npm - @aryee337/aery-ai - Versions diffs - 0.2.28 → 0.2.29 - Mend

@aryee337/aery-ai 0.2.28 → 0.2.29

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (417) hide show

package/CHANGELOG.md +2914 -0
package/README.md +614 -813
package/package.json +140 -105
package/src/api-registry.ts +96 -0
package/src/auth-broker/client.ts +358 -0
package/src/auth-broker/index.ts +5 -0
package/src/auth-broker/refresher.ts +117 -0
package/src/auth-broker/remote-store.ts +623 -0
package/src/auth-broker/server.ts +644 -0
package/src/auth-broker/types.ts +127 -0
package/src/auth-broker/wire-schemas.ts +200 -0
package/src/auth-gateway/http.ts +194 -0
package/src/auth-gateway/index.ts +3 -0
package/src/auth-gateway/server.ts +818 -0
package/src/auth-gateway/types.ts +143 -0
package/src/auth-storage.ts +4422 -0
package/src/index.ts +54 -0
package/src/model-cache.ts +129 -0
package/src/model-manager.ts +469 -0
package/src/model-thinking.ts +782 -0
package/src/models.json +83530 -0
package/src/models.json.d.ts +9 -0
package/src/models.ts +56 -0
package/src/prompts/turn-aborted-guidance.md +4 -0
package/src/provider-details.ts +90 -0
package/src/provider-models/bundled-references.ts +38 -0
package/src/provider-models/descriptors.ts +355 -0
package/src/provider-models/google.ts +88 -0
package/src/provider-models/index.ts +5 -0
package/src/provider-models/ollama.ts +153 -0
package/src/provider-models/openai-compat.ts +2817 -0
package/src/provider-models/special.ts +67 -0
package/src/providers/aery-native-client.ts +228 -0
package/src/providers/aery-native-server.ts +212 -0
package/src/providers/amazon-bedrock.ts +873 -0
package/src/providers/anthropic-client.ts +318 -0
package/src/providers/anthropic-messages-server-schema.ts +243 -0
package/src/providers/anthropic-messages-server.ts +683 -0
package/src/providers/anthropic-wire.ts +268 -0
package/src/providers/anthropic.ts +3094 -0
package/src/providers/aws-credentials.ts +501 -0
package/src/providers/aws-eventstream.ts +185 -0
package/src/providers/aws-sigv4.ts +218 -0
package/src/providers/azure-openai-responses.ts +361 -0
package/src/providers/cursor/gen/agent_pb.ts +15274 -0
package/src/providers/cursor/proto/agent.proto +3526 -0
package/src/providers/cursor/proto/buf.gen.yaml +6 -0
package/src/providers/cursor/proto/buf.yaml +17 -0
package/src/providers/cursor.ts +2621 -0
package/src/providers/error-message.ts +21 -0
package/src/providers/github-copilot-headers.ts +140 -0
package/src/providers/gitlab-duo.ts +372 -0
package/src/providers/google-auth.ts +252 -0
package/src/providers/google-gemini-cli.ts +809 -0
package/src/providers/google-gemini-headers.ts +41 -0
package/src/providers/google-shared.ts +917 -0
package/src/providers/google-types.ts +167 -0
package/src/providers/google-vertex.ts +91 -0
package/src/providers/google.ts +41 -0
package/src/providers/grammar.ts +70 -0
package/src/providers/kimi.ts +52 -0
package/src/providers/mock.ts +496 -0
package/src/providers/ollama.ts +644 -0
package/src/providers/openai-anthropic-shim.ts +138 -0
package/src/providers/openai-chat-server-schema.ts +252 -0
package/src/providers/openai-chat-server.ts +647 -0
package/src/providers/openai-codex/constants.ts +43 -0
package/src/providers/openai-codex/request-transformer.ts +161 -0
package/src/providers/openai-codex/response-handler.ts +81 -0
package/src/providers/openai-codex-responses.ts +3018 -0
package/src/providers/openai-completions-compat.ts +300 -0
package/src/providers/openai-completions.ts +1979 -0
package/src/providers/openai-responses-server-schema.ts +290 -0
package/src/providers/openai-responses-server.ts +1183 -0
package/src/providers/openai-responses-shared.ts +873 -0
package/src/providers/openai-responses.ts +679 -0
package/src/providers/register-builtins.ts +436 -0
package/src/providers/synthetic.ts +50 -0
package/src/providers/transform-messages.ts +382 -0
package/src/providers/vision-guard.ts +31 -0
package/src/providers/xai-responses.ts +82 -0
package/src/rate-limit-utils.ts +84 -0
package/src/stream.ts +1065 -0
package/src/types.ts +944 -0
package/src/usage/claude.ts +482 -0
package/src/usage/gemini.ts +250 -0
package/src/usage/github-copilot.ts +421 -0
package/src/usage/google-antigravity.ts +201 -0
package/src/usage/kimi.ts +271 -0
package/src/usage/minimax-code.ts +31 -0
package/src/usage/openai-codex.ts +503 -0
package/src/usage/shared.ts +10 -0
package/src/usage/zai.ts +247 -0
package/src/usage.ts +185 -0
package/src/utils/abort.ts +51 -0
package/src/utils/abortable-iterator.ts +69 -0
package/src/utils/anthropic-auth.ts +93 -0
package/src/utils/discovery/antigravity.ts +261 -0
package/src/utils/discovery/codex.ts +371 -0
package/src/utils/discovery/cursor.ts +306 -0
package/src/utils/discovery/gemini.ts +248 -0
package/src/utils/discovery/index.ts +4 -0
