npm - @gajae-code/ai - Versions diffs - 0.1.1 - Mend

@gajae-code/ai 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (349) hide show

package/CHANGELOG.md +2644 -0
package/README.md +1181 -0
package/dist/types/api-registry.d.ts +30 -0
package/dist/types/auth-broker/client.d.ts +66 -0
package/dist/types/auth-broker/index.d.ts +5 -0
package/dist/types/auth-broker/refresher.d.ts +25 -0
package/dist/types/auth-broker/remote-store.d.ts +96 -0
package/dist/types/auth-broker/server.d.ts +32 -0
package/dist/types/auth-broker/types.d.ts +105 -0
package/dist/types/auth-broker/wire-schemas.d.ts +412 -0
package/dist/types/auth-gateway/http.d.ts +39 -0
package/dist/types/auth-gateway/index.d.ts +3 -0
package/dist/types/auth-gateway/server.d.ts +17 -0
package/dist/types/auth-gateway/types.d.ts +115 -0
package/dist/types/auth-storage.d.ts +641 -0
package/dist/types/cli.d.ts +2 -0
package/dist/types/index.d.ts +49 -0
package/dist/types/model-cache.d.ts +17 -0
package/dist/types/model-manager.d.ts +62 -0
package/dist/types/model-thinking.d.ts +71 -0
package/dist/types/models.d.ts +12 -0
package/dist/types/provider-details.d.ts +24 -0
package/dist/types/provider-models/bundled-references.d.ts +4 -0
package/dist/types/provider-models/descriptors.d.ts +48 -0
package/dist/types/provider-models/google.d.ts +20 -0
package/dist/types/provider-models/index.d.ts +5 -0
package/dist/types/provider-models/ollama.d.ts +7 -0
package/dist/types/provider-models/openai-compat.d.ts +237 -0
package/dist/types/provider-models/special.d.ts +16 -0
package/dist/types/providers/amazon-bedrock.d.ts +36 -0
package/dist/types/providers/anthropic-messages-server-schema.d.ts +450 -0
package/dist/types/providers/anthropic-messages-server.d.ts +17 -0
package/dist/types/providers/anthropic.d.ts +188 -0
package/dist/types/providers/aws-credentials.d.ts +43 -0
package/dist/types/providers/aws-eventstream.d.ts +38 -0
package/dist/types/providers/aws-sigv4.d.ts +55 -0
package/dist/types/providers/azure-openai-responses.d.ts +15 -0
package/dist/types/providers/cursor/gen/agent_pb.d.ts +13022 -0
package/dist/types/providers/cursor.d.ts +42 -0
package/dist/types/providers/error-message.d.ts +27 -0
package/dist/types/providers/github-copilot-headers.d.ts +40 -0
package/dist/types/providers/gitlab-duo.d.ts +27 -0
package/dist/types/providers/google-auth.d.ts +24 -0
package/dist/types/providers/google-gemini-cli.d.ts +72 -0
package/dist/types/providers/google-gemini-headers.d.ts +18 -0
package/dist/types/providers/google-shared.d.ts +163 -0
package/dist/types/providers/google-types.d.ts +138 -0
package/dist/types/providers/google-vertex.d.ts +7 -0
package/dist/types/providers/google.d.ts +4 -0
package/dist/types/providers/grammar.d.ts +1 -0
package/dist/types/providers/kimi.d.ts +27 -0
package/dist/types/providers/mock.d.ts +175 -0
package/dist/types/providers/ollama.d.ts +6 -0
package/dist/types/providers/openai-anthropic-shim.d.ts +31 -0
package/dist/types/providers/openai-chat-server-schema.d.ts +814 -0
package/dist/types/providers/openai-chat-server.d.ts +16 -0
package/dist/types/providers/openai-codex/constants.d.ts +26 -0
package/dist/types/providers/openai-codex/request-transformer.d.ts +49 -0
package/dist/types/providers/openai-codex/response-handler.d.ts +17 -0
package/dist/types/providers/openai-codex-responses.d.ts +67 -0
package/dist/types/providers/openai-completions-compat.d.ts +25 -0
package/dist/types/providers/openai-completions.d.ts +33 -0
package/dist/types/providers/openai-responses-server-schema.d.ts +392 -0
package/dist/types/providers/openai-responses-server.d.ts +17 -0
package/dist/types/providers/openai-responses-shared.d.ts +89 -0
package/dist/types/providers/openai-responses.d.ts +32 -0
package/dist/types/providers/pi-native-client.d.ts +13 -0
package/dist/types/providers/pi-native-server.d.ts +68 -0
package/dist/types/providers/register-builtins.d.ts +31 -0
package/dist/types/providers/synthetic.d.ts +26 -0
