npm - @aryee337/aery-ai - Versions diffs - 0.2.27 → 0.2.29 - Mend

@aryee337/aery-ai 0.2.27 → 0.2.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (417) hide show

package/CHANGELOG.md +2914 -0
package/README.md +614 -813
package/package.json +140 -105
package/src/api-registry.ts +96 -0
package/src/auth-broker/client.ts +358 -0
package/src/auth-broker/index.ts +5 -0
package/src/auth-broker/refresher.ts +117 -0
package/src/auth-broker/remote-store.ts +623 -0
package/src/auth-broker/server.ts +644 -0
package/src/auth-broker/types.ts +127 -0
package/src/auth-broker/wire-schemas.ts +200 -0
package/src/auth-gateway/http.ts +194 -0
package/src/auth-gateway/index.ts +3 -0
package/src/auth-gateway/server.ts +818 -0
package/src/auth-gateway/types.ts +143 -0
package/src/auth-storage.ts +4422 -0
package/src/index.ts +54 -0
package/src/model-cache.ts +129 -0
package/src/model-manager.ts +469 -0
package/src/model-thinking.ts +782 -0
package/src/models.json +83530 -0
package/src/models.json.d.ts +9 -0
package/src/models.ts +56 -0
package/src/prompts/turn-aborted-guidance.md +4 -0
package/src/provider-details.ts +90 -0
package/src/provider-models/bundled-references.ts +38 -0
package/src/provider-models/descriptors.ts +355 -0
package/src/provider-models/google.ts +88 -0
package/src/provider-models/index.ts +5 -0
package/src/provider-models/ollama.ts +153 -0
package/src/provider-models/openai-compat.ts +2817 -0
package/src/provider-models/special.ts +67 -0
package/src/providers/aery-native-client.ts +228 -0
package/src/providers/aery-native-server.ts +212 -0
package/src/providers/amazon-bedrock.ts +873 -0
package/src/providers/anthropic-client.ts +318 -0
package/src/providers/anthropic-messages-server-schema.ts +243 -0
package/src/providers/anthropic-messages-server.ts +683 -0
package/src/providers/anthropic-wire.ts +268 -0
package/src/providers/anthropic.ts +3094 -0
package/src/providers/aws-credentials.ts +501 -0
package/src/providers/aws-eventstream.ts +185 -0
package/src/providers/aws-sigv4.ts +218 -0
package/src/providers/azure-openai-responses.ts +361 -0
package/src/providers/cursor/gen/agent_pb.ts +15274 -0
package/src/providers/cursor/proto/agent.proto +3526 -0
package/src/providers/cursor/proto/buf.gen.yaml +6 -0
package/src/providers/cursor/proto/buf.yaml +17 -0
package/src/providers/cursor.ts +2621 -0
package/src/providers/error-message.ts +21 -0
package/src/providers/github-copilot-headers.ts +140 -0
package/src/providers/gitlab-duo.ts +372 -0
package/src/providers/google-auth.ts +252 -0
package/src/providers/google-gemini-cli.ts +809 -0
package/src/providers/google-gemini-headers.ts +41 -0
package/src/providers/google-shared.ts +917 -0
package/src/providers/google-types.ts +167 -0
package/src/providers/google-vertex.ts +91 -0
package/src/providers/google.ts +41 -0
package/src/providers/grammar.ts +70 -0
package/src/providers/kimi.ts +52 -0
package/src/providers/mock.ts +496 -0
package/src/providers/ollama.ts +644 -0
package/src/providers/openai-anthropic-shim.ts +138 -0
package/src/providers/openai-chat-server-schema.ts +252 -0
package/src/providers/openai-chat-server.ts +647 -0
package/src/providers/openai-codex/constants.ts +43 -0
package/src/providers/openai-codex/request-transformer.ts +161 -0
package/src/providers/openai-codex/response-handler.ts +81 -0
package/src/providers/openai-codex-responses.ts +3018 -0
package/src/providers/openai-completions-compat.ts +300 -0
package/src/providers/openai-completions.ts +1979 -0
package/src/providers/openai-responses-server-schema.ts +290 -0
package/src/providers/openai-responses-server.ts +1183 -0
package/src/providers/openai-responses-shared.ts +873 -0
package/src/providers/openai-responses.ts +679 -0
package/src/providers/register-builtins.ts +436 -0
package/src/providers/synthetic.ts +50 -0
package/src/providers/transform-messages.ts +382 -0
package/src/providers/vision-guard.ts +31 -0
package/src/providers/xai-responses.ts +82 -0
package/src/rate-limit-utils.ts +84 -0
package/src/stream.ts +1065 -0
package/src/types.ts +944 -0