package/src/utils/discovery/openai-compatible.ts +224 -0
package/src/utils/event-stream.ts +142 -0
package/src/utils/fireworks-model-id.ts +30 -0
package/src/utils/foundry.ts +8 -0
package/src/utils/http-inspector.ts +176 -0
package/src/utils/idle-iterator.ts +267 -0
package/src/utils/json-parse.ts +182 -0
package/src/utils/oauth/__tests__/xai-oauth.test.ts +107 -0
package/src/utils/oauth/alibaba-coding-plan.ts +59 -0
package/src/utils/oauth/anthropic.ts +273 -0
package/src/utils/oauth/api-key-login.ts +87 -0
package/src/utils/oauth/api-key-validation.ts +92 -0
package/src/utils/oauth/callback-server.ts +276 -0
package/src/utils/oauth/cerebras.ts +16 -0
package/src/utils/oauth/cloudflare-ai-gateway.ts +48 -0
package/src/utils/oauth/cursor.ts +157 -0
package/src/utils/oauth/deepseek.ts +53 -0
package/src/utils/oauth/firepass.ts +24 -0
package/src/utils/oauth/fireworks.ts +15 -0
package/src/utils/oauth/github-copilot.ts +362 -0
package/src/utils/oauth/gitlab-duo.ts +123 -0
package/src/utils/oauth/google-antigravity.ts +200 -0
package/src/utils/oauth/google-gemini-cli.ts +256 -0
package/src/utils/oauth/google-oauth-shared.ts +110 -0
package/src/utils/oauth/huggingface.ts +62 -0
package/src/utils/oauth/index.ts +484 -0
package/src/utils/oauth/kagi.ts +47 -0
package/src/utils/oauth/kilo.ts +87 -0
package/src/utils/oauth/kimi.ts +254 -0
package/src/utils/oauth/litellm.ts +47 -0
package/src/utils/oauth/lm-studio.ts +38 -0
package/src/utils/oauth/minimax-code.ts +78 -0
package/src/utils/oauth/moonshot.ts +23 -0
package/src/utils/oauth/nanogpt.ts +15 -0
package/src/utils/oauth/nvidia.ts +70 -0
package/src/utils/oauth/oauth.html +203 -0
package/src/utils/oauth/ollama-cloud.ts +28 -0
package/src/utils/oauth/ollama.ts +47 -0
package/src/utils/oauth/openai-codex.ts +299 -0
package/src/utils/oauth/opencode.ts +49 -0
package/src/utils/oauth/openrouter.ts +20 -0
package/src/utils/oauth/parallel.ts +46 -0
package/src/utils/oauth/perplexity.ts +206 -0
package/src/utils/oauth/pkce.ts +18 -0
package/src/utils/oauth/qianfan.ts +58 -0
package/src/utils/oauth/qwen-portal.ts +60 -0
package/src/utils/oauth/synthetic.ts +15 -0
package/src/utils/oauth/tavily.ts +46 -0
package/src/utils/oauth/together.ts +16 -0
package/src/utils/oauth/types.ts +99 -0
package/src/utils/oauth/venice.ts +59 -0
package/src/utils/oauth/vercel-ai-gateway.ts +47 -0
package/src/utils/oauth/vllm.ts +40 -0
package/src/utils/oauth/wafer.ts +50 -0
package/src/utils/oauth/xai-oauth.ts +342 -0
package/src/utils/oauth/xiaomi.ts +139 -0
package/src/utils/oauth/zai.ts +60 -0
package/src/utils/oauth/zenmux.ts +15 -0
package/src/utils/oauth/zhipu.ts +60 -0
package/src/utils/overflow.ts +137 -0
package/src/utils/parse-bind.ts +54 -0
package/src/utils/provider-response.ts +30 -0
package/src/utils/request-debug.ts +336 -0
package/src/utils/retry-after.ts +110 -0
package/src/utils/retry.ts +54 -0
package/src/utils/schema/CONSTRAINTS.md +164 -0
package/src/utils/schema/adapt.ts +36 -0
package/src/utils/schema/compatibility.ts +435 -0
package/src/utils/schema/dereference.ts +98 -0
package/src/utils/schema/draft.ts +341 -0
package/src/utils/schema/equality.ts +97 -0
package/src/utils/schema/fields.ts +191 -0
package/src/utils/schema/index.ts +13 -0
package/src/utils/schema/json-schema-validator.ts +577 -0
package/src/utils/schema/meta-validator.ts +167 -0
package/src/utils/schema/normalize.ts +1588 -0
package/src/utils/schema/spill.ts +43 -0
package/src/utils/schema/stamps.ts +97 -0
package/src/utils/schema/types.ts +10 -0
package/src/utils/schema/wire.ts +293 -0
package/src/utils/schema/zod-decontaminate.ts +331 -0
package/src/utils/sdk-stream-timeout.ts +43 -0
package/src/utils/sse-debug.ts +289 -0
package/src/utils/stream-markup-healing.ts +612 -0
package/src/utils/tool-choice.ts +99 -0
package/src/utils/validation.ts +1024 -0
package/src/utils.ts +166 -0
package/dist/api-registry.d.ts +0 -20
package/dist/api-registry.d.ts.map +0 -1
package/dist/api-registry.js +0 -44
package/dist/api-registry.js.map +0 -1
package/dist/bedrock-provider.d.ts +0 -5
package/dist/bedrock-provider.d.ts.map +0 -1
package/dist/bedrock-provider.js +0 -6
package/dist/bedrock-provider.js.map +0 -1
package/dist/cli.d.ts +0 -3
package/dist/cli.d.ts.map +0 -1
package/dist/cli.js +0 -130
package/dist/cli.js.map +0 -1
package/dist/env-api-keys.d.ts +0 -18
package/dist/env-api-keys.d.ts.map +0 -1
package/dist/env-api-keys.js +0 -178
package/dist/env-api-keys.js.map +0 -1
package/dist/image-models.d.ts +0 -10
package/dist/image-models.d.ts.map +0 -1
package/dist/image-models.generated.d.ts +0 -440
package/dist/image-models.generated.d.ts.map +0 -1
package/dist/image-models.generated.js +0 -442
package/dist/image-models.generated.js.map +0 -1
package/dist/image-models.js +0 -23
package/dist/image-models.js.map +0 -1