package/dist/types/providers/transform-messages.d.ts +12 -0
package/dist/types/providers/vision-guard.d.ts +8 -0
package/dist/types/rate-limit-utils.d.ts +19 -0
package/dist/types/stream.d.ts +24 -0
package/dist/types/types.d.ts +746 -0
package/dist/types/usage/claude.d.ts +3 -0
package/dist/types/usage/gemini.d.ts +2 -0
package/dist/types/usage/github-copilot.d.ts +7 -0
package/dist/types/usage/google-antigravity.d.ts +2 -0
package/dist/types/usage/kimi.d.ts +2 -0
package/dist/types/usage/minimax-code.d.ts +2 -0
package/dist/types/usage/openai-codex.d.ts +3 -0
package/dist/types/usage/shared.d.ts +1 -0
package/dist/types/usage/zai.d.ts +2 -0
package/dist/types/usage.d.ts +258 -0
package/dist/types/utils/abort.d.ts +19 -0
package/dist/types/utils/anthropic-auth.d.ts +31 -0
package/dist/types/utils/discovery/antigravity.d.ts +61 -0
package/dist/types/utils/discovery/codex.d.ts +38 -0
package/dist/types/utils/discovery/cursor.d.ts +23 -0
package/dist/types/utils/discovery/gemini.d.ts +25 -0
package/dist/types/utils/discovery/index.d.ts +4 -0
package/dist/types/utils/discovery/openai-compatible.d.ts +72 -0
package/dist/types/utils/event-stream.d.ts +28 -0
package/dist/types/utils/fireworks-model-id.d.ts +10 -0
package/dist/types/utils/foundry.d.ts +1 -0
package/dist/types/utils/h2-fetch.d.ts +22 -0
package/dist/types/utils/http-inspector.d.ts +31 -0
package/dist/types/utils/idle-iterator.d.ts +67 -0
package/dist/types/utils/json-parse.d.ts +10 -0
package/dist/types/utils/oauth/alibaba-coding-plan.d.ts +18 -0
package/dist/types/utils/oauth/anthropic.d.ts +22 -0
package/dist/types/utils/oauth/api-key-login.d.ts +35 -0
package/dist/types/utils/oauth/api-key-validation.d.ts +27 -0
package/dist/types/utils/oauth/callback-server.d.ts +57 -0
package/dist/types/utils/oauth/cerebras.d.ts +1 -0
package/dist/types/utils/oauth/cloudflare-ai-gateway.d.ts +18 -0
package/dist/types/utils/oauth/cursor.d.ts +15 -0
package/dist/types/utils/oauth/deepseek.d.ts +10 -0
package/dist/types/utils/oauth/firepass.d.ts +1 -0
package/dist/types/utils/oauth/fireworks.d.ts +1 -0
package/dist/types/utils/oauth/github-copilot.d.ts +38 -0
package/dist/types/utils/oauth/gitlab-duo.d.ts +3 -0
package/dist/types/utils/oauth/google-antigravity.d.ts +11 -0
package/dist/types/utils/oauth/google-gemini-cli.d.ts +10 -0
package/dist/types/utils/oauth/google-oauth-shared.d.ts +28 -0
package/dist/types/utils/oauth/huggingface.d.ts +19 -0
package/dist/types/utils/oauth/index.d.ts +38 -0
package/dist/types/utils/oauth/kagi.d.ts +17 -0
package/dist/types/utils/oauth/kilo.d.ts +5 -0
package/dist/types/utils/oauth/kimi.d.ts +21 -0
package/dist/types/utils/oauth/litellm.d.ts +18 -0
package/dist/types/utils/oauth/lm-studio.d.ts +17 -0
package/dist/types/utils/oauth/minimax-code.d.ts +28 -0
package/dist/types/utils/oauth/moonshot.d.ts +1 -0
package/dist/types/utils/oauth/nanogpt.d.ts +1 -0
package/dist/types/utils/oauth/nvidia.d.ts +18 -0
package/dist/types/utils/oauth/ollama-cloud.d.ts +2 -0
package/dist/types/utils/oauth/ollama.d.ts +18 -0
package/dist/types/utils/oauth/openai-codex.d.ts +21 -0
package/dist/types/utils/oauth/opencode.d.ts +18 -0
package/dist/types/utils/oauth/parallel.d.ts +17 -0
package/dist/types/utils/oauth/perplexity.d.ts +9 -0
package/dist/types/utils/oauth/pkce.d.ts +8 -0
package/dist/types/utils/oauth/qianfan.d.ts +17 -0
package/dist/types/utils/oauth/qwen-portal.d.ts +19 -0
package/dist/types/utils/oauth/synthetic.d.ts +1 -0
package/dist/types/utils/oauth/tavily.d.ts +17 -0
package/dist/types/utils/oauth/together.d.ts +1 -0
package/dist/types/utils/oauth/types.d.ts +44 -0
package/dist/types/utils/oauth/venice.d.ts +18 -0
package/dist/types/utils/oauth/vercel-ai-gateway.d.ts +18 -0
package/dist/types/utils/oauth/vllm.d.ts +16 -0
package/dist/types/utils/oauth/xiaomi.d.ts +19 -0
package/dist/types/utils/oauth/zai.d.ts +18 -0
package/dist/types/utils/oauth/zenmux.d.ts +1 -0
package/dist/types/utils/overflow.d.ts +54 -0