package/src/usage/claude.ts +482 -0
package/src/usage/gemini.ts +250 -0
package/src/usage/github-copilot.ts +421 -0
package/src/usage/google-antigravity.ts +201 -0
package/src/usage/kimi.ts +271 -0
package/src/usage/minimax-code.ts +31 -0
package/src/usage/openai-codex.ts +503 -0
package/src/usage/shared.ts +10 -0
package/src/usage/zai.ts +247 -0
package/src/usage.ts +185 -0
package/src/utils/abort.ts +51 -0
package/src/utils/abortable-iterator.ts +69 -0
package/src/utils/anthropic-auth.ts +93 -0
package/src/utils/discovery/antigravity.ts +261 -0
package/src/utils/discovery/codex.ts +371 -0
package/src/utils/discovery/cursor.ts +306 -0
package/src/utils/discovery/gemini.ts +248 -0
package/src/utils/discovery/index.ts +4 -0
package/src/utils/discovery/openai-compatible.ts +224 -0
package/src/utils/event-stream.ts +142 -0
package/src/utils/fireworks-model-id.ts +30 -0
package/src/utils/foundry.ts +8 -0
package/src/utils/http-inspector.ts +176 -0
package/src/utils/idle-iterator.ts +267 -0
package/src/utils/json-parse.ts +182 -0
package/src/utils/oauth/__tests__/xai-oauth.test.ts +107 -0
package/src/utils/oauth/alibaba-coding-plan.ts +59 -0
package/src/utils/oauth/anthropic.ts +273 -0
package/src/utils/oauth/api-key-login.ts +87 -0
package/src/utils/oauth/api-key-validation.ts +92 -0
package/src/utils/oauth/callback-server.ts +276 -0
package/src/utils/oauth/cerebras.ts +16 -0
package/src/utils/oauth/cloudflare-ai-gateway.ts +48 -0
package/src/utils/oauth/cursor.ts +157 -0
package/src/utils/oauth/deepseek.ts +53 -0
package/src/utils/oauth/firepass.ts +24 -0
package/src/utils/oauth/fireworks.ts +15 -0
package/src/utils/oauth/github-copilot.ts +362 -0
package/src/utils/oauth/gitlab-duo.ts +123 -0
package/src/utils/oauth/google-antigravity.ts +200 -0
package/src/utils/oauth/google-gemini-cli.ts +256 -0
package/src/utils/oauth/google-oauth-shared.ts +110 -0
package/src/utils/oauth/huggingface.ts +62 -0
package/src/utils/oauth/index.ts +484 -0
package/src/utils/oauth/kagi.ts +47 -0
package/src/utils/oauth/kilo.ts +87 -0
package/src/utils/oauth/kimi.ts +254 -0
package/src/utils/oauth/litellm.ts +47 -0
package/src/utils/oauth/lm-studio.ts +38 -0
package/src/utils/oauth/minimax-code.ts +78 -0
package/src/utils/oauth/moonshot.ts +23 -0
package/src/utils/oauth/nanogpt.ts +15 -0
package/src/utils/oauth/nvidia.ts +70 -0
package/src/utils/oauth/oauth.html +203 -0
package/src/utils/oauth/ollama-cloud.ts +28 -0
package/src/utils/oauth/ollama.ts +47 -0
package/src/utils/oauth/openai-codex.ts +299 -0
package/src/utils/oauth/opencode.ts +49 -0
package/src/utils/oauth/openrouter.ts +20 -0
package/src/utils/oauth/parallel.ts +46 -0
package/src/utils/oauth/perplexity.ts +206 -0
package/src/utils/oauth/pkce.ts +18 -0
package/src/utils/oauth/qianfan.ts +58 -0
package/src/utils/oauth/qwen-portal.ts +60 -0
package/src/utils/oauth/synthetic.ts +15 -0
package/src/utils/oauth/tavily.ts +46 -0
package/src/utils/oauth/together.ts +16 -0
package/src/utils/oauth/types.ts +99 -0
package/src/utils/oauth/venice.ts +59 -0
package/src/utils/oauth/vercel-ai-gateway.ts +47 -0
package/src/utils/oauth/vllm.ts +40 -0
package/src/utils/oauth/wafer.ts +50 -0
package/src/utils/oauth/xai-oauth.ts +342 -0
package/src/utils/oauth/xiaomi.ts +139 -0
package/src/utils/oauth/zai.ts +60 -0
package/src/utils/oauth/zenmux.ts +15 -0
package/src/utils/oauth/zhipu.ts +60 -0
package/src/utils/overflow.ts +137 -0
package/src/utils/parse-bind.ts +54 -0
package/src/utils/provider-response.ts +30 -0
package/src/utils/request-debug.ts +336 -0
package/src/utils/retry-after.ts +110 -0
package/src/utils/retry.ts +54 -0
package/src/utils/schema/CONSTRAINTS.md +164 -0
package/src/utils/schema/adapt.ts +36 -0
package/src/utils/schema/compatibility.ts +435 -0
package/src/utils/schema/dereference.ts +98 -0
package/src/utils/schema/draft.ts +341 -0
package/src/utils/schema/equality.ts +97 -0
package/src/utils/schema/fields.ts +191 -0
package/src/utils/schema/index.ts +13 -0
package/src/utils/schema/json-schema-validator.ts +577 -0
package/src/utils/schema/meta-validator.ts +167 -0
