@aryee337/aery-ai 0.1.148 → 0.2.10

package/dist/types/utils/idle-iterator.d.ts

@@ -0,0 +1,78 @@
+/**
+ * Returns the idle timeout used for provider streaming transports.
+ *
+ * `PI_OPENAI_STREAM_IDLE_TIMEOUT_MS` is accepted as a backward-compatible alias.
+ * Set `PI_STREAM_IDLE_TIMEOUT_MS=0` to disable the watchdog.
+ *
+ * Providers that legitimately stream much slower than the global default can pass
+ * `fallbackMs` to widen the floor used when neither env var nor caller option is set.
+ * Caller options still take precedence; env overrides still trump the fallback.
+ */
+export declare function getStreamIdleTimeoutMs(fallbackMs?: number): number | undefined;
+/**
+ * Returns the idle timeout used for OpenAI-family streaming transports.
+ *
+ * `PI_OPENAI_STREAM_IDLE_TIMEOUT_MS` takes precedence over the generic
+ * `PI_STREAM_IDLE_TIMEOUT_MS` because some deployments tune OpenAI-compatible
+ * backends separately from Anthropic/Gemini-style transports.
+ *
+ * Set `PI_OPENAI_STREAM_IDLE_TIMEOUT_MS=0` to disable the watchdog.
+ */
+export declare function getOpenAIStreamIdleTimeoutMs(fallbackMs?: number): number | undefined;
+/**
+ * Returns the timeout used while waiting for the first stream event.
+ * The first token can legitimately take longer than later inter-event gaps,
+ * so the default never undershoots the steady-state idle timeout.
+ *
+ * Set `PI_STREAM_FIRST_EVENT_TIMEOUT_MS=0` to disable the watchdog.
+ *
+ * Providers whose first response can legitimately take longer (heavy reasoning,
+ * slow cold-start proxies) can pass `fallbackMs` to widen the floor used when
+ * neither env var nor caller option is set. Caller options still take precedence;
+ * env overrides still trump the fallback.
+ */
+export declare function getStreamFirstEventTimeoutMs(idleTimeoutMs?: number, fallbackMs?: number): number | undefined;
+/**
+ * Returns the first-event timeout used for OpenAI-family streaming transports.
+ *
+ * Precedence: explicit `PI_OPENAI_STREAM_FIRST_EVENT_TIMEOUT_MS` (including a
+ * `"0"` disable) wins outright. Otherwise the resolved idle (caller-supplied
+ * `idleTimeoutMs` — which itself already encompasses per-call
+ * `streamIdleTimeoutMs` or `PI_OPENAI_STREAM_IDLE_TIMEOUT_MS` resolved
+ * upstream) floors the first-event budget so slow local OpenAI-compatible
+ * servers are not undercut by a shorter `PI_STREAM_FIRST_EVENT_TIMEOUT_MS`
+ * or the global default during prompt processing.
+ *
+ * Returns `undefined` when an explicit env knob disables the watchdog.
+ */
+export declare function getOpenAIStreamFirstEventTimeoutMs(idleTimeoutMs?: number, fallbackMs?: number): number | undefined;
+export interface IdleTimeoutIteratorOptions {
+    idleTimeoutMs?: number;
+    firstItemTimeoutMs?: number;
+    errorMessage: string;
+    firstItemErrorMessage?: string;
+    onIdle?: () => void;
+    onFirstItemTimeout?: () => void;
+    /**
+     * Optional semantic-progress predicate. Non-progress items are still yielded,
+     * but they do not reset the idle deadline. This prevents provider
+     * keepalive/no-op events from keeping a stalled tool call alive forever.
+     */
+    isProgressItem?: (item: unknown) => boolean;
+    /**
+     * Cancel iteration as soon as this signal aborts. Required for caller-driven
+     * cancellation (ESC) when the underlying transport does not surface signal
+     * aborts to the iterator (HTTP/2 proxies, native sockets, mocked fetch).
+     * Without this, the consumer sleeps on iterator.next() until the idle/first
+     * -event watchdog fires — observable as the issue #912 "Working… forever"
+     * symptom on the github-copilot provider.
+     */
+    abortSignal?: AbortSignal;
+}
+/**
+ * Yields items from an async iterable while enforcing a maximum idle gap between items.
+ *
+ * The first item may use a shorter timeout so stuck requests can be aborted and retried
+ * before any user-visible content has streamed.
+ */
+export declare function iterateWithIdleTimeout<T>(iterable: AsyncIterable<T>, options: IdleTimeoutIteratorOptions): AsyncGenerator<T>;