package/dist/types/utils/parse-bind.d.ts +23 -0
package/dist/types/utils/provider-response.d.ts +3 -0
package/dist/types/utils/retry-after.d.ts +3 -0
package/dist/types/utils/retry.d.ts +26 -0
package/dist/types/utils/schema/adapt.d.ts +24 -0
package/dist/types/utils/schema/compatibility.d.ts +30 -0
package/dist/types/utils/schema/dereference.d.ts +11 -0
package/dist/types/utils/schema/draft.d.ts +10 -0
package/dist/types/utils/schema/equality.d.ts +4 -0
package/dist/types/utils/schema/fields.d.ts +49 -0
package/dist/types/utils/schema/index.d.ts +13 -0
package/dist/types/utils/schema/json-schema-validator.d.ts +12 -0
package/dist/types/utils/schema/meta-validator.d.ts +2 -0
package/dist/types/utils/schema/normalize.d.ts +93 -0
package/dist/types/utils/schema/spill.d.ts +8 -0
package/dist/types/utils/schema/stamps.d.ts +25 -0
package/dist/types/utils/schema/types.d.ts +4 -0
package/dist/types/utils/schema/wire.d.ts +54 -0
package/dist/types/utils/schema/zod-decontaminate.d.ts +31 -0
package/dist/types/utils/sse-debug.d.ts +10 -0
package/dist/types/utils/tool-call-healing.d.ts +71 -0
package/dist/types/utils/tool-choice.d.ts +50 -0
package/dist/types/utils/validation.d.ts +17 -0
package/dist/types/utils.d.ts +28 -0
package/package.json +146 -0
package/src/api-registry.ts +96 -0
package/src/auth-broker/client.ts +358 -0
package/src/auth-broker/index.ts +5 -0
package/src/auth-broker/refresher.ts +127 -0
package/src/auth-broker/remote-store.ts +623 -0
package/src/auth-broker/server.ts +644 -0
package/src/auth-broker/types.ts +127 -0
package/src/auth-broker/wire-schemas.ts +200 -0
package/src/auth-gateway/http.ts +194 -0
package/src/auth-gateway/index.ts +3 -0
package/src/auth-gateway/server.ts +717 -0
package/src/auth-gateway/types.ts +134 -0
package/src/auth-storage.ts +4104 -0
package/src/cli.ts +262 -0
package/src/index.ts +54 -0
package/src/model-cache.ts +129 -0
package/src/model-manager.ts +450 -0
package/src/model-thinking.ts +691 -0
package/src/models.json +73853 -0
package/src/models.json.d.ts +9 -0
package/src/models.ts +56 -0
package/src/prompts/turn-aborted-guidance.md +4 -0
package/src/provider-details.ts +90 -0
package/src/provider-models/bundled-references.ts +38 -0
package/src/provider-models/descriptors.ts +308 -0
package/src/provider-models/google.ts +91 -0
package/src/provider-models/index.ts +5 -0
package/src/provider-models/ollama.ts +153 -0
package/src/provider-models/openai-compat.ts +2275 -0
package/src/provider-models/special.ts +67 -0
package/src/providers/amazon-bedrock.ts +849 -0
package/src/providers/anthropic-messages-server-schema.ts +229 -0
package/src/providers/anthropic-messages-server.ts +677 -0
package/src/providers/anthropic.ts +2696 -0
package/src/providers/aws-credentials.ts +501 -0
package/src/providers/aws-eventstream.ts +185 -0
package/src/providers/aws-sigv4.ts +218 -0
package/src/providers/azure-openai-responses.ts +337 -0
package/src/providers/cursor/gen/agent_pb.ts +15274 -0
package/src/providers/cursor/proto/agent.proto +3526 -0
package/src/providers/cursor/proto/buf.gen.yaml +6 -0
package/src/providers/cursor/proto/buf.yaml +17 -0
package/src/providers/cursor.ts +2561 -0
package/src/providers/error-message.ts +21 -0
package/src/providers/github-copilot-headers.ts +140 -0
package/src/providers/gitlab-duo.ts +372 -0
package/src/providers/google-auth.ts +252 -0
package/src/providers/google-gemini-cli.ts +795 -0
package/src/providers/google-gemini-headers.ts +41 -0
package/src/providers/google-shared.ts +902 -0
package/src/providers/google-types.ts +167 -0
package/src/providers/google-vertex.ts +88 -0
package/src/providers/google.ts +41 -0
package/src/providers/grammar.ts +70 -0
package/src/providers/kimi.ts +52 -0
package/src/providers/mock.ts +500 -0
package/src/providers/ollama.ts +544 -0
package/src/providers/openai-anthropic-shim.ts +138 -0
package/src/providers/openai-chat-server-schema.ts +243 -0
package/src/providers/openai-chat-server.ts +628 -0