package/dist/images-api-registry.d.ts +0 -14
package/dist/images-api-registry.d.ts.map +0 -1
package/dist/images-api-registry.js +0 -22
package/dist/images-api-registry.js.map +0 -1
package/dist/images.d.ts +0 -4
package/dist/images.d.ts.map +0 -1
package/dist/images.js +0 -14
package/dist/images.js.map +0 -1
package/dist/index.d.ts +0 -32
package/dist/index.d.ts.map +0 -1
package/dist/index.js +0 -20
package/dist/index.js.map +0 -1
package/dist/models.d.ts +0 -18
package/dist/models.d.ts.map +0 -1
package/dist/models.generated.d.ts +0 -17707
package/dist/models.generated.d.ts.map +0 -1
package/dist/models.generated.js +0 -16561
package/dist/models.generated.js.map +0 -1
package/dist/models.js +0 -71
package/dist/models.js.map +0 -1
package/dist/oauth.d.ts +0 -2
package/dist/oauth.d.ts.map +0 -1
package/dist/oauth.js +0 -2
package/dist/oauth.js.map +0 -1
package/dist/providers/aery-error-formatting.d.ts +0 -13
package/dist/providers/aery-error-formatting.d.ts.map +0 -1
package/dist/providers/aery-error-formatting.js +0 -112
package/dist/providers/aery-error-formatting.js.map +0 -1
package/dist/providers/amazon-bedrock.d.ts +0 -38
package/dist/providers/amazon-bedrock.d.ts.map +0 -1
package/dist/providers/amazon-bedrock.js +0 -763
package/dist/providers/amazon-bedrock.js.map +0 -1
package/dist/providers/anthropic.d.ts +0 -71
package/dist/providers/anthropic.d.ts.map +0 -1
package/dist/providers/anthropic.js +0 -949
package/dist/providers/anthropic.js.map +0 -1
package/dist/providers/azure-openai-responses.d.ts +0 -15
package/dist/providers/azure-openai-responses.d.ts.map +0 -1
package/dist/providers/azure-openai-responses.js +0 -225
package/dist/providers/azure-openai-responses.js.map +0 -1
package/dist/providers/cloudflare.d.ts +0 -13
package/dist/providers/cloudflare.d.ts.map +0 -1
package/dist/providers/cloudflare.js +0 -26
package/dist/providers/cloudflare.js.map +0 -1
package/dist/providers/faux.d.ts +0 -56
package/dist/providers/faux.d.ts.map +0 -1
package/dist/providers/faux.js +0 -368
package/dist/providers/faux.js.map +0 -1
package/dist/providers/github-copilot-headers.d.ts +0 -8
package/dist/providers/github-copilot-headers.d.ts.map +0 -1
package/dist/providers/github-copilot-headers.js +0 -29
package/dist/providers/github-copilot-headers.js.map +0 -1
package/dist/providers/google-gemini-cli.d.ts +0 -74
package/dist/providers/google-gemini-cli.d.ts.map +0 -1
package/dist/providers/google-gemini-cli.js +0 -779
package/dist/providers/google-gemini-cli.js.map +0 -1
package/dist/providers/google-shared.d.ts +0 -70
package/dist/providers/google-shared.d.ts.map +0 -1
package/dist/providers/google-shared.js +0 -329
package/dist/providers/google-shared.js.map +0 -1
package/dist/providers/google-vertex.d.ts +0 -15
package/dist/providers/google-vertex.d.ts.map +0 -1
package/dist/providers/google-vertex.js +0 -442
package/dist/providers/google-vertex.js.map +0 -1
package/dist/providers/google.d.ts +0 -13
package/dist/providers/google.d.ts.map +0 -1
package/dist/providers/google.js +0 -400
package/dist/providers/google.js.map +0 -1
package/dist/providers/images/openrouter.d.ts +0 -3
package/dist/providers/images/openrouter.d.ts.map +0 -1
package/dist/providers/images/openrouter.js +0 -129
package/dist/providers/images/openrouter.js.map +0 -1
package/dist/providers/images/register-builtins.d.ts +0 -4
package/dist/providers/images/register-builtins.d.ts.map +0 -1
package/dist/providers/images/register-builtins.js +0 -34
package/dist/providers/images/register-builtins.js.map +0 -1
package/dist/providers/mistral.d.ts +0 -25
package/dist/providers/mistral.d.ts.map +0 -1
package/dist/providers/mistral.js +0 -535
package/dist/providers/mistral.js.map +0 -1
package/dist/providers/openai-codex-responses.d.ts +0 -30
package/dist/providers/openai-codex-responses.d.ts.map +0 -1
package/dist/providers/openai-codex-responses.js +0 -1090
package/dist/providers/openai-codex-responses.js.map +0 -1
package/dist/providers/openai-completions.d.ts +0 -19
package/dist/providers/openai-completions.d.ts.map +0 -1
package/dist/providers/openai-completions.js +0 -950
package/dist/providers/openai-completions.js.map +0 -1
package/dist/providers/openai-prompt-cache.d.ts +0 -3
package/dist/providers/openai-prompt-cache.d.ts.map +0 -1
package/dist/providers/openai-prompt-cache.js +0 -10
package/dist/providers/openai-prompt-cache.js.map +0 -1
package/dist/providers/openai-responses-shared.d.ts +0 -18
package/dist/providers/openai-responses-shared.d.ts.map +0 -1
package/dist/providers/openai-responses-shared.js +0 -492
package/dist/providers/openai-responses-shared.js.map +0 -1
package/dist/providers/openai-responses.d.ts +0 -13
package/dist/providers/openai-responses.d.ts.map +0 -1
package/dist/providers/openai-responses.js +0 -237