package/src/utils/schema/normalize.ts +1588 -0
package/src/utils/schema/spill.ts +43 -0
package/src/utils/schema/stamps.ts +97 -0
package/src/utils/schema/types.ts +10 -0
package/src/utils/schema/wire.ts +293 -0
package/src/utils/schema/zod-decontaminate.ts +331 -0
package/src/utils/sdk-stream-timeout.ts +43 -0
package/src/utils/sse-debug.ts +289 -0
package/src/utils/stream-markup-healing.ts +612 -0
package/src/utils/tool-choice.ts +99 -0
package/src/utils/validation.ts +1024 -0
package/src/utils.ts +166 -0
package/dist/api-registry.d.ts +0 -20
package/dist/api-registry.d.ts.map +0 -1
package/dist/api-registry.js +0 -44
package/dist/api-registry.js.map +0 -1
package/dist/bedrock-provider.d.ts +0 -5
package/dist/bedrock-provider.d.ts.map +0 -1
package/dist/bedrock-provider.js +0 -6
package/dist/bedrock-provider.js.map +0 -1
package/dist/cli.d.ts +0 -3
package/dist/cli.d.ts.map +0 -1
package/dist/cli.js +0 -130
package/dist/cli.js.map +0 -1
package/dist/env-api-keys.d.ts +0 -18
package/dist/env-api-keys.d.ts.map +0 -1
package/dist/env-api-keys.js +0 -178
package/dist/env-api-keys.js.map +0 -1
package/dist/image-models.d.ts +0 -10
package/dist/image-models.d.ts.map +0 -1
package/dist/image-models.generated.d.ts +0 -440
package/dist/image-models.generated.d.ts.map +0 -1
package/dist/image-models.generated.js +0 -442
package/dist/image-models.generated.js.map +0 -1
package/dist/image-models.js +0 -23
package/dist/image-models.js.map +0 -1
package/dist/images-api-registry.d.ts +0 -14
package/dist/images-api-registry.d.ts.map +0 -1
package/dist/images-api-registry.js +0 -22
package/dist/images-api-registry.js.map +0 -1
package/dist/images.d.ts +0 -4
package/dist/images.d.ts.map +0 -1
package/dist/images.js +0 -14
package/dist/images.js.map +0 -1
package/dist/index.d.ts +0 -32
package/dist/index.d.ts.map +0 -1
package/dist/index.js +0 -20
package/dist/index.js.map +0 -1
package/dist/models.d.ts +0 -18
package/dist/models.d.ts.map +0 -1
package/dist/models.generated.d.ts +0 -17707
package/dist/models.generated.d.ts.map +0 -1
package/dist/models.generated.js +0 -16561
package/dist/models.generated.js.map +0 -1
package/dist/models.js +0 -71
package/dist/models.js.map +0 -1
package/dist/oauth.d.ts +0 -2
package/dist/oauth.d.ts.map +0 -1
package/dist/oauth.js +0 -2
package/dist/oauth.js.map +0 -1
package/dist/providers/aery-error-formatting.d.ts +0 -13
package/dist/providers/aery-error-formatting.d.ts.map +0 -1
package/dist/providers/aery-error-formatting.js +0 -112
package/dist/providers/aery-error-formatting.js.map +0 -1
package/dist/providers/amazon-bedrock.d.ts +0 -38
package/dist/providers/amazon-bedrock.d.ts.map +0 -1
package/dist/providers/amazon-bedrock.js +0 -763
package/dist/providers/amazon-bedrock.js.map +0 -1
package/dist/providers/anthropic.d.ts +0 -71
package/dist/providers/anthropic.d.ts.map +0 -1
package/dist/providers/anthropic.js +0 -949
package/dist/providers/anthropic.js.map +0 -1
package/dist/providers/azure-openai-responses.d.ts +0 -15
package/dist/providers/azure-openai-responses.d.ts.map +0 -1
package/dist/providers/azure-openai-responses.js +0 -225
package/dist/providers/azure-openai-responses.js.map +0 -1
package/dist/providers/cloudflare.d.ts +0 -13
package/dist/providers/cloudflare.d.ts.map +0 -1
package/dist/providers/cloudflare.js +0 -26
package/dist/providers/cloudflare.js.map +0 -1
package/dist/providers/faux.d.ts +0 -56
package/dist/providers/faux.d.ts.map +0 -1
package/dist/providers/faux.js +0 -368
package/dist/providers/faux.js.map +0 -1
package/dist/providers/github-copilot-headers.d.ts +0 -8
package/dist/providers/github-copilot-headers.d.ts.map +0 -1
package/dist/providers/github-copilot-headers.js +0 -29
package/dist/providers/github-copilot-headers.js.map +0 -1
package/dist/providers/google-gemini-cli.d.ts +0 -74
package/dist/providers/google-gemini-cli.d.ts.map +0 -1
package/dist/providers/google-gemini-cli.js +0 -779
package/dist/providers/google-gemini-cli.js.map +0 -1
package/dist/providers/google-shared.d.ts +0 -70