package/src/providers/openai-codex/constants.ts +43 -0
package/src/providers/openai-codex/request-transformer.ts +161 -0
package/src/providers/openai-codex/response-handler.ts +81 -0
package/src/providers/openai-codex-responses.ts +2598 -0
package/src/providers/openai-completions-compat.ts +279 -0
package/src/providers/openai-completions.ts +1853 -0
package/src/providers/openai-responses-server-schema.ts +290 -0
package/src/providers/openai-responses-server.ts +1183 -0
package/src/providers/openai-responses-shared.ts +800 -0
package/src/providers/openai-responses.ts +621 -0
package/src/providers/pi-native-client.ts +228 -0
package/src/providers/pi-native-server.ts +210 -0
package/src/providers/register-builtins.ts +412 -0
package/src/providers/synthetic.ts +50 -0
package/src/providers/transform-messages.ts +309 -0
package/src/providers/vision-guard.ts +31 -0
package/src/rate-limit-utils.ts +84 -0
package/src/stream.ts +895 -0
package/src/types.ts +884 -0
package/src/usage/claude.ts +431 -0
package/src/usage/gemini.ts +250 -0
package/src/usage/github-copilot.ts +421 -0
package/src/usage/google-antigravity.ts +201 -0
package/src/usage/kimi.ts +271 -0
package/src/usage/minimax-code.ts +31 -0
package/src/usage/openai-codex.ts +503 -0
package/src/usage/shared.ts +10 -0
package/src/usage/zai.ts +247 -0
package/src/usage.ts +183 -0
package/src/utils/abort.ts +51 -0
package/src/utils/anthropic-auth.ts +87 -0
package/src/utils/discovery/antigravity.ts +261 -0
package/src/utils/discovery/codex.ts +371 -0
package/src/utils/discovery/cursor.ts +306 -0
package/src/utils/discovery/gemini.ts +248 -0
package/src/utils/discovery/index.ts +4 -0
package/src/utils/discovery/openai-compatible.ts +224 -0
package/src/utils/event-stream.ts +142 -0
package/src/utils/fireworks-model-id.ts +30 -0
package/src/utils/foundry.ts +8 -0
package/src/utils/h2-fetch.ts +60 -0
package/src/utils/http-inspector.ts +176 -0
package/src/utils/idle-iterator.ts +250 -0
package/src/utils/json-parse.ts +148 -0
package/src/utils/oauth/alibaba-coding-plan.ts +59 -0
package/src/utils/oauth/anthropic.ts +200 -0
package/src/utils/oauth/api-key-login.ts +87 -0
package/src/utils/oauth/api-key-validation.ts +92 -0
package/src/utils/oauth/callback-server.ts +276 -0
package/src/utils/oauth/cerebras.ts +16 -0
package/src/utils/oauth/cloudflare-ai-gateway.ts +48 -0
package/src/utils/oauth/cursor.ts +157 -0
package/src/utils/oauth/deepseek.ts +53 -0
package/src/utils/oauth/firepass.ts +24 -0
package/src/utils/oauth/fireworks.ts +15 -0
package/src/utils/oauth/github-copilot.ts +362 -0
package/src/utils/oauth/gitlab-duo.ts +123 -0
package/src/utils/oauth/google-antigravity.ts +200 -0
package/src/utils/oauth/google-gemini-cli.ts +256 -0
package/src/utils/oauth/google-oauth-shared.ts +110 -0
package/src/utils/oauth/huggingface.ts +62 -0
package/src/utils/oauth/index.ts +444 -0
package/src/utils/oauth/kagi.ts +47 -0
package/src/utils/oauth/kilo.ts +87 -0
package/src/utils/oauth/kimi.ts +254 -0
package/src/utils/oauth/litellm.ts +47 -0
package/src/utils/oauth/lm-studio.ts +38 -0
package/src/utils/oauth/minimax-code.ts +78 -0
package/src/utils/oauth/moonshot.ts +16 -0
package/src/utils/oauth/nanogpt.ts +15 -0
package/src/utils/oauth/nvidia.ts +70 -0
package/src/utils/oauth/oauth.html +199 -0
package/src/utils/oauth/ollama-cloud.ts +28 -0
package/src/utils/oauth/ollama.ts +47 -0
package/src/utils/oauth/openai-codex.ts +299 -0
package/src/utils/oauth/opencode.ts +49 -0
package/src/utils/oauth/parallel.ts +46 -0
package/src/utils/oauth/perplexity.ts +206 -0
package/src/utils/oauth/pkce.ts +18 -0
package/src/utils/oauth/qianfan.ts +58 -0
package/src/utils/oauth/qwen-portal.ts +60 -0
package/src/utils/oauth/synthetic.ts +16 -0
package/src/utils/oauth/tavily.ts +46 -0
package/src/utils/oauth/together.ts +16 -0
package/src/utils/oauth/types.ts +94 -0
package/src/utils/oauth/venice.ts +59 -0
package/src/utils/oauth/vercel-ai-gateway.ts +47 -0
package/src/utils/oauth/vllm.ts +40 -0