package/dist/types/utils/json-parse.d.ts

@@ -0,0 +1,37 @@
+export declare function repairJson(json: string): string;
+export declare function parseJsonWithRepair<T>(json: string): T;
+/**
+ * Attempts to parse potentially incomplete JSON during streaming.
+ * Always returns a valid object, even if the JSON is incomplete.
+ *
+ * @param partialJson The partial JSON string from streaming
+ * @returns Parsed object or empty object if parsing fails
+ */
+export declare function parseStreamingJson<T = Record<string, unknown>>(partialJson: string | undefined): T;
+/**
+ * Default minimum byte growth before `parseStreamingJsonThrottled` will
+ * re-parse a streaming tool-call argument buffer. Bounds the mid-stream
+ * partial-parse cost from quadratic to linear in N.
+ */
+export declare const STREAMING_JSON_PARSE_MIN_GROWTH = 256;
+/**
+ * Throttled variant of {@link parseStreamingJson} for the per-delta hot path.
+ *
+ * Tool calls arrive as a long sequence of small deltas — calling
+ * `parseStreamingJson(buffer)` on every delta re-parses the entire buffer
+ * each time, giving O(N²) work in the total buffer length. Throttling skips
+ * the re-parse until at least `minGrowthBytes` of new content has arrived
+ * since the last successful parse, bounding mid-stream cost to O(N).
+ *
+ * Each provider tracks the last parsed length on its tool-call block, so the
+ * final `toolcall_end` parse (which providers already perform unconditionally)
+ * is the authoritative full parse — the throttle only delays mid-stream UI
+ * updates by at most `minGrowthBytes` of accumulated partial content.
+ *
+ * @returns the parsed object plus the new `parsedLen` to persist; or `null`
+ *          when the buffer has not grown enough to warrant a re-parse.
+ */
+export declare function parseStreamingJsonThrottled<T = Record<string, unknown>>(partialJson: string | undefined, lastParsedLen: number, minGrowthBytes?: number): {
+    value: T;
+    parsedLen: number;
+} | null;

package/dist/types/utils/oauth/__tests__/xai-oauth.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/types/utils/oauth/alibaba-coding-plan.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Alibaba Coding Plan login flow.
+ *
+ * Alibaba Coding Plan provides OpenAI-compatible models via https://coding-intl.dashscope.aliyuncs.com/v1.
+ *
+ * This is not OAuth - it's a simple API key flow:
+ * 1. Open browser to Alibaba Cloud DashScope API key settings
+ * 2. User copies their API key
+ * 3. User pastes the API key into the CLI
+ */
+import type { OAuthController } from "./types";
+/**
+ * Login to Alibaba Coding Plan.
+ *
+ * Opens browser to API keys page, prompts user to paste their API key.
+ * Returns the API key directly (not OAuthCredentials - this isn't OAuth).
+ */
+export declare function loginAlibabaCodingPlan(options: OAuthController): Promise<string>;

package/dist/types/utils/oauth/anthropic.d.ts

@@ -0,0 +1,22 @@
+/**
+ * Anthropic OAuth flow (Claude Pro/Max)
+ */
+import { OAuthCallbackFlow } from "./callback-server";
+import type { OAuthController, OAuthCredentials } from "./types";
+export declare class AnthropicOAuthFlow extends OAuthCallbackFlow {
+    #private;
+    constructor(ctrl: OAuthController);
+    generateAuthUrl(state: string, redirectUri: string): Promise<{
+        url: string;
+        instructions?: string;
+    }>;
+    exchangeToken(code: string, state: string, redirectUri: string): Promise<OAuthCredentials>;
+}
+/**
+ * Login with Anthropic OAuth
+ */
+export declare function loginAnthropic(ctrl: OAuthController): Promise<OAuthCredentials>;
+/**
+ * Refresh Anthropic OAuth token
+ */
+export declare function refreshAnthropicToken(refreshToken: string): Promise<OAuthCredentials>;