package/dist/providers/google-shared.d.ts.map +0 -1
package/dist/providers/google-shared.js +0 -329
package/dist/providers/google-shared.js.map +0 -1
package/dist/providers/google-vertex.d.ts +0 -15
package/dist/providers/google-vertex.d.ts.map +0 -1
package/dist/providers/google-vertex.js +0 -442
package/dist/providers/google-vertex.js.map +0 -1
package/dist/providers/google.d.ts +0 -13
package/dist/providers/google.d.ts.map +0 -1
package/dist/providers/google.js +0 -400
package/dist/providers/google.js.map +0 -1
package/dist/providers/images/openrouter.d.ts +0 -3
package/dist/providers/images/openrouter.d.ts.map +0 -1
package/dist/providers/images/openrouter.js +0 -129
package/dist/providers/images/openrouter.js.map +0 -1
package/dist/providers/images/register-builtins.d.ts +0 -4
package/dist/providers/images/register-builtins.d.ts.map +0 -1
package/dist/providers/images/register-builtins.js +0 -34
package/dist/providers/images/register-builtins.js.map +0 -1
package/dist/providers/mistral.d.ts +0 -25
package/dist/providers/mistral.d.ts.map +0 -1
package/dist/providers/mistral.js +0 -535
package/dist/providers/mistral.js.map +0 -1
package/dist/providers/openai-codex-responses.d.ts +0 -30
package/dist/providers/openai-codex-responses.d.ts.map +0 -1
package/dist/providers/openai-codex-responses.js +0 -1090
package/dist/providers/openai-codex-responses.js.map +0 -1
package/dist/providers/openai-completions.d.ts +0 -19
package/dist/providers/openai-completions.d.ts.map +0 -1
package/dist/providers/openai-completions.js +0 -950
package/dist/providers/openai-completions.js.map +0 -1
package/dist/providers/openai-prompt-cache.d.ts +0 -3
package/dist/providers/openai-prompt-cache.d.ts.map +0 -1
package/dist/providers/openai-prompt-cache.js +0 -10
package/dist/providers/openai-prompt-cache.js.map +0 -1
package/dist/providers/openai-responses-shared.d.ts +0 -18
package/dist/providers/openai-responses-shared.d.ts.map +0 -1
package/dist/providers/openai-responses-shared.js +0 -492
package/dist/providers/openai-responses-shared.js.map +0 -1
package/dist/providers/openai-responses.d.ts +0 -13
package/dist/providers/openai-responses.d.ts.map +0 -1
package/dist/providers/openai-responses.js +0 -237
package/dist/providers/openai-responses.js.map +0 -1
package/dist/providers/register-builtins.d.ts +0 -38
package/dist/providers/register-builtins.d.ts.map +0 -1
package/dist/providers/register-builtins.js +0 -278
package/dist/providers/register-builtins.js.map +0 -1
package/dist/providers/simple-options.d.ts +0 -8
package/dist/providers/simple-options.d.ts.map +0 -1
package/dist/providers/simple-options.js +0 -41
package/dist/providers/simple-options.js.map +0 -1
package/dist/providers/transform-messages.d.ts +0 -8
package/dist/providers/transform-messages.d.ts.map +0 -1
package/dist/providers/transform-messages.js +0 -184
package/dist/providers/transform-messages.js.map +0 -1
package/dist/session-resources.d.ts +0 -4
package/dist/session-resources.d.ts.map +0 -1
package/dist/session-resources.js +0 -22
package/dist/session-resources.js.map +0 -1
package/dist/stream.d.ts +0 -8
package/dist/stream.d.ts.map +0 -1
package/dist/stream.js +0 -27
package/dist/stream.js.map +0 -1
package/dist/types.d.ts +0 -498
package/dist/types.d.ts.map +0 -1
package/dist/types.js +0 -2
package/dist/types.js.map +0 -1
package/dist/utils/diagnostics.d.ts +0 -19
package/dist/utils/diagnostics.d.ts.map +0 -1
package/dist/utils/diagnostics.js +0 -25
package/dist/utils/diagnostics.js.map +0 -1
package/dist/utils/event-stream.d.ts +0 -21
package/dist/utils/event-stream.d.ts.map +0 -1
package/dist/utils/event-stream.js +0 -81
package/dist/utils/event-stream.js.map +0 -1
package/dist/utils/hash.d.ts +0 -3
package/dist/utils/hash.d.ts.map +0 -1
package/dist/utils/hash.js +0 -14
package/dist/utils/hash.js.map +0 -1
package/dist/utils/headers.d.ts +0 -2
package/dist/utils/headers.d.ts.map +0 -1
package/dist/utils/headers.js +0 -8
package/dist/utils/headers.js.map +0 -1
package/dist/utils/json-parse.d.ts +0 -16
package/dist/utils/json-parse.d.ts.map +0 -1