package/src/utils/oauth/xiaomi.ts +137 -0
package/src/utils/oauth/zai.ts +60 -0
package/src/utils/oauth/zenmux.ts +15 -0
package/src/utils/overflow.ts +137 -0
package/src/utils/parse-bind.ts +54 -0
package/src/utils/provider-response.ts +30 -0
package/src/utils/retry-after.ts +110 -0
package/src/utils/retry.ts +54 -0
package/src/utils/schema/CONSTRAINTS.md +164 -0
package/src/utils/schema/adapt.ts +36 -0
package/src/utils/schema/compatibility.ts +435 -0
package/src/utils/schema/dereference.ts +98 -0
package/src/utils/schema/draft.ts +341 -0
package/src/utils/schema/equality.ts +97 -0
package/src/utils/schema/fields.ts +190 -0
package/src/utils/schema/index.ts +13 -0
package/src/utils/schema/json-schema-validator.ts +577 -0
package/src/utils/schema/meta-validator.ts +167 -0
package/src/utils/schema/normalize.ts +1588 -0
package/src/utils/schema/spill.ts +43 -0
package/src/utils/schema/stamps.ts +97 -0
package/src/utils/schema/types.ts +11 -0
package/src/utils/schema/wire.ts +213 -0
package/src/utils/schema/zod-decontaminate.ts +331 -0
package/src/utils/sse-debug.ts +289 -0
package/src/utils/tool-call-healing.ts +271 -0
package/src/utils/tool-choice.ts +99 -0
package/src/utils/validation.ts +1019 -0
package/src/utils.ts +166 -0

package/dist/types/api-registry.d.ts ADDED Viewed

@@ -0,0 +1,30 @@
+/**
+ * Custom API provider registry.
+ *
+ * Allows extensions to register streaming functions for custom API types
+ * (e.g., "vertex-Anthropic model-api") that are not built into stream.ts.
+ */
+import type { Api, AssistantMessageEventStream, Context, Model, SimpleStreamOptions, StreamOptions } from "./types";
+export type CustomStreamFn = (model: Model<Api>, context: Context, options?: StreamOptions) => AssistantMessageEventStream;
+export type CustomStreamSimpleFn = (model: Model<Api>, context: Context, options?: SimpleStreamOptions) => AssistantMessageEventStream;
+export interface RegisteredCustomApi {
+    stream: CustomStreamFn;
+    streamSimple: CustomStreamSimpleFn;
+    sourceId?: string;
+}
+/**
+ * Register a custom API streaming function.
+ */
+export declare function registerCustomApi(api: string, streamSimple: CustomStreamSimpleFn, sourceId?: string, stream?: CustomStreamFn): void;
+/**
+ * Get a custom API provider by API identifier.
+ */
+export declare function getCustomApi(api: string): RegisteredCustomApi | undefined;
+/**
+ * Remove all custom APIs registered by a specific source (e.g., extension path).
+ */
+export declare function unregisterCustomApis(sourceId: string): void;
+/**
+ * Clear all custom API registrations.
+ */
+export declare function clearCustomApis(): void;

package/dist/types/auth-broker/client.d.ts ADDED Viewed

@@ -0,0 +1,66 @@
+import type { AuthCredential } from "../auth-storage";
+import type { CredentialDisableResponse, CredentialRefreshResponse, CredentialUploadResponse, HealthzResponse, SnapshotResponse, SnapshotStreamEvent, UsageResponse } from "./types";
+export interface AuthBrokerClientOptions {
+    /** Base URL (e.g. `https://broker.tailnet:8765`). Trailing slashes are trimmed. */
+    url: string;
+    /** Bearer token used for everything except `healthz`. */
+    token: string;
+    /** Per-request timeout in milliseconds. Default 10s. */
+    timeoutMs?: number;
+    /** Retry connection errors this many times. Default 1. */
+    maxRetries?: number;
+    /** Override fetch (used in tests). Default global `fetch`. */
+    fetchImpl?: typeof fetch;
+}
+export declare class AuthBrokerError extends Error {
+    readonly status: number | undefined;
+    readonly body: string | undefined;
+    constructor(message: string, opts?: {
+        status?: number;
+        body?: string;
+        cause?: unknown;
+    });
+}
+/**
+ * Thrown when a broker responds 404 to `GET /v1/snapshot/stream` — old
+ * brokers that predate the SSE endpoint. Callers (`RemoteAuthCredentialStore`)
+ * detect this sentinel to fall back to long-polling permanently.