package/dist/types/utils/oauth/api-key-login.d.ts

@@ -0,0 +1,35 @@
+/**
+ * Shared factory for API-key-paste "login" flows.
+ *
+ * Several providers (Cerebras, Synthetic, Moonshot, Together, NanoGPT, ZenMux)
+ * don't actually implement OAuth — they just ask the user to paste an API key,
+ * optionally validate it, and return the trimmed key.
+ */
+import type { OAuthController } from "./types";
+type ChatCompletionsValidation = {
+    kind: "chat-completions";
+    provider: string;
+    baseUrl: string;
+    model: string;
+};
+type ModelsEndpointValidation = {
+    kind: "models-endpoint";
+    provider: string;
+    modelsUrl: string;
+};
+export type ApiKeyLoginConfig = {
+    /** Display name used in error messages, e.g. "Cerebras", "NanoGPT". */
+    providerLabel: string;
+    /** URL opened in browser for the user to grab their key. */
+    authUrl: string;
+    /** Instructions shown with the onAuth callback. */
+    instructions: string;
+    /** Prompt message shown when asking for the key paste. */
+    promptMessage: string;
+    /** Placeholder string for the prompt (e.g. "sk-...", "csk-..."). */
+    placeholder: string;
+    /** Validation strategy, or `null` to skip validation. */
+    validation: ChatCompletionsValidation | ModelsEndpointValidation | null;
+};
+export declare function createApiKeyLogin(config: ApiKeyLoginConfig): (options: OAuthController) => Promise<string>;
+export {};

package/dist/types/utils/oauth/api-key-validation.d.ts

@@ -0,0 +1,27 @@
+type OpenAICompatibleValidationOptions = {
+    provider: string;
+    apiKey: string;
+    baseUrl: string;
+    model: string;
+    signal?: AbortSignal;
+};
+type ModelListValidationOptions = {
+    provider: string;
+    apiKey: string;
+    modelsUrl: string;
+    signal?: AbortSignal;
+};
+/**
+ * Validate an API key against an OpenAI-compatible chat completions endpoint.
+ *
+ * Performs a minimal request to verify credentials and endpoint access.
+ */
+export declare function validateOpenAICompatibleApiKey(options: OpenAICompatibleValidationOptions): Promise<void>;
+/**
+ * Validate an API key against a provider models endpoint.
+ *
+ * Useful for providers where access to specific models may vary by plan and
+ * should not block key validation.
+ */
+export declare function validateApiKeyAgainstModelsEndpoint(options: ModelListValidationOptions): Promise<void>;
+export {};

package/dist/types/utils/oauth/callback-server.d.ts

@@ -0,0 +1,57 @@
+import type { OAuthController, OAuthCredentials } from "./types";
+export type CallbackResult = {
+    code: string;
+    state: string;
+};
+export interface OAuthCallbackFlowOptions {
+    preferredPort: number;
+    callbackPath?: string;
+    callbackHostname?: string;
+    /** Exact redirect URI advertised to the provider; disables port fallback. */
+    redirectUri?: string;
+}
+/**
+ * Abstract base class for OAuth flows with local callback servers.
+ */
+export declare abstract class OAuthCallbackFlow {
+    #private;
+    ctrl: OAuthController;
+    preferredPort: number;
+    callbackPath: string;
+    callbackHostname: string;
+    redirectUri?: string;
+    constructor(ctrl: OAuthController, preferredPortOrOptions: number | OAuthCallbackFlowOptions, callbackPath?: string);
+    /**
+     * Generate provider-specific authorization URL.
+     * @param state - CSRF state token
+     * @param redirectUri - The actual redirect URI to use (may differ from expected if port fallback occurred)
+     * @returns Authorization URL and optional instructions
+     */
+    abstract generateAuthUrl(state: string, redirectUri: string): Promise<{
+        url: string;
+        instructions?: string;
+    }>;
+    /**
+     * Exchange authorization code for OAuth tokens.
+     * @param code - Authorization code from callback
+     * @param state - CSRF state token
+     * @param redirectUri - The actual redirect URI used (must match authorization request)
+     * @returns OAuth credentials
+     */
+    abstract exchangeToken(code: string, state: string, redirectUri: string): Promise<OAuthCredentials>;
+    /**
+     * Generate CSRF state token. Override if provider needs custom state generation.
+     */
+    generateState(): string;
+    /**
+     * Execute the OAuth login flow.
+     */
+    login(): Promise<OAuthCredentials>;
+}
+/**
+ * Parse a redirect URL or code string to extract code and state.
+ */
+export declare function parseCallbackInput(input: string): {
+    code?: string;
+    state?: string;
+};