package/dist/providers/openai-responses.js.map +0 -1
package/dist/providers/register-builtins.d.ts +0 -38
package/dist/providers/register-builtins.d.ts.map +0 -1
package/dist/providers/register-builtins.js +0 -278
package/dist/providers/register-builtins.js.map +0 -1
package/dist/providers/simple-options.d.ts +0 -8
package/dist/providers/simple-options.d.ts.map +0 -1
package/dist/providers/simple-options.js +0 -41
package/dist/providers/simple-options.js.map +0 -1
package/dist/providers/transform-messages.d.ts +0 -8
package/dist/providers/transform-messages.d.ts.map +0 -1
package/dist/providers/transform-messages.js +0 -184
package/dist/providers/transform-messages.js.map +0 -1
package/dist/session-resources.d.ts +0 -4
package/dist/session-resources.d.ts.map +0 -1
package/dist/session-resources.js +0 -22
package/dist/session-resources.js.map +0 -1
package/dist/stream.d.ts +0 -8
package/dist/stream.d.ts.map +0 -1
package/dist/stream.js +0 -27
package/dist/stream.js.map +0 -1
package/dist/types.d.ts +0 -498
package/dist/types.d.ts.map +0 -1
package/dist/types.js +0 -2
package/dist/types.js.map +0 -1
package/dist/utils/diagnostics.d.ts +0 -19
package/dist/utils/diagnostics.d.ts.map +0 -1
package/dist/utils/diagnostics.js +0 -25
package/dist/utils/diagnostics.js.map +0 -1
package/dist/utils/event-stream.d.ts +0 -21
package/dist/utils/event-stream.d.ts.map +0 -1
package/dist/utils/event-stream.js +0 -81
package/dist/utils/event-stream.js.map +0 -1
package/dist/utils/hash.d.ts +0 -3
package/dist/utils/hash.d.ts.map +0 -1
package/dist/utils/hash.js +0 -14
package/dist/utils/hash.js.map +0 -1
package/dist/utils/headers.d.ts +0 -2
package/dist/utils/headers.d.ts.map +0 -1
package/dist/utils/headers.js +0 -8
package/dist/utils/headers.js.map +0 -1
package/dist/utils/json-parse.d.ts +0 -16
package/dist/utils/json-parse.d.ts.map +0 -1
package/dist/utils/json-parse.js +0 -113
package/dist/utils/json-parse.js.map +0 -1
package/dist/utils/node-http-proxy.d.ts +0 -10
package/dist/utils/node-http-proxy.d.ts.map +0 -1
package/dist/utils/node-http-proxy.js +0 -97
package/dist/utils/node-http-proxy.js.map +0 -1
package/dist/utils/oauth/anthropic.d.ts +0 -25
package/dist/utils/oauth/anthropic.d.ts.map +0 -1
package/dist/utils/oauth/anthropic.js +0 -335
package/dist/utils/oauth/anthropic.js.map +0 -1
package/dist/utils/oauth/device-code.d.ts +0 -19
package/dist/utils/oauth/device-code.d.ts.map +0 -1
package/dist/utils/oauth/device-code.js +0 -55
package/dist/utils/oauth/device-code.js.map +0 -1
package/dist/utils/oauth/github-copilot.d.ts +0 -30
package/dist/utils/oauth/github-copilot.d.ts.map +0 -1
package/dist/utils/oauth/github-copilot.js +0 -268
package/dist/utils/oauth/github-copilot.js.map +0 -1
package/dist/utils/oauth/google-antigravity.d.ts +0 -26
package/dist/utils/oauth/google-antigravity.d.ts.map +0 -1
package/dist/utils/oauth/google-antigravity.js +0 -377
package/dist/utils/oauth/google-antigravity.js.map +0 -1
package/dist/utils/oauth/google-gemini-cli.d.ts +0 -26
package/dist/utils/oauth/google-gemini-cli.d.ts.map +0 -1
package/dist/utils/oauth/google-gemini-cli.js +0 -482
package/dist/utils/oauth/google-gemini-cli.js.map +0 -1
package/dist/utils/oauth/index.d.ts +0 -63
package/dist/utils/oauth/index.d.ts.map +0 -1
package/dist/utils/oauth/index.js +0 -131
package/dist/utils/oauth/index.js.map +0 -1
package/dist/utils/oauth/oauth-page.d.ts +0 -3
package/dist/utils/oauth/oauth-page.d.ts.map +0 -1
package/dist/utils/oauth/oauth-page.js +0 -105
package/dist/utils/oauth/oauth-page.js.map +0 -1
package/dist/utils/oauth/openai-codex.d.ts +0 -34
package/dist/utils/oauth/openai-codex.d.ts.map +0 -1
package/dist/utils/oauth/openai-codex.js +0 -385
package/dist/utils/oauth/openai-codex.js.map +0 -1
package/dist/utils/oauth/pkce.d.ts +0 -13
package/dist/utils/oauth/pkce.d.ts.map +0 -1
package/dist/utils/oauth/pkce.js +0 -31
package/dist/utils/oauth/pkce.js.map +0 -1
package/dist/utils/oauth/types.d.ts +0 -64
package/dist/utils/oauth/types.d.ts.map +0 -1
package/dist/utils/oauth/types.js +0 -2
package/dist/utils/oauth/types.js.map +0 -1
package/dist/utils/overflow.d.ts +0 -56
package/dist/utils/overflow.d.ts.map +0 -1
package/dist/utils/overflow.js +0 -151
package/dist/utils/overflow.js.map +0 -1
package/dist/utils/sanitize-unicode.d.ts +0 -22
package/dist/utils/sanitize-unicode.d.ts.map +0 -1
package/dist/utils/sanitize-unicode.js +0 -26
package/dist/utils/sanitize-unicode.js.map +0 -1
package/dist/utils/typebox-helpers.d.ts +0 -17
package/dist/utils/typebox-helpers.d.ts.map +0 -1
package/dist/utils/typebox-helpers.js +0 -21
package/dist/utils/typebox-helpers.js.map +0 -1
package/dist/utils/validation.d.ts +0 -18
package/dist/utils/validation.d.ts.map +0 -1
package/dist/utils/validation.js +0 -281
package/dist/utils/validation.js.map +0 -1