+ */
+export declare class AuthBrokerStreamUnsupportedError extends AuthBrokerError {
+    constructor(message?: string);
+}
+export interface FetchSnapshotOptions {
+    ifGenerationGt?: number;
+    waitMs?: number;
+    signal?: AbortSignal;
+}
+export type FetchSnapshotResult = {
+    status: 200;
+    snapshot: SnapshotResponse;
+    generation: number;
+} | {
+    status: 304;
+    generation: number;
+};
+export declare class AuthBrokerClient {
+    #private;
+    constructor(opts: AuthBrokerClientOptions);
+    healthz(signal?: AbortSignal): Promise<HealthzResponse>;
+    fetchSnapshot(opts?: FetchSnapshotOptions): Promise<FetchSnapshotResult>;
+    /**
+     * Subscribe to the broker's SSE snapshot stream. The first frame is always
+     * a full `snapshot`; subsequent frames are `entry` upserts / refreshes or
+     * `removed` deletes. Caller controls lifecycle via `opts.signal`.
+     *
+     * Throws {@link AuthBrokerStreamUnsupportedError} when the broker responds
+     * 404 — older brokers predate this endpoint and the caller should fall back
+     * to long-polling for the remainder of its lifetime.
+     */
+    openSnapshotStream(opts?: {
+        signal?: AbortSignal;
+    }): AsyncGenerator<SnapshotStreamEvent>;
+    fetchUsage(signal?: AbortSignal): Promise<UsageResponse>;
+    refreshCredential(id: number, signal?: AbortSignal): Promise<CredentialRefreshResponse>;
+    disableCredential(id: number, cause: string, signal?: AbortSignal): Promise<CredentialDisableResponse>;
+    uploadCredential(provider: string, credential: AuthCredential, signal?: AbortSignal): Promise<CredentialUploadResponse>;
+}

package/dist/types/auth-broker/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export * from "./client";
+export * from "./refresher";
+export * from "./remote-store";
+export * from "./server";
+export * from "./types";

package/dist/types/auth-broker/refresher.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+import type { AuthStorage } from "../auth-storage";
+export interface AuthBrokerRefresherOptions {
+    storage: AuthStorage;
+    /** Refresh credentials expiring within this window. Default 5 min. */
+    refreshSkewMs?: number;
+    /** Loop cadence. Default 60s. */
+    refreshIntervalMs?: number;
+    /** Override clock (tests). */
+    now?: () => number;
+}
+export interface AuthBrokerRefresherSchedule {
+    enabled: boolean;
+    intervalMs: number;
+    skewMs: number;
+    nextSweepAt: number;
+}
+export declare class AuthBrokerRefresher {
+    #private;
+    constructor(opts: AuthBrokerRefresherOptions);
+    start(): void;
+    stop(): void;
+    getSchedule(): AuthBrokerRefresherSchedule;
+    /** Run one sweep. Exposed for tests. */
+    tick(): Promise<void>;
+}

package/dist/types/auth-broker/remote-store.d.ts ADDED Viewed

@@ -0,0 +1,96 @@
+import { type AuthCredential, type AuthCredentialStore, type OAuthCredential, type StoredAuthCredential } from "../auth-storage";
+import type { Provider } from "../types";
+import type { UsageReport } from "../usage";
+import type { OAuthCredentials } from "../utils/oauth/types";
+import { type AuthBrokerClient } from "./client";
+import type { SnapshotResponse } from "./types";
+export interface RemoteAuthCredentialStoreOptions {
+    client: AuthBrokerClient;
+    /**
+     * Initial snapshot. When omitted, callers must call
+     * {@link RemoteAuthCredentialStore.refreshSnapshot} before the first read.
+     */
+    initialSnapshot?: SnapshotResponse;
+    /**
+     * Subscribe to the broker's SSE snapshot stream when available. Falls back
+     * to long-poll permanently when the broker returns 404. Default `true`.
+     */
+    streamSnapshots?: boolean;
+}
+export declare class RemoteAuthCredentialStore implements AuthCredentialStore {
+    #private;
+    constructor(opts: RemoteAuthCredentialStoreOptions);
+    get client(): AuthBrokerClient;
+    get snapshot(): SnapshotResponse;
+    /** Re-hydrate the in-memory snapshot from the broker. */
+    refreshSnapshot(): Promise<SnapshotResponse>;
+    listAuthCredentials(provider?: string): StoredAuthCredential[];
+    /**
+     * In-memory update from a successful refresh through the broker. AuthStorage
+     * calls this after `#replaceCredentialAt`; the broker already persisted the
+     * authoritative row, so we just mirror it.