package/dist/types/utils/oauth/cerebras.d.ts

@@ -0,0 +1 @@
+export declare const loginCerebras: (options: import("./types").OAuthController) => Promise<string>;

package/dist/types/utils/oauth/cloudflare-ai-gateway.d.ts

@@ -0,0 +1,18 @@
+/**
+ * Cloudflare AI Gateway login flow.
+ *
+ * Cloudflare AI Gateway proxies upstream model providers.
+ *
+ * This is not OAuth - it's a simple API key flow:
+ * 1. Open Cloudflare AI Gateway docs/dashboard
+ * 2. User copies their Cloudflare AI Gateway token/API key
+ * 3. User pastes the API key into the CLI
+ */
+import type { OAuthController } from "./types";
+/**
+ * Login to Cloudflare AI Gateway.
+ *
+ * Opens browser to Cloudflare AI Gateway authentication docs and prompts for a gateway token/API key.
+ * Returns the API key directly (not OAuthCredentials - this isn't OAuth).
+ */
+export declare function loginCloudflareAiGateway(options: OAuthController): Promise<string>;

package/dist/types/utils/oauth/cursor.d.ts

@@ -0,0 +1,15 @@
+import type { OAuthCredentials } from "./types";
+export interface CursorAuthParams {
+    verifier: string;
+    challenge: string;
+    uuid: string;
+    loginUrl: string;
+}
+export declare function generateCursorAuthParams(): Promise<CursorAuthParams>;
+export declare function pollCursorAuth(uuid: string, verifier: string): Promise<{
+    accessToken: string;
+    refreshToken: string;
+}>;
+export declare function loginCursor(onAuthUrl: (url: string) => void, onPollStart?: () => void): Promise<OAuthCredentials>;
+export declare function refreshCursorToken(apiKeyOrRefreshToken: string): Promise<OAuthCredentials>;
+export declare function isCursorTokenExpiringSoon(token: string, thresholdSeconds?: number): boolean;

package/dist/types/utils/oauth/deepseek.d.ts

@@ -0,0 +1,10 @@
+import type { OAuthController } from "./types";
+/**
+ * Normalize a pasted DeepSeek API key.
+ *
+ * Users frequently copy keys out of `curl` snippets that include the
+ * `Authorization: Bearer …` prefix. Strip it so validation does not fail
+ * with a confusing 401, and reject obviously empty input early.
+ */
+export declare function normalizeDeepSeekApiKey(raw: string): string;
+export declare const loginDeepSeek: (options: OAuthController) => Promise<string>;

package/dist/types/utils/oauth/firepass.d.ts

@@ -0,0 +1 @@
+export declare const loginFirepass: (options: import("./types").OAuthController) => Promise<string>;

package/dist/types/utils/oauth/fireworks.d.ts

@@ -0,0 +1 @@
+export declare const loginFireworks: (options: import("./types").OAuthController) => Promise<string>;