package/src/utils/oauth/callback-server.ts ADDED Viewed

@@ -0,0 +1,276 @@
+/**
+ * Abstract base class for OAuth flows with local callback servers.
+ *
+ * Handles:
+ * - Port allocation (tries expected port, falls back to random)
+ * - Callback server setup and request handling
+ * - Common OAuth flow logic
+ *
+ * Providers extend this and implement:
+ * - generateAuthUrl(): Build provider-specific authorization URL
+ * - exchangeToken(): Exchange authorization code for tokens
+ */
+import templateHtml from "./oauth.html" with { type: "text" };
+import type { OAuthController, OAuthCredentials } from "./types";
+const DEFAULT_TIMEOUT = 300_000;
+const DEFAULT_HOSTNAME = "localhost";
+const CALLBACK_PATH = "/callback";
+export type CallbackResult = { code: string; state: string };
+export interface OAuthCallbackFlowOptions {
+	preferredPort: number;
+	callbackPath?: string;
+	callbackHostname?: string;
+	/** Exact redirect URI advertised to the provider; disables port fallback. */
+	redirectUri?: string;
+}
+/**
+ * Abstract base class for OAuth flows with local callback servers.
+ */
+export abstract class OAuthCallbackFlow {
+	ctrl: OAuthController;
+	preferredPort: number;
+	callbackPath: string;
+	callbackHostname: string;
+	redirectUri?: string;
+	#callbackResolve?: (result: CallbackResult) => void;
+	#callbackReject?: (error: string) => void;
+	constructor(
+		ctrl: OAuthController,
+		preferredPortOrOptions: number | OAuthCallbackFlowOptions,
+		callbackPath: string = CALLBACK_PATH,
+	) {
+		this.ctrl = ctrl;
+		if (typeof preferredPortOrOptions === "number") {
+			this.preferredPort = preferredPortOrOptions;
+			this.callbackPath = callbackPath;
+			this.callbackHostname = DEFAULT_HOSTNAME;
+			return;
+		}
+		this.preferredPort = preferredPortOrOptions.preferredPort;
+		this.callbackPath = preferredPortOrOptions.callbackPath ?? CALLBACK_PATH;
+		this.callbackHostname = preferredPortOrOptions.callbackHostname ?? DEFAULT_HOSTNAME;
+		this.redirectUri = preferredPortOrOptions.redirectUri;
+	}
+	/**
+	 * Generate provider-specific authorization URL.
+	 * @param state - CSRF state token
+	 * @param redirectUri - The actual redirect URI to use (may differ from expected if port fallback occurred)
+	 * @returns Authorization URL and optional instructions
+	 */
+	abstract generateAuthUrl(state: string, redirectUri: string): Promise<{ url: string; instructions?: string }>;
+	/**
+	 * Exchange authorization code for OAuth tokens.
+	 * @param code - Authorization code from callback
+	 * @param state - CSRF state token
+	 * @param redirectUri - The actual redirect URI used (must match authorization request)
+	 * @returns OAuth credentials
+	 */
+	abstract exchangeToken(code: string, state: string, redirectUri: string): Promise<OAuthCredentials>;
+	/**
+	 * Generate CSRF state token. Override if provider needs custom state generation.
+	 */
+	generateState(): string {
+		const bytes = new Uint8Array(16);
+		crypto.getRandomValues(bytes);
+		return Array.from(bytes)
+			.map(value => value.toString(16).padStart(2, "0"))
+			.join("");
+	}
+	/**
+	 * Execute the OAuth login flow.
+	 */
+	async login(): Promise<OAuthCredentials> {
+		const state = this.generateState();
+		// Start callback server first to get actual redirect URI
+		const { server, redirectUri } = await this.#startCallbackServer(state);
+		try {
+			// Generate auth URL with the ACTUAL redirect URI (may differ from expected if port was busy)
+			const { url: authUrl, instructions } = await this.generateAuthUrl(state, redirectUri);
+			// Notify controller that auth is ready
+			this.ctrl.onAuth?.({ url: authUrl, instructions });
+			this.ctrl.onProgress?.("Waiting for browser authentication...");
+			// Wait for callback or manual input
+			const { code } = await this.#waitForCallback(state);
+			this.ctrl.onProgress?.("Exchanging authorization code for tokens...");
+			return await this.exchangeToken(code, state, redirectUri);
+		} finally {
+			server.stop();
+		}
+	}
+	/**
+	 * Start callback server, trying preferred port first, falling back to random.
+	 */
+	async #startCallbackServer(expectedState: string): Promise<{ server: Bun.Server<unknown>; redirectUri: string }> {
+		try {
+			const server = this.#createServer(this.preferredPort, expectedState);
+			if (this.redirectUri) {
+				return { server, redirectUri: this.redirectUri };
+			}
+			const redirectUri = `http://${this.callbackHostname}:${this.preferredPort}${this.callbackPath}`;
+			return { server, redirectUri };
+		} catch {
+			if (this.redirectUri) {
+				throw new Error(