+     */
+    updateAuthCredential(id: number, credential: AuthCredential): void;
+    deleteAuthCredential(id: number, disabledCause: string): void;
+    tryDisableAuthCredentialIfMatches(id: number, _expectedData: string, disabledCause: string): boolean;
+    waitForFreshSnapshot(maxWaitMs: number, opts?: {
+        signal?: AbortSignal;
+    }): Promise<boolean>;
+    prepareForRequest(credentialId: number, opts?: {
+        signal?: AbortSignal;
+    }): Promise<boolean>;
+    markCredentialSuspect(credentialId: number, opts?: {
+        signal?: AbortSignal;
+    }): Promise<void>;
+    replaceAuthCredentialsForProvider(_provider: string, _credentials: AuthCredential[]): StoredAuthCredential[];
+    upsertAuthCredentialForProvider(_provider: string, _credential: AuthCredential): StoredAuthCredential[];
+    deleteAuthCredentialsForProvider(_provider: string, _disabledCause: string): void;
+    /**
+     * Upsert a single credential through the broker. The broker server is the
+     * canonical writer — see `POST /v1/credential`. The redacted snapshot
+     * entries returned by the server replace the provider's rows in our local
+     * snapshot, and the global snapshot is then refreshed in the background so
+     * any concurrent peer (refresh, generation bump) stays in sync.
+     */
+    upsertAuthCredentialRemote(provider: string, credential: AuthCredential): Promise<StoredAuthCredential[]>;
+    /**
+     * Replace-all semantics: disable every active credential for the provider,
+     * then upload each of the new credentials. Used by API-key login so a new
+     * key clobbers any previously stored key for the same provider.
+     */
+    replaceAuthCredentialsRemote(provider: string, credentials: AuthCredential[]): Promise<StoredAuthCredential[]>;
+    /**
+     * Logout: disable every active credential for the provider on the broker,
+     * then drop them from the local snapshot. Refresh fetches the authoritative
+     * post-state in the background.
+     */
+    deleteAuthCredentialsRemote(provider: string, disabledCause: string): Promise<void>;
+    getCache(key: string): string | null;
+    setCache(key: string, value: string, expiresAtSec: number): void;
+    cleanExpiredCache(): void;
+    /**
+     * Store-level hook consumed by `AuthStorage` — routes refresh through the
+     * broker so the actual refresh token never leaves the broker host. Returns
+     * the broker-redacted credential with {@link REMOTE_REFRESH_SENTINEL} in
+     * the `refresh` slot.
+     */
+    refreshOAuthCredential(_provider: Provider, credentialId: number, _credential: OAuthCredential, signal?: AbortSignal): Promise<OAuthCredentials>;
+    /**
+     * Store-level hook consumed by `AuthStorage.fetchUsageReports()` — proxies
+     * to the broker's `/v1/usage` endpoint. The broker's egress IP isn't
+     * rate-limited by Anthropic's per-IP `/usage` cap the way a heavy
+     * residential laptop is, so all credentials surface every cycle.
+     */
+    fetchUsageReports(signal?: AbortSignal): Promise<UsageReport[] | null>;
+    /**
+     * Per-credential usage hook consumed by `AuthStorage.#getUsageReport`. Pulls
+     * the aggregate broker `/v1/usage` once and serves all callers from the
+     * same response (coalesced + cached), then matches the credential to a
+     * report by provider + identity (accountId / email / projectId).
+     *
+     * The broker already aggregates with its own 30s TTL on the server side; our
+     * 15s client TTL is below that so we usually re-use the broker's cache too.
+     */
+    getUsageReport(provider: Provider, credential: OAuthCredential, signal?: AbortSignal): Promise<UsageReport | null>;
+    close(): void;
+}

package/dist/types/auth-broker/server.d.ts ADDED Viewed

@@ -0,0 +1,32 @@
+import type { AuthStorage } from "../auth-storage";
+export interface AuthBrokerServerOptions {
+    /** Underlying credential storage (wraps the local SQLite store on the broker). */
+    storage: AuthStorage;
+    /** Listen address; accepts `host:port` or just `port`. */
+    bind?: string;
+    /** Accept any of these bearer tokens. Empty disables auth (loopback only). */
+    bearerTokens: string[];
+    /** Broker version string surfaced on `/v1/healthz`. */
+    version?: string;
+    /** Refresh credentials expiring within this window. Default 5 min. */
+    refreshSkewMs?: number;
+    /** Background refresh cadence. Default 60s. */
+    refreshIntervalMs?: number;
+    /** Disable the background refresher (e.g. for tests). */
+    disableRefresher?: boolean;
+    /**
+     * Override SSE keepalive cadence in milliseconds for `/v1/snapshot/stream`.
+     * Internal-only — tests use a short interval so they can assert heartbeats
+     * without long sleeps. Default {@link DEFAULT_STREAM_KEEPALIVE_MS}.
+     */
+    streamKeepaliveMs?: number;
+}
+export interface AuthBrokerServerHandle {
+    /** Bound URL (`http://host:port`). */
+    url: string;
+    port: number;
+    hostname: string;
+    close(): Promise<void>;
+}
+/** Boot the broker. Caller owns lifecycle; `handle.close()` to stop. */
+export declare function startAuthBroker(opts: AuthBrokerServerOptions): AuthBrokerServerHandle;

package/dist/types/auth-broker/types.d.ts ADDED Viewed

@@ -0,0 +1,105 @@
+/**
+ * Wire types shared between the auth-broker server and clients.