package/dist/utils/json-parse.js +0 -113
package/dist/utils/json-parse.js.map +0 -1
package/dist/utils/node-http-proxy.d.ts +0 -10
package/dist/utils/node-http-proxy.d.ts.map +0 -1
package/dist/utils/node-http-proxy.js +0 -97
package/dist/utils/node-http-proxy.js.map +0 -1
package/dist/utils/oauth/anthropic.d.ts +0 -25
package/dist/utils/oauth/anthropic.d.ts.map +0 -1
package/dist/utils/oauth/anthropic.js +0 -335
package/dist/utils/oauth/anthropic.js.map +0 -1
package/dist/utils/oauth/device-code.d.ts +0 -19
package/dist/utils/oauth/device-code.d.ts.map +0 -1
package/dist/utils/oauth/device-code.js +0 -55
package/dist/utils/oauth/device-code.js.map +0 -1
package/dist/utils/oauth/github-copilot.d.ts +0 -30
package/dist/utils/oauth/github-copilot.d.ts.map +0 -1
package/dist/utils/oauth/github-copilot.js +0 -268
package/dist/utils/oauth/github-copilot.js.map +0 -1
package/dist/utils/oauth/google-antigravity.d.ts +0 -26
package/dist/utils/oauth/google-antigravity.d.ts.map +0 -1
package/dist/utils/oauth/google-antigravity.js +0 -377
package/dist/utils/oauth/google-antigravity.js.map +0 -1
package/dist/utils/oauth/google-gemini-cli.d.ts +0 -26
package/dist/utils/oauth/google-gemini-cli.d.ts.map +0 -1
package/dist/utils/oauth/google-gemini-cli.js +0 -482
package/dist/utils/oauth/google-gemini-cli.js.map +0 -1
package/dist/utils/oauth/index.d.ts +0 -63
package/dist/utils/oauth/index.d.ts.map +0 -1
package/dist/utils/oauth/index.js +0 -131
package/dist/utils/oauth/index.js.map +0 -1
package/dist/utils/oauth/oauth-page.d.ts +0 -3
package/dist/utils/oauth/oauth-page.d.ts.map +0 -1
package/dist/utils/oauth/oauth-page.js +0 -105
package/dist/utils/oauth/oauth-page.js.map +0 -1
package/dist/utils/oauth/openai-codex.d.ts +0 -34
package/dist/utils/oauth/openai-codex.d.ts.map +0 -1
package/dist/utils/oauth/openai-codex.js +0 -385
package/dist/utils/oauth/openai-codex.js.map +0 -1
package/dist/utils/oauth/pkce.d.ts +0 -13
package/dist/utils/oauth/pkce.d.ts.map +0 -1
package/dist/utils/oauth/pkce.js +0 -31
package/dist/utils/oauth/pkce.js.map +0 -1
package/dist/utils/oauth/types.d.ts +0 -64
package/dist/utils/oauth/types.d.ts.map +0 -1
package/dist/utils/oauth/types.js +0 -2
package/dist/utils/oauth/types.js.map +0 -1
package/dist/utils/overflow.d.ts +0 -56
package/dist/utils/overflow.d.ts.map +0 -1
package/dist/utils/overflow.js +0 -151
package/dist/utils/overflow.js.map +0 -1
package/dist/utils/sanitize-unicode.d.ts +0 -22
package/dist/utils/sanitize-unicode.d.ts.map +0 -1
package/dist/utils/sanitize-unicode.js +0 -26
package/dist/utils/sanitize-unicode.js.map +0 -1
package/dist/utils/typebox-helpers.d.ts +0 -17
package/dist/utils/typebox-helpers.d.ts.map +0 -1
package/dist/utils/typebox-helpers.js +0 -21
package/dist/utils/typebox-helpers.js.map +0 -1
package/dist/utils/validation.d.ts +0 -18
package/dist/utils/validation.d.ts.map +0 -1
package/dist/utils/validation.js +0 -281
package/dist/utils/validation.js.map +0 -1

package/src/utils/oauth/anthropic.ts ADDED Viewed

@@ -0,0 +1,273 @@
+/**
+ * Anthropic OAuth flow (Claude Pro/Max)
+ */
+import { OAuthCallbackFlow } from "./callback-server";
+import { generatePKCE } from "./pkce";
+import type { OAuthController, OAuthCredentials } from "./types";
+const decode = (s: string) => atob(s);
+const CLIENT_ID = decode("OWQxYzI1MGEtZTYxYi00NGQ5LTg4ZWQtNTk0NGQxOTYyZjVl");
+const AUTHORIZE_URL = "https://claude.ai/oauth/authorize";
+const TOKEN_URL = "https://api.anthropic.com/v1/oauth/token";
+const BOOTSTRAP_URL = "https://api.anthropic.com/api/claude_cli/bootstrap";
+const CLAUDE_CODE_BOOTSTRAP_MODEL = "claude-opus-4-8";
+const CLAUDE_CODE_BOOTSTRAP_USER_AGENT = "claude-code/2.1.160";
+const CALLBACK_PORT = 54545;
+const CALLBACK_PATH = "/callback";
+// Scopes required for direct OAuth-token inference (user:inference) plus account/session management.
+// platform.claude.com/oauth/authorize issues console tokens (org:create_api_key only) and does not
+// grant user:inference — the claude.ai endpoint is required for direct inference access.