package/dist/types/utils/oauth/github-copilot.d.ts

@@ -0,0 +1,38 @@
+import type { OAuthCredentials } from "./types";
+export declare const COPILOT_USER_AGENT: "opencode/1.3.15";
+export declare const OPENCODE_HEADERS: {
+    readonly "User-Agent": "opencode/1.3.15";
+};
+export type ParsedGitHubCopilotApiKey = {
+    accessToken: string;
+    enterpriseUrl?: string;
+};
+export declare function normalizeGitHubCopilotEnterpriseDomain(input: string | undefined): string | undefined;
+export declare function parseGitHubCopilotApiKey(apiKeyRaw: string): ParsedGitHubCopilotApiKey;
+export declare function normalizeDomain(input: string): string | null;
+export declare function getGitHubCopilotBaseUrl(enterpriseDomain?: string): string;
+/**
+ * Refresh GitHub Copilot token.
+ * With the opencode OAuth flow, the GitHub token is used directly — no JWT exchange needed.
+ */
+export declare function refreshGitHubCopilotToken(refreshToken: string, enterpriseDomain?: string): OAuthCredentials;
+/**
+ * Login with GitHub Copilot OAuth (device code flow)
+ *
+ * @param options.onAuth - Callback with URL and optional instructions (user code)
+ * @param options.onPrompt - Callback to prompt user for input
+ * @param options.onProgress - Optional progress callback
+ * @param options.signal - Optional AbortSignal for cancellation
+ */
+export declare function loginGitHubCopilot(options: {
+    onAuth: (url: string, instructions?: string) => void;
+    onPrompt: (prompt: {
+        message: string;
+        placeholder?: string;
+        allowEmpty?: boolean;
+    }) => Promise<string>;
+    onProgress?: (message: string) => void;
+    signal?: AbortSignal;
+    pollIntervalFloorMs?: number;
+    pollIntervalScaleMs?: number;
+}): Promise<OAuthCredentials>;

package/dist/types/utils/oauth/gitlab-duo.d.ts

@@ -0,0 +1,3 @@
+import type { OAuthCredentials, OAuthLoginCallbacks } from "./types";
+export declare function loginGitLabDuo(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials>;
+export declare function refreshGitLabDuoToken(credentials: OAuthCredentials): Promise<OAuthCredentials>;

package/dist/types/utils/oauth/google-antigravity.d.ts

@@ -0,0 +1,11 @@
+import type { OAuthController, OAuthCredentials } from "./types";
+export declare const ANTIGRAVITY_LOAD_CODE_ASSIST_METADATA: Readonly<{
+    ideType: "ANTIGRAVITY";
+    platform: "PLATFORM_UNSPECIFIED";
+    pluginType: "GEMINI";
+}>;
+export declare function loginAntigravity(ctrl: OAuthController): Promise<OAuthCredentials>;
+/**
+ * Refresh Antigravity token
+ */
+export declare function refreshAntigravityToken(refreshToken: string, projectId: string): Promise<OAuthCredentials>;

package/dist/types/utils/oauth/google-gemini-cli.d.ts

@@ -0,0 +1,10 @@
+/**
+ * Gemini CLI OAuth flow (Google Cloud Code Assist)
+ * Standard Gemini models only (gemini-2.0-flash, gemini-2.5-*)
+ */
+import type { OAuthController, OAuthCredentials } from "./types";
+export declare function loginGeminiCli(ctrl: OAuthController): Promise<OAuthCredentials>;
+/**
+ * Refresh Google Cloud Code Assist token
+ */
+export declare function refreshGoogleCloudToken(refreshToken: string, projectId: string): Promise<OAuthCredentials>;

package/dist/types/utils/oauth/google-oauth-shared.d.ts

@@ -0,0 +1,28 @@
+/**
+ * Shared OAuth flow for Google-style providers (Gemini CLI, Antigravity).
+ *
+ * Both providers use the same authorization-code flow shape; only the client
+ * credentials, scopes, endpoint constants, and project-discovery logic differ.
+ */
+import { OAuthCallbackFlow } from "./callback-server";
+import type { OAuthController, OAuthCredentials } from "./types";
+export interface GoogleOAuthFlowConfig {
+    clientId: string;
+    clientSecret: string;
+    authUrl: string;
+    tokenUrl: string;
+    scopes: string[];
+    callbackPort: number;
+    callbackPath: string;
+    discoverProject: (accessToken: string, onProgress?: (message: string) => void) => Promise<string>;
+}
+export declare class GoogleOAuthFlow extends OAuthCallbackFlow {
+    private readonly config;
+    constructor(ctrl: OAuthController, config: GoogleOAuthFlowConfig);
+    generateAuthUrl(state: string, redirectUri: string): Promise<{
+        url: string;
+        instructions?: string;
+    }>;
+    exchangeToken(code: string, _state: string, redirectUri: string): Promise<OAuthCredentials>;
+}
+export declare function runGoogleOAuthLogin(ctrl: OAuthController, config: GoogleOAuthFlowConfig): Promise<OAuthCredentials>;