+					`OAuth callback port ${this.preferredPort} unavailable; cannot fall back to a random port when oauth.redirectUri is set`,
+				);
+			}
+			const server = this.#createServer(0, expectedState);
+			const actualPort = server.port;
+			const redirectUri = `http://${this.callbackHostname}:${actualPort}${this.callbackPath}`;
+			this.ctrl.onProgress?.(`Preferred port ${this.preferredPort} unavailable, using port ${actualPort}`);
+			return { server, redirectUri };
+		}
+	}
+	/**
+	 * Create HTTP server for OAuth callback.
+	 */
+	#createServer(port: number, expectedState: string): Bun.Server<unknown> {
+		return Bun.serve({
+			hostname: this.callbackHostname,
+			port,
+			reusePort: false,
+			fetch: req => this.#handleCallback(req, expectedState),
+		});
+	}
+	/**
+	 * Handle OAuth callback HTTP request.
+	 */
+	#handleCallback(req: Request, expectedState: string): Response {
+		const url = new URL(req.url);
+		if (url.pathname !== this.callbackPath) {
+			return new Response("Not Found", { status: 404 });
+		}
+		const code = url.searchParams.get("code");
+		const state = url.searchParams.get("state") || "";
+		const error = url.searchParams.get("error") || "";
+		const errorDescription = url.searchParams.get("error_description") || error;
+		type OkState = { ok: true; code: string; state: string };
+		type ErrorState = { ok?: false; error?: string };
+		let resultState: OkState | ErrorState;
+		if (error) {
+			resultState = { ok: false, error: `Authorization failed: ${errorDescription}` };
+		} else if (!code) {
+			resultState = { ok: false, error: "Missing authorization code" };
+		} else if (expectedState && state !== expectedState) {
+			resultState = { ok: false, error: "State mismatch - possible CSRF attack" };
+		} else {
+			resultState = { ok: true, code, state };
+		}
+		// Signal to waitForCallback - capture refs before they could be cleared
+		const resolve = this.#callbackResolve;
+		const reject = this.#callbackReject;
+		queueMicrotask(() => {
+			if (resultState.ok) {
+				resolve?.({ code: resultState.code, state: resultState.state });
+			} else {
+				reject?.(resultState.error ?? "Unknown error");
+			}
+		});
+		return new Response(
+			(templateHtml as unknown as string).replaceAll("__OAUTH_STATE__", JSON.stringify(resultState)),
+			{
+				status: resultState.ok ? 200 : 500,
+				headers: { "Content-Type": "text/html" },
+			},
+		);
+	}
+	/**
+	 * Wait for OAuth callback or manual input (whichever comes first).
+	 */
+	#waitForCallback(expectedState: string): Promise<CallbackResult> {
+		const timeoutSignal = AbortSignal.timeout(DEFAULT_TIMEOUT);
+		const signal = this.ctrl.signal ? AbortSignal.any([this.ctrl.signal, timeoutSignal]) : timeoutSignal;
+		const callbackPromise = new Promise<CallbackResult>((resolve, reject) => {
+			this.#callbackResolve = resolve;
+			this.#callbackReject = reject;
+			signal.addEventListener("abort", () => {
+				this.#callbackResolve = undefined;
+				this.#callbackReject = undefined;
+				reject(new Error(`OAuth callback cancelled: ${signal.reason}`));
+			});
+		});
+		// Manual input race (if supported)
+		if (this.ctrl.onManualCodeInput) {
+			const requestManualInput = this.ctrl.onManualCodeInput;
+			const manualPromise = (async (): Promise<CallbackResult> => {
+				while (true) {
+					const result = await Promise.race([
+						callbackPromise,
+						requestManualInput()
+							.then((input): CallbackResult | null => {
+								const parsed = parseCallbackInput(input);
+								if (!parsed.code) return null;
+								if (expectedState && parsed.state && parsed.state !== expectedState) return null;
+								return { code: parsed.code, state: parsed.state ?? "" };
+							})
+							.catch((): CallbackResult | null => null),
+					]);
+					if (result) return result;
+				}
+			})();
+			return Promise.race([callbackPromise, manualPromise]);
+		}
+		return callbackPromise;
+	}
+}
+/**
+ * Parse a redirect URL or code string to extract code and state.
+ */
+export function parseCallbackInput(input: string): { code?: string; state?: string } {
+	const value = input.trim();
+	if (!value) return {};
+	try {
+		const url = new URL(value);
+		return {
+			code: url.searchParams.get("code") ?? undefined,
+			state: url.searchParams.get("state") ?? undefined,
+		};
+	} catch {
+		// Not a URL - check for query string format
+	}
+	if (value.includes("code=")) {
+		const params = new URLSearchParams(value.replace(/^[?#]/, ""));
+		return {
+			code: params.get("code") ?? undefined,
+			state: params.get("state") ?? undefined,
+		};
+	}
+	// Assume raw code, possibly with state after #
+	const [code, state] = value.split("#", 2);
+	return { code, state };
+}