+const SCOPES =
+	"org:create_api_key user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload";
+function formatErrorDetails(error: unknown): string {
+	if (error instanceof Error) {
+		const details: string[] = [`${error.name}: ${error.message}`];
+		const errorWithCode = error as Error & { code?: string; errno?: number | string; cause?: unknown };
+		if (errorWithCode.code) details.push(`code=${errorWithCode.code}`);
+		if (typeof errorWithCode.errno !== "undefined") details.push(`errno=${String(errorWithCode.errno)}`);
+		if (typeof error.cause !== "undefined") {
+			details.push(`cause=${formatErrorDetails(error.cause)}`);
+		}
+		if (error.stack) {
+			details.push(`stack=${error.stack}`);
+		}
+		return details.join("; ");
+	}
+	return String(error);
+}
+async function postJson(
+	url: string,
+	body: Record<string, string | number>,
+	extraHeaders?: Record<string, string>,
+): Promise<string> {
+	const response = await fetch(url, {
+		method: "POST",
+		headers: {
+			// No Accept header: CC omits it on OAuth token requests.
+			...extraHeaders,
+			"Content-Type": "application/json",
+		},
+		body: JSON.stringify(body),
+		signal: AbortSignal.timeout(30_000),
+	});
+	const responseBody = await response.text();
+	if (!response.ok) {
+		throw new Error(`HTTP request failed. status=${response.status}; url=${url}; body=${responseBody}`);
+	}
+	return responseBody;
+}
+/**
+ * Decoded shape of Anthropic's `/v1/oauth/token` response (both
+ * `authorization_code` exchange and `refresh_token` refresh return the same
+ * envelope). Newer responses inline `account`; older/stale credentials can
+ * recover the same identity from `/api/claude_cli/bootstrap`.
+ */
+interface AnthropicTokenResponse {
+	access_token: string;
+	refresh_token: string;
+	expires_in: number;
+	account?: { uuid?: string; email_address?: string };
+}
+interface AnthropicBootstrapResponse {
+	oauth_account?: {
+		account_uuid?: string;
+		account_email?: string;
+	};
+}
+function parseOAuthTokenResponse(responseBody: string, operation: string): AnthropicTokenResponse {
+	try {
+		return JSON.parse(responseBody) as AnthropicTokenResponse;
+	} catch (error) {
+		throw new Error(
+			`Anthropic ${operation} returned invalid JSON. url=${TOKEN_URL}; body=${responseBody}; details=${formatErrorDetails(error)}`,
+		);
+	}
+}
+/**
+ * Lift the OAuth response's `account: { uuid, email_address }` block onto
+ * {@link OAuthCredentials} so downstream identity propagation (e.g.
+ * `metadata.user_id.account_uuid`, usage tracking) works without a separate
+ * `/api/oauth/profile` round-trip. Returns `undefined` for either field when
+ * the response omits it or carries a non-string / empty value.
+ */
+function extractAccountFromTokenResponse(data: AnthropicTokenResponse): {
+	accountId?: string;
+	email?: string;
+} {
+	const accountUuid = data.account?.uuid;
+	const emailAddress = data.account?.email_address;
+	return {
+		accountId: typeof accountUuid === "string" && accountUuid.length > 0 ? accountUuid : undefined,
+		email: typeof emailAddress === "string" && emailAddress.length > 0 ? emailAddress : undefined,
+	};
+}
+async function fetchBootstrapIdentity(accessToken: string): Promise<{ accountId?: string; email?: string }> {
+	const url = `${BOOTSTRAP_URL}?entrypoint=cli&model=${encodeURIComponent(CLAUDE_CODE_BOOTSTRAP_MODEL)}`;
+	const response = await fetch(url, {
+		method: "GET",
+		headers: {
+			Accept: "application/json, text/plain, */*",
+			Authorization: `Bearer ${accessToken}`,
+			"Content-Type": "application/json",
+			"User-Agent": CLAUDE_CODE_BOOTSTRAP_USER_AGENT,
+			"anthropic-beta": "oauth-2025-04-20",
+		},
+		signal: AbortSignal.timeout(30_000),
+	});
+	const responseBody = await response.text();
+	if (!response.ok) {
+		throw new Error(`HTTP request failed. status=${response.status}; url=${url}; body=${responseBody}`);
+	}
+	let data: AnthropicBootstrapResponse;
+	try {
+		data = JSON.parse(responseBody) as AnthropicBootstrapResponse;
+	} catch (error) {
+		throw new Error(
+			`Anthropic bootstrap returned invalid JSON. url=${url}; body=${responseBody}; details=${formatErrorDetails(error)}`,
+		);
+	}
+	const accountUuid = data.oauth_account?.account_uuid;
+	const accountEmail = data.oauth_account?.account_email;
+	return {
+		accountId: typeof accountUuid === "string" && accountUuid.length > 0 ? accountUuid : undefined,