+ *
+ * The broker holds OAuth refresh tokens and exposes a redacted snapshot;
+ * clients use `access` tokens directly and call back to the broker when a
+ * credential expires or a 401 surfaces on a supposedly-fresh credential.
+ */
+import type { AuthCredential, AuthCredentialSnapshot, AuthCredentialSnapshotEntry } from "../auth-storage";
+import type { UsageReport } from "../usage";
+/** GET /v1/healthz response body. */
+export interface HealthzResponse {
+    ok: boolean;
+    version?: string;
+}
+export interface RefresherSchedule {
+    enabled: boolean;
+    intervalMs: number;
+    skewMs: number;
+    nextSweepInMs: number;
+}
+export type SnapshotEntry = AuthCredentialSnapshotEntry & {
+    rotatesInMs: number | null;
+};
+/** GET /v1/snapshot response body. */
+export interface SnapshotResponse extends Omit<AuthCredentialSnapshot, "credentials"> {
+    serverNowMs: number;
+    refresher: RefresherSchedule;
+    credentials: SnapshotEntry[];
+}
+/** GET /v1/usage response body — matches the local `AuthStorage.fetchUsageReports` shape. */
+export interface UsageResponse {
+    generatedAt: number;
+    reports: UsageReport[];
+}
+/** POST /v1/credential/:id/refresh response body. */
+export interface CredentialRefreshResponse {
+    entry: AuthCredentialSnapshotEntry;
+}
+/** POST /v1/credential/:id/disable request body. */
+export interface CredentialDisableRequest {
+    cause: string;
+}
+/** POST /v1/credential/:id/disable response body. */
+export interface CredentialDisableResponse {
+    ok: boolean;
+}
+/**
+ * POST /v1/credential request body. The OAuth `refresh` must be the *real*
+ * refresh token (not the sentinel) — the broker is the canonical writer.
+ */
+export interface CredentialUploadRequest {
+    provider: string;
+    credential: AuthCredential;
+}
+/** POST /v1/credential response body — redacted snapshot of the provider's rows after upsert. */
+export interface CredentialUploadResponse {
+    entries: AuthCredentialSnapshotEntry[];
+}
+/**
+ * SSE event kinds emitted on `GET /v1/snapshot/stream`. The same value is set
+ * as the SSE `event:` name (load-bearing for clients) **and** embedded as a
+ * `kind` field inside the JSON body so a Zod discriminated union can validate
+ * the payload without consulting the line metadata.
+ */
+export type SnapshotStreamEventKind = "snapshot" | "entry" | "removed";
+/** Initial frame emitted on connect — the full {@link SnapshotResponse}. */
+export interface SnapshotStreamSnapshotEvent extends SnapshotResponse {
+    kind: "snapshot";
+}
+/** Single credential added/changed (upsert or refresh). */
+export interface SnapshotStreamEntryEvent {
+    kind: "entry";
+    generation: number;
+    serverNowMs: number;
+    refresher: RefresherSchedule;
+    entry: SnapshotEntry;
+}
+/** Single credential disabled/deleted. */
+export interface SnapshotStreamRemovedEvent {
+    kind: "removed";
+    generation: number;
+    serverNowMs: number;
+    refresher: RefresherSchedule;
+    id: number;
+}
+/** Discriminated union of every event the snapshot stream emits. */
+export type SnapshotStreamEvent = SnapshotStreamSnapshotEvent | SnapshotStreamEntryEvent | SnapshotStreamRemovedEvent;
+/**
+ * Default bearer-protected route prefix. The broker exposes `/v1/healthz`
+ * unauthenticated for liveness probes; everything else requires a bearer.
+ */
+export declare const AUTH_BROKER_API_PREFIX = "/v1";
+/** Default port when none is configured. Loopback-only, no external exposure. */
+export declare const DEFAULT_AUTH_BROKER_BIND = "127.0.0.1:8765";
+/** Default broker→provider refresh skew. Refresh credentials this close to expiry. */
+export declare const DEFAULT_REFRESH_SKEW_MS: number;
+/** Default broker refresh-loop cadence. */
+export declare const DEFAULT_REFRESH_INTERVAL_MS = 60000;
+/** Keepalive cadence for `GET /v1/snapshot/stream` SSE comments. */
+export declare const DEFAULT_STREAM_KEEPALIVE_MS = 20000;
+/**
+ * Bun.serve `idleTimeout` (seconds) used by the broker. Default Bun idle
+ * timeout (10s) would close long-lived SSE connections between keepalives.
+ */
+export declare const DEFAULT_SERVER_IDLE_TIMEOUT_S = 255;