package/src/utils/oauth/cerebras.ts ADDED Viewed

@@ -0,0 +1,16 @@
+/** Cerebras login flow (API key paste against https://api.cerebras.ai/v1). */
+import { createApiKeyLogin } from "./api-key-login";
+export const loginCerebras = createApiKeyLogin({
+	providerLabel: "Cerebras",
+	authUrl: "https://cloud.cerebras.ai/platform/",
+	instructions: "Copy your API key from the Cerebras dashboard",
+	promptMessage: "Paste your Cerebras API key",
+	placeholder: "csk-...",
+	validation: {
+		kind: "chat-completions",
+		provider: "Cerebras",
+		baseUrl: "https://api.cerebras.ai/v1",
+		model: "gpt-oss-120b",
+	},
+});

package/src/utils/oauth/cloudflare-ai-gateway.ts ADDED Viewed

@@ -0,0 +1,48 @@
+/**
+ * Cloudflare AI Gateway login flow.
+ *
+ * Cloudflare AI Gateway proxies upstream model providers.
+ *
+ * This is not OAuth - it's a simple API key flow:
+ * 1. Open Cloudflare AI Gateway docs/dashboard
+ * 2. User copies their Cloudflare AI Gateway token/API key
+ * 3. User pastes the API key into the CLI
+ */
+import type { OAuthController } from "./types";
+const AUTH_URL = "https://developers.cloudflare.com/ai-gateway/configuration/authentication/";
+/**
+ * Login to Cloudflare AI Gateway.
+ *
+ * Opens browser to Cloudflare AI Gateway authentication docs and prompts for a gateway token/API key.
+ * Returns the API key directly (not OAuthCredentials - this isn't OAuth).
+ */
+export async function loginCloudflareAiGateway(options: OAuthController): Promise<string> {
+	if (!options.onPrompt) {
+		throw new Error("Cloudflare AI Gateway login requires onPrompt callback");
+	}
+	options.onAuth?.({
+		url: AUTH_URL,
+		instructions:
+			"Copy your Cloudflare AI Gateway token/API key. Configure account/gateway base URL in models config.",
+	});
+	const apiKey = await options.onPrompt({
+		message: "Paste your Cloudflare AI Gateway token/API key",
+		placeholder: "cf-aig-...",
+	});
+	if (options.signal?.aborted) {
+		throw new Error("Login cancelled");
+	}
+	const trimmed = apiKey.trim();
+	if (!trimmed) {
+		throw new Error("API key is required");
+	}
+	return trimmed;
+}

package/src/utils/oauth/cursor.ts ADDED Viewed

@@ -0,0 +1,157 @@
+import { generatePKCE } from "./pkce";
+import type { OAuthCredentials } from "./types";
+const CURSOR_LOGIN_URL = "https://cursor.com/loginDeepControl";
+const CURSOR_POLL_URL = "https://api2.cursor.sh/auth/poll";
+const CURSOR_REFRESH_URL = "https://api2.cursor.sh/auth/exchange_user_api_key";
+const POLL_MAX_ATTEMPTS = 150;
+const POLL_BASE_DELAY = 1000;
+const POLL_MAX_DELAY = 10000;
+const POLL_BACKOFF_MULTIPLIER = 1.2;
+export interface CursorAuthParams {
+	verifier: string;
+	challenge: string;
+	uuid: string;
+	loginUrl: string;
+}
+export async function generateCursorAuthParams(): Promise<CursorAuthParams> {
+	const { verifier, challenge } = await generatePKCE();
+	const uuid = crypto.randomUUID();
+	const params = new URLSearchParams({
+		challenge,
+		uuid,
+		mode: "login",
+		redirectTarget: "cli",
+	});
+	const loginUrl = `${CURSOR_LOGIN_URL}?${params.toString()}`;
+	return { verifier, challenge, uuid, loginUrl };
+}
+export async function pollCursorAuth(
+	uuid: string,
+	verifier: string,
+): Promise<{ accessToken: string; refreshToken: string }> {
+	let delay = POLL_BASE_DELAY;
+	let consecutiveErrors = 0;
+	for (let attempt = 0; attempt < POLL_MAX_ATTEMPTS; attempt++) {
+		await Bun.sleep(delay);
+		try {
+			const response = await fetch(`${CURSOR_POLL_URL}?uuid=${uuid}&verifier=${verifier}`);
+			if (response.status === 404) {
+				consecutiveErrors = 0;
+				delay = Math.min(delay * POLL_BACKOFF_MULTIPLIER, POLL_MAX_DELAY);
+				continue;
+			}
+			if (response.ok) {
+				const data = (await response.json()) as {
+					accessToken: string;
+					refreshToken: string;
+				};
+				return {
+					accessToken: data.accessToken,
+					refreshToken: data.refreshToken,
+				};
+			}
+			throw new Error(`Poll failed: ${response.status}`);
+		} catch {
+			consecutiveErrors++;
+			if (consecutiveErrors >= 3) {
+				throw new Error("Too many consecutive errors during Cursor auth polling");
+			}
+		}
+	}
+	throw new Error("Cursor authentication polling timeout");
+}
+export async function loginCursor(
+	onAuthUrl: (url: string) => void,
+	onPollStart?: () => void,
+): Promise<OAuthCredentials> {
+	const { verifier, uuid, loginUrl } = await generateCursorAuthParams();
+	onAuthUrl(loginUrl);
+	onPollStart?.();
+	const { accessToken, refreshToken } = await pollCursorAuth(uuid, verifier);
+	const expiresAt = getTokenExpiry(accessToken);
+	return {
+		access: accessToken,
+		refresh: refreshToken,
+		expires: expiresAt,
+	};
+}
+export async function refreshCursorToken(apiKeyOrRefreshToken: string): Promise<OAuthCredentials> {
+	const response = await fetch(CURSOR_REFRESH_URL, {
+		method: "POST",
+		headers: {
+			Authorization: `Bearer ${apiKeyOrRefreshToken}`,
+			"Content-Type": "application/json",
+		},
+		body: "{}",
+	});
+	if (!response.ok) {
+		const error = await response.text();
+		throw new Error(`Cursor token refresh failed: ${error}`);
+	}
+	const data = (await response.json()) as {
+		accessToken: string;
+		refreshToken: string;
+	};
+	const expiresAt = getTokenExpiry(data.accessToken);
+	return {
+		access: data.accessToken,
+		refresh: data.refreshToken || apiKeyOrRefreshToken,
+		expires: expiresAt,
+	};
+}
+function getTokenExpiry(token: string): number {
+	try {
+		const parts = token.split(".");
+		if (parts.length !== 3) {
+			return Date.now() + 3600 * 1000;
+		}
+		const payload = parts[1];
+		if (!payload) {
+			return Date.now() + 3600 * 1000;
+		}
+		const decoded = JSON.parse(atob(payload.replace(/-/g, "+").replace(/_/g, "/")));
+		if (decoded && typeof decoded === "object" && typeof decoded.exp === "number") {
+			return decoded.exp * 1000 - 5 * 60 * 1000;
+		}
+	} catch {
+		// Ignore parsing errors
+	}
+	return Date.now() + 3600 * 1000;
+}
+export function isCursorTokenExpiringSoon(token: string, thresholdSeconds = 300): boolean {
+	try {
+		const [, payload] = token.split(".");
+		if (!payload) return true;
+		const decoded = JSON.parse(atob(payload.replace(/-/g, "+").replace(/_/g, "/")));
+		const currentTime = Math.floor(Date.now() / 1000);
+		return decoded.exp - currentTime < thresholdSeconds;
+	} catch {
+		return true;
+	}
+}