+		email: typeof accountEmail === "string" && accountEmail.length > 0 ? accountEmail : undefined,
+	};
+}
+async function resolveAccountIdentity(data: AnthropicTokenResponse): Promise<{ accountId?: string; email?: string }> {
+	const identity = extractAccountFromTokenResponse(data);
+	if (identity.accountId && identity.email) return identity;
+	try {
+		const bootstrap = await fetchBootstrapIdentity(data.access_token);
+		return {
+			accountId: identity.accountId ?? bootstrap.accountId,
+			email: identity.email ?? bootstrap.email,
+		};
+	} catch {
+		return identity;
+	}
+}
+export class AnthropicOAuthFlow extends OAuthCallbackFlow {
+	#verifier: string = "";
+	#challenge: string = "";
+	constructor(ctrl: OAuthController) {
+		super(ctrl, CALLBACK_PORT, CALLBACK_PATH);
+	}
+	async generateAuthUrl(state: string, redirectUri: string): Promise<{ url: string; instructions?: string }> {
+		const pkce = await generatePKCE();
+		this.#verifier = pkce.verifier;
+		this.#challenge = pkce.challenge;
+		const authParams = new URLSearchParams({
+			code: "true",
+			client_id: CLIENT_ID,
+			response_type: "code",
+			redirect_uri: redirectUri,
+			scope: SCOPES,
+			code_challenge: this.#challenge,
+			code_challenge_method: "S256",
+			state,
+		});
+		const url = `${AUTHORIZE_URL}?${authParams.toString()}`;
+		return {
+			url,
+			instructions:
+				"Complete login in your browser. If the browser cannot reach this machine, paste the final redirect URL or authorization code when prompted.",
+		};
+	}
+	async exchangeToken(code: string, state: string, redirectUri: string): Promise<OAuthCredentials> {
+		let exchangeCode = code;
+		let exchangeState = state;
+		const codeFragmentIndex = code.indexOf("#");
+		if (codeFragmentIndex >= 0) {
+			exchangeCode = code.slice(0, codeFragmentIndex);
+			const codeFragmentState = code.slice(codeFragmentIndex + 1);
+			if (codeFragmentState.length > 0) {
+				exchangeState = codeFragmentState;
+			}
+		}
+		let responseBody: string;
+		try {
+			responseBody = await postJson(TOKEN_URL, {
+				grant_type: "authorization_code",
+				client_id: CLIENT_ID,
+				code: exchangeCode,
+				state: exchangeState,
+				redirect_uri: redirectUri,
+				code_verifier: this.#verifier,
+			});
+		} catch (error) {
+			throw new Error(
+				`Token exchange request failed. url=${TOKEN_URL}; redirect_uri=${redirectUri}; response_type=authorization_code; details=${formatErrorDetails(error)}`,
+			);
+		}
+		const tokenData = parseOAuthTokenResponse(responseBody, "token exchange");
+		const { accountId, email } = await resolveAccountIdentity(tokenData);
+		return {
+			refresh: tokenData.refresh_token,
+			access: tokenData.access_token,
+			expires: Date.now() + tokenData.expires_in * 1000 - 5 * 60 * 1000,
+			accountId,
+			email,
+		};
+	}
+}
+/**
+ * Login with Anthropic OAuth
+ */
+export async function loginAnthropic(ctrl: OAuthController): Promise<OAuthCredentials> {
+	const flow = new AnthropicOAuthFlow(ctrl);
+	return flow.login();
+}
+/**
+ * Refresh Anthropic OAuth token
+ */
+export async function refreshAnthropicToken(refreshToken: string): Promise<OAuthCredentials> {
+	let responseBody: string;
+	try {
+		responseBody = await postJson(
+			TOKEN_URL,
+			{
+				grant_type: "refresh_token",
+				client_id: CLIENT_ID,
+				refresh_token: refreshToken,
+			},
+			{
+				// CC sends these on refresh but not on the initial code exchange
+				"anthropic-beta": "oauth-2025-04-20",
+				"User-Agent": "anthropic-sdk-typescript/0.94.0 userOAuthProvider",
+			},
+		);
+	} catch (error) {
+		throw new Error(`Anthropic token refresh request failed. url=${TOKEN_URL}; details=${formatErrorDetails(error)}`);
+	}
+	const data = parseOAuthTokenResponse(responseBody, "token refresh");
+	const { accountId, email } = await resolveAccountIdentity(data);
+	return {
+		refresh: data.refresh_token || refreshToken,
+		access: data.access_token,
+		expires: Date.now() + data.expires_in * 1000 - 5 * 60 * 1000,
+		accountId,
+		email,
+	};
+}

package/src/utils/oauth/api-key-login.ts ADDED Viewed

@@ -0,0 +1,87 @@
+/**
+ * Shared factory for API-key-paste "login" flows.
+ *
+ * Several providers (Cerebras, Synthetic, Moonshot, Together, NanoGPT, ZenMux)
+ * don't actually implement OAuth — they just ask the user to paste an API key,
+ * optionally validate it, and return the trimmed key.
