = null;
+  private apiKey: string;
+  private modelId: string;
+  private cwd: string;
+
+  constructor(apiKey: string, modelId: string, cwd: string = process.cwd()) {
+    this.apiKey = apiKey;
+    this.modelId = modelId;
+    this.cwd = cwd;
+  }
+
+  async *send(messages: Message[], tools?: ToolDefinition[]): AsyncIterable<StreamChunk> {
+    const prompt = this.buildPrompt(messages);
+    const cursorTools = tools ? translateTools(tools) : undefined;
+
+    try {
+      this.agent = await Agent.create({
+        apiKey: this.apiKey,
+        model: { id: this.modelId },
+        local: { cwd: this.cwd, settingSources: [] },
+      });
+
+      const sendOptions: SendOptions = {
+        model: { id: this.modelId },
+        onDelta: ({ update }) => {
+          if (update.type === 'text-delta' && 'text' in update && update.text) {
+            // onDelta is synchronous callback, we buffer and yield in the loop
+          }
+        },
+      };
+
+      const run = await this.agent.send(prompt, sendOptions);
+
+      const result = await run.wait();
+      if (result.status === 'error' || result.status === 'cancelled') {
+        yield {
+          type: 'error',
+          content: `Agent run ${result.status}: ${result.result ?? 'no details'}`,
+          finishReason: 'error',
+        };
+        return;
+      }
+
+      yield { type: 'text', content: result.result ?? '', finishReason: 'stop' };
+    } catch (e) {
+      const msg = e instanceof Error ? e.message : String(e);
+      yield { type: 'error', content: msg, finishReason: 'error' };
+    }
+  }
+
+  async dispose(): Promise<void> {
+    if (this.agent) {
+      try {
+        await this.agent[Symbol.asyncDispose]();
+      } catch {
+        // Ignore dispose errors
+      }
+      this.agent = null;
+    }
+  }
+
+  private buildPrompt(messages: Message[]): string {
+    const blocks: string[] = [];
+    for (const m of messages) {
+      const text = typeof m.content === 'string' ? m.content : '';
+      if (!text) continue;
+      const label = m.role === 'tool' ? `tool (${m.tool_call_id ?? m.name ?? 'result'})` : m.role;
+      blocks.push(`[${label}]\n${text}`);
+    }
+    return `\nFollow this conversation transcript and reply as the assistant.\n\n${blocks.join('\n\n---\n\n')}\n`;
+  }
+}

package/src/plugins/cursor/tools.ts

@@ -0,0 +1,25 @@
+import type { ToolDefinition } from '../../core/index.js';
+
+export interface CursorTool {
+  type: 'function';
+  function: {
+    name: string;
+    description?: string;
+    parameters: Record<string, unknown>;
+  };
+}
+
+export function translateTools(tools: ToolDefinition[]): CursorTool[] {
+  return tools.map((tool) => ({
+    type: 'function' as const,
+    function: {
+      name: tool.function.name,
+      description: tool.function.description,
+      parameters: tool.function.parameters as Record<string, unknown>,
+    },
+  }));
+}
+
+export function translateToolResult(toolCallId: string, result: string): string {
+  return `[tool result for ${toolCallId}]\n${result}`;
+}

package/src/plugins/windsurf/auth.ts

@@ -0,0 +1,23 @@
+import type { WindsurfConfig } from './types.js';
+
+const WINDSURF_API_BASE = 'https://server.codeium.com';
+
+export function getToken(config: WindsurfConfig): string | null {
+  return config.WINDSURF_TOKEN ?? config.WINDSURF_OAUTH_TOKEN ?? null;
+}
+
+export async function validateToken(token: string): Promise<boolean> {
+  try {
+    const response = await fetch(`${WINDSURF_API_BASE}/api/v1/validate_token`, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        Authorization: `Bearer ${token}`,
+      },
+      body: JSON.stringify({ token }),
+    });
+    return response.ok;
+  } catch {
+    return false;
+  }
+}