package/dist/types/utils/oauth/huggingface.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Hugging Face Inference login flow.
+ *
+ * Hugging Face Inference Providers expose an OpenAI-compatible endpoint via
+ * https://router.huggingface.co/v1.
+ *
+ * This is an API key flow:
+ * 1. Open browser to Hugging Face token settings
+ * 2. User creates/copies a token with Inference Providers permission
+ * 3. User pastes the token into the CLI
+ */
+import type { OAuthController } from "./types";
+/**
+ * Login to Hugging Face Inference Providers.
+ *
+ * Opens browser to token settings, prompts user to paste their API key.
+ * Returns the API key directly (not OAuthCredentials - this isn't OAuth).
+ */
+export declare function loginHuggingface(options: OAuthController): Promise<string>;

package/dist/types/utils/oauth/index.d.ts

@@ -0,0 +1,38 @@
+import type { OAuthCredentials, OAuthProvider, OAuthProviderId, OAuthProviderInfo, OAuthProviderInterface } from "./types";
+/**
+ * Register a custom OAuth provider.
+ */
+export declare function registerOAuthProvider(provider: OAuthProviderInterface): void;
+/**
+ * Get a custom OAuth provider by ID.
+ */
+export declare function getOAuthProvider(id: OAuthProviderId): OAuthProviderInterface | undefined;
+/**
+ * Remove all custom OAuth providers registered by a source.
+ */
+export declare function unregisterOAuthProviders(sourceId: string): void;
+/**
+ * Refresh token for any OAuth provider.
+ * Saves the new credentials and returns the new access token.
+ */
+export declare function refreshOAuthToken(provider: OAuthProvider, credentials: OAuthCredentials): Promise<OAuthCredentials>;
+/**
+ * Build API-key bytes for a provider from an already-fresh OAuth credential.
+ *
+ * Refresh is owned by AuthStorage. This helper deliberately refuses expired
+ * credentials so it cannot POST broker redaction sentinels to upstream token
+ * endpoints as a side channel.
+ *
+ * For providers that need credential metadata at request time, returns
+ * JSON-encoded credentials plus expiry metadata for diagnostics/edge guards.
+ * @returns API key string, or null if no credentials
+ * @throws Error if the credential is expired and must be refreshed upstream
+ */
+export declare function getOAuthApiKey(provider: OAuthProvider, credentials: Record<string, OAuthCredentials>): Promise<{
+    newCredentials: OAuthCredentials;
+    apiKey: string;
+} | null>;
+/**
+ * Get list of OAuth providers.
+ */
+export declare function getOAuthProviders(): OAuthProviderInfo[];

package/dist/types/utils/oauth/kagi.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Kagi login flow.
+ *
+ * Kagi web search uses an API key from the account settings page.
+ * This is an API key flow:
+ * 1. Open browser to Kagi API settings
+ * 2. User copies API key
+ * 3. User pastes key into CLI
+ */
+import type { OAuthController } from "./types";
+/**
+ * Login to Kagi.
+ *
+ * Opens browser to API settings and prompts user to paste their API key.
+ * Returns the API key directly (not OAuthCredentials - this isn't OAuth).
+ */
+export declare function loginKagi(options: OAuthController): Promise<string>;

package/dist/types/utils/oauth/kilo.d.ts

@@ -0,0 +1,5 @@
+import type { OAuthController, OAuthCredentials } from "./types";
+/**
+ * Login with Kilo Gateway OAuth (device code flow).
+ */
+export declare function loginKilo(callbacks: OAuthController): Promise<OAuthCredentials>;

package/dist/types/utils/oauth/kimi.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Kimi Code OAuth flow (device authorization grant)
+ */
+import type { OAuthController, OAuthCredentials } from "./types";
+export declare let getKimiCommonHeaders: () => Readonly<{
+    "User-Agent": `KimiCLI/${string}`;
+    "X-Msh-Platform": "kimi_cli";
+    "X-Msh-Version": string;
+    "X-Msh-Device-Name": string;
+    "X-Msh-Device-Model": string;
+    "X-Msh-Os-Version": string;
+    "X-Msh-Device-Id": string;
+}>;
+/**
+ * Login with Kimi Code OAuth (device code flow).
+ */
+export declare function loginKimi(options: OAuthController): Promise<OAuthCredentials>;
+/**
+ * Refresh Kimi OAuth token.
+ */
+export declare function refreshKimiToken(refreshToken: string): Promise<OAuthCredentials>;