+ */
+import { validateApiKeyAgainstModelsEndpoint, validateOpenAICompatibleApiKey } from "./api-key-validation";
+import type { OAuthController } from "./types";
+type ChatCompletionsValidation = {
+	kind: "chat-completions";
+	provider: string;
+	baseUrl: string;
+	model: string;
+};
+type ModelsEndpointValidation = {
+	kind: "models-endpoint";
+	provider: string;
+	modelsUrl: string;
+};
+export type ApiKeyLoginConfig = {
+	/** Display name used in error messages, e.g. "Cerebras", "NanoGPT". */
+	providerLabel: string;
+	/** URL opened in browser for the user to grab their key. */
+	authUrl: string;
+	/** Instructions shown with the onAuth callback. */
+	instructions: string;
+	/** Prompt message shown when asking for the key paste. */
+	promptMessage: string;
+	/** Placeholder string for the prompt (e.g. "sk-...", "csk-..."). */
+	placeholder: string;
+	/** Validation strategy, or `null` to skip validation. */
+	validation: ChatCompletionsValidation | ModelsEndpointValidation | null;
+};
+export function createApiKeyLogin(config: ApiKeyLoginConfig): (options: OAuthController) => Promise<string> {
+	return async function login(options: OAuthController): Promise<string> {
+		if (!options.onPrompt) {
+			throw new Error(`${config.providerLabel} login requires onPrompt callback`);
+		}
+		options.onAuth?.({
+			url: config.authUrl,
+			instructions: config.instructions,
+		});
+		const apiKey = await options.onPrompt({
+			message: config.promptMessage,
+			placeholder: config.placeholder,
+		});
+		if (options.signal?.aborted) {
+			throw new Error("Login cancelled");
+		}
+		const trimmed = apiKey.trim();
+		if (!trimmed) {
+			throw new Error("API key is required");
+		}
+		if (config.validation) {
+			options.onProgress?.("Validating API key...");
+			if (config.validation.kind === "chat-completions") {
+				await validateOpenAICompatibleApiKey({
+					provider: config.validation.provider,
+					apiKey: trimmed,
+					baseUrl: config.validation.baseUrl,
+					model: config.validation.model,
+					signal: options.signal,
+				});
+			} else {
+				await validateApiKeyAgainstModelsEndpoint({
+					provider: config.validation.provider,
+					apiKey: trimmed,
+					modelsUrl: config.validation.modelsUrl,
+					signal: options.signal,
+				});
+			}
+		}
+		return trimmed;
+	};
+}

package/src/utils/oauth/api-key-validation.ts ADDED Viewed

@@ -0,0 +1,92 @@
+type OpenAICompatibleValidationOptions = {
+	provider: string;
+	apiKey: string;
+	baseUrl: string;
+	model: string;
+	signal?: AbortSignal;
+};
+type ModelListValidationOptions = {
+	provider: string;
+	apiKey: string;
+	modelsUrl: string;
+	signal?: AbortSignal;
+};
+const VALIDATION_TIMEOUT_MS = 15_000;
+/**
+ * Validate an API key against an OpenAI-compatible chat completions endpoint.
+ *
+ * Performs a minimal request to verify credentials and endpoint access.
+ */
+export async function validateOpenAICompatibleApiKey(options: OpenAICompatibleValidationOptions): Promise<void> {
+	const timeoutSignal = AbortSignal.timeout(VALIDATION_TIMEOUT_MS);
+	const signal = options.signal ? AbortSignal.any([options.signal, timeoutSignal]) : timeoutSignal;
+	const response = await fetch(`${options.baseUrl}/chat/completions`, {
+		method: "POST",
+		headers: {
+			"Content-Type": "application/json",
+			Authorization: `Bearer ${options.apiKey}`,
+		},
+		body: JSON.stringify({
+			model: options.model,
+			messages: [{ role: "user", content: "ping" }],
+			max_tokens: 1,
+			temperature: 0,
+		}),
+		signal,
+	});
+	if (response.ok) {
+		return;
+	}
+	let details = "";
+	try {
+		details = (await response.text()).trim();
+	} catch {
+		// ignore body parse errors, status is enough
+	}
+	const message = details
+		? `${options.provider} API key validation failed (${response.status}): ${details}`
+		: `${options.provider} API key validation failed (${response.status})`;
+	throw new Error(message);
+}
+/**
+ * Validate an API key against a provider models endpoint.
+ *
+ * Useful for providers where access to specific models may vary by plan and
+ * should not block key validation.
+ */
+export async function validateApiKeyAgainstModelsEndpoint(options: ModelListValidationOptions): Promise<void> {
+	const timeoutSignal = AbortSignal.timeout(VALIDATION_TIMEOUT_MS);
+	const signal = options.signal ? AbortSignal.any([options.signal, timeoutSignal]) : timeoutSignal;
+	const response = await fetch(options.modelsUrl, {
+		method: "GET",
+		headers: {
+			Authorization: `Bearer ${options.apiKey}`,
+		},
+		signal,
+	});
+	if (response.ok) {
+		return;
+	}
+	let details = "";
+	try {
+		details = (await response.text()).trim();
+	} catch {
+		// ignore body parse errors, status is enough
+	}
+	const message = details
+		? `${options.provider} API key validation failed (${response.status}): ${details}`
+		: `${options.provider} API key validation failed (${response.status})`;
+	throw new Error(message);
+}