package/src/utils/oauth/deepseek.ts ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * DeepSeek login flow (API key paste against https://api.deepseek.com).
+ *
+ * Validation hits `GET /v1/models` so it authenticates the key without
+ * depending on a specific model being enabled on the account. The previous
+ * implementation issued a chat-completion against `deepseek-v4-pro`, which
+ * 404s for accounts without that preview model even when the key is valid.
+ */
+import { createApiKeyLogin } from "./api-key-login";
+import type { OAuthController, OAuthPrompt } from "./types";
+const innerLogin = createApiKeyLogin({
+	providerLabel: "DeepSeek",
+	authUrl: "https://platform.deepseek.com/api_keys",
+	instructions: "Create or copy your API key from the DeepSeek dashboard",
+	promptMessage: "Paste your DeepSeek API key",
+	placeholder: "sk-...",
+	validation: {
+		kind: "models-endpoint",
+		provider: "deepseek",
+		modelsUrl: "https://api.deepseek.com/v1/models",
+	},
+});
+/**
+ * Normalize a pasted DeepSeek API key.
+ *
+ * Users frequently copy keys out of `curl` snippets that include the
+ * `Authorization: Bearer …` prefix. Strip it so validation does not fail
+ * with a confusing 401, and reject obviously empty input early.
+ */
+export function normalizeDeepSeekApiKey(raw: string): string {
+	const trimmed = raw.trim();
+	if (!trimmed) {
+		return trimmed; // let the shared factory throw the canonical "API key is required"
+	}
+	const stripped = trimmed.replace(/^bearer\b\s*/i, "");
+	if (!stripped) {
+		throw new Error("DeepSeek API key is empty after stripping Bearer prefix");
+	}
+	return stripped;
+}
+export const loginDeepSeek = async (options: OAuthController): Promise<string> => {
+	const userOnPrompt = options.onPrompt;
+	const wrapped: OAuthController = userOnPrompt
+		? {
+				...options,
+				onPrompt: async (prompt: OAuthPrompt) => normalizeDeepSeekApiKey(await userOnPrompt(prompt)),
+			}
+		: options;
+	return innerLogin(wrapped);
+};

package/src/utils/oauth/firepass.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * Fire Pass login flow.
+ *
+ * Fire Pass is a Fireworks subscription product whose dedicated `fpk_…` API
+ * keys are scoped to the `accounts/fireworks/routers/kimi-k2p6-turbo` router
+ * (Kimi K2.6 Turbo). The key does NOT authorize `/v1/models`, so validation
+ * pings the chat completions endpoint with the router id directly.
+ * See https://docs.fireworks.ai/firepass.
+ */
+import { createApiKeyLogin } from "./api-key-login";
+export const loginFirepass = createApiKeyLogin({
+	providerLabel: "Fire Pass",
+	authUrl: "https://app.fireworks.ai/settings/users/api-keys",
+	instructions: "Create a dedicated Fire Pass API key in the Fireworks dashboard",
+	promptMessage: "Paste your Fire Pass API key",
+	placeholder: "fpk_...",
+	validation: {
+		kind: "chat-completions",
+		provider: "Fire Pass",
+		baseUrl: "https://api.fireworks.ai/inference/v1",
+		model: "accounts/fireworks/routers/kimi-k2p6-turbo",
+	},
+});

package/src/utils/oauth/fireworks.ts ADDED Viewed

@@ -0,0 +1,15 @@
+/** Fireworks login flow (API key paste against https://api.fireworks.ai/inference/v1). */
+import { createApiKeyLogin } from "./api-key-login";
+export const loginFireworks = createApiKeyLogin({
+	providerLabel: "Fireworks",
+	authUrl: "https://app.fireworks.ai/settings/users/api-keys",
+	instructions: "Create or copy your Fireworks API key",
+	promptMessage: "Paste your Fireworks API key",
+	placeholder: "fw_...",
+	validation: {
+		kind: "models-endpoint",
+		provider: "Fireworks",
+		modelsUrl: "https://api.fireworks.ai/inference/v1/models",
+	},
+});