package/dist/types/utils/oauth/litellm.d.ts

@@ -0,0 +1,18 @@
+/**
+ * LiteLLM login flow.
+ *
+ * LiteLLM is an OpenAI-compatible proxy that routes requests to many upstream providers.
+ *
+ * This is not OAuth - it's a simple API key flow:
+ * 1. Open browser to LiteLLM docs/dashboard
+ * 2. User copies their LiteLLM API key
+ * 3. User pastes the API key into the CLI
+ */
+import type { OAuthController } from "./types";
+/**
+ * Login to LiteLLM.
+ *
+ * Opens browser to LiteLLM setup docs, prompts user to paste their API key.
+ * Returns the API key directly (not OAuthCredentials - this isn't OAuth).
+ */
+export declare function loginLiteLLM(options: OAuthController): Promise<string>;

package/dist/types/utils/oauth/lm-studio.d.ts

@@ -0,0 +1,17 @@
+/**
+ * LM Studio login flow.
+ *
+ * LM Studio provides an OpenAI-compatible API at a local base URL.
+ * It usually runs unauthenticated but can be configured to require a bearer token.
+ *
+ * This flow stores an API-key-style credential used by `/login` and auth storage.
+ */
+import type { OAuthController } from "./types";
+export declare const DEFAULT_LOCAL_TOKEN = "lm-studio-local";
+/**
+ * Login to LM Studio.
+ *
+ * Opens LM Studio API docs, prompts for an optional token,
+ * and returns a stored key value.
+ */
+export declare function loginLmStudio(options: OAuthController): Promise<string>;

package/dist/types/utils/oauth/minimax-code.d.ts

@@ -0,0 +1,28 @@
+/**
+ * MiniMax Coding Plan login flow.
+ *
+ * MiniMax Coding Plan is a subscription service that provides access to
+ * MiniMax models (M2, M2.1) through an OpenAI-compatible API.
+ *
+ * This is not OAuth - it's a simple API key flow:
+ * 1. Open browser to https://platform.minimax.io/subscribe/coding-plan
+ * 2. User subscribes and copies their API key
+ * 3. User pastes the API key back into the CLI
+ *
+ * International: https://api.minimax.io/v1
+ * China: https://api.minimaxi.com/v1
+ */
+import type { OAuthController } from "./types";
+/**
+ * Login to MiniMax Coding Plan (international).
+ *
+ * Opens browser to subscription page, prompts user to paste their API key.
+ * Returns the API key directly (not OAuthCredentials - this isn't OAuth).
+ */
+export declare function loginMiniMaxCode(options: OAuthController): Promise<string>;
+/**
+ * Login to MiniMax Coding Plan (China).
+ *
+ * Same flow as international but uses China endpoint.
+ */
+export declare function loginMiniMaxCodeCn(options: OAuthController): Promise<string>;

package/dist/types/utils/oauth/moonshot.d.ts

@@ -0,0 +1 @@
+export declare const loginMoonshot: (options: import("./types").OAuthController) => Promise<string>;

package/dist/types/utils/oauth/nanogpt.d.ts

@@ -0,0 +1 @@
+export declare const loginNanoGPT: (options: import("./types").OAuthController) => Promise<string>;

package/dist/types/utils/oauth/nvidia.d.ts

@@ -0,0 +1,18 @@
+/**
+ * NVIDIA login flow.
+ *
+ * NVIDIA provides OpenAI-compatible models via https://integrate.api.nvidia.com/v1.
+ *
+ * This is not OAuth - it's a simple API key flow:
+ * 1. Open browser to NVIDIA NGC catalog
+ * 2. User copies their API key
+ * 3. User pastes the API key into the CLI
+ */
+import type { OAuthController } from "./types";
+/**
+ * Login to NVIDIA.
+ *
+ * Opens browser to NVIDIA dashboard, prompts user to paste their API key.
+ * Returns the API key directly (not OAuthCredentials - this isn't OAuth).
+ */
+export declare function loginNvidia(options: OAuthController): Promise<string>;

package/dist/types/utils/oauth/ollama-cloud.d.ts

@@ -0,0 +1,2 @@
+import type { OAuthController } from "./types";
+export declare function loginOllamaCloud(options: OAuthController): Promise<string>;