npm - @gajae-code/ai - Versions diffs - 0.1.1 - Mend

@gajae-code/ai 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (349) hide show

package/CHANGELOG.md +2644 -0
package/README.md +1181 -0
package/dist/types/api-registry.d.ts +30 -0
package/dist/types/auth-broker/client.d.ts +66 -0
package/dist/types/auth-broker/index.d.ts +5 -0
package/dist/types/auth-broker/refresher.d.ts +25 -0
package/dist/types/auth-broker/remote-store.d.ts +96 -0
package/dist/types/auth-broker/server.d.ts +32 -0
package/dist/types/auth-broker/types.d.ts +105 -0
package/dist/types/auth-broker/wire-schemas.d.ts +412 -0
package/dist/types/auth-gateway/http.d.ts +39 -0
package/dist/types/auth-gateway/index.d.ts +3 -0
package/dist/types/auth-gateway/server.d.ts +17 -0
package/dist/types/auth-gateway/types.d.ts +115 -0
package/dist/types/auth-storage.d.ts +641 -0
package/dist/types/cli.d.ts +2 -0
package/dist/types/index.d.ts +49 -0
package/dist/types/model-cache.d.ts +17 -0
package/dist/types/model-manager.d.ts +62 -0
package/dist/types/model-thinking.d.ts +71 -0
package/dist/types/models.d.ts +12 -0
package/dist/types/provider-details.d.ts +24 -0
package/dist/types/provider-models/bundled-references.d.ts +4 -0
package/dist/types/provider-models/descriptors.d.ts +48 -0
package/dist/types/provider-models/google.d.ts +20 -0
package/dist/types/provider-models/index.d.ts +5 -0
package/dist/types/provider-models/ollama.d.ts +7 -0
package/dist/types/provider-models/openai-compat.d.ts +237 -0
package/dist/types/provider-models/special.d.ts +16 -0
package/dist/types/providers/amazon-bedrock.d.ts +36 -0
package/dist/types/providers/anthropic-messages-server-schema.d.ts +450 -0
package/dist/types/providers/anthropic-messages-server.d.ts +17 -0
package/dist/types/providers/anthropic.d.ts +188 -0
package/dist/types/providers/aws-credentials.d.ts +43 -0
package/dist/types/providers/aws-eventstream.d.ts +38 -0
package/dist/types/providers/aws-sigv4.d.ts +55 -0
package/dist/types/providers/azure-openai-responses.d.ts +15 -0
package/dist/types/providers/cursor/gen/agent_pb.d.ts +13022 -0
package/dist/types/providers/cursor.d.ts +42 -0
package/dist/types/providers/error-message.d.ts +27 -0
package/dist/types/providers/github-copilot-headers.d.ts +40 -0
package/dist/types/providers/gitlab-duo.d.ts +27 -0
package/dist/types/providers/google-auth.d.ts +24 -0
package/dist/types/providers/google-gemini-cli.d.ts +72 -0
package/dist/types/providers/google-gemini-headers.d.ts +18 -0
package/dist/types/providers/google-shared.d.ts +163 -0
package/dist/types/providers/google-types.d.ts +138 -0
package/dist/types/providers/google-vertex.d.ts +7 -0
package/dist/types/providers/google.d.ts +4 -0
package/dist/types/providers/grammar.d.ts +1 -0
package/dist/types/providers/kimi.d.ts +27 -0
package/dist/types/providers/mock.d.ts +175 -0
package/dist/types/providers/ollama.d.ts +6 -0
package/dist/types/providers/openai-anthropic-shim.d.ts +31 -0
package/dist/types/providers/openai-chat-server-schema.d.ts +814 -0
package/dist/types/providers/openai-chat-server.d.ts +16 -0
package/dist/types/providers/openai-codex/constants.d.ts +26 -0
package/dist/types/providers/openai-codex/request-transformer.d.ts +49 -0
package/dist/types/providers/openai-codex/response-handler.d.ts +17 -0
package/dist/types/providers/openai-codex-responses.d.ts +67 -0
package/dist/types/providers/openai-completions-compat.d.ts +25 -0
package/dist/types/providers/openai-completions.d.ts +33 -0
package/dist/types/providers/openai-responses-server-schema.d.ts +392 -0
package/dist/types/providers/openai-responses-server.d.ts +17 -0
package/dist/types/providers/openai-responses-shared.d.ts +89 -0
package/dist/types/providers/openai-responses.d.ts +32 -0
package/dist/types/providers/pi-native-client.d.ts +13 -0
package/dist/types/providers/pi-native-server.d.ts +68 -0
package/dist/types/providers/register-builtins.d.ts +31 -0
package/dist/types/providers/synthetic.d.ts +26 -0
package/dist/types/providers/transform-messages.d.ts +12 -0
package/dist/types/providers/vision-guard.d.ts +8 -0
package/dist/types/rate-limit-utils.d.ts +19 -0
package/dist/types/stream.d.ts +24 -0
package/dist/types/types.d.ts +746 -0
package/dist/types/usage/claude.d.ts +3 -0
package/dist/types/usage/gemini.d.ts +2 -0
package/dist/types/usage/github-copilot.d.ts +7 -0
package/dist/types/usage/google-antigravity.d.ts +2 -0
package/dist/types/usage/kimi.d.ts +2 -0
package/dist/types/usage/minimax-code.d.ts +2 -0
package/dist/types/usage/openai-codex.d.ts +3 -0
package/dist/types/usage/shared.d.ts +1 -0
package/dist/types/usage/zai.d.ts +2 -0
package/dist/types/usage.d.ts +258 -0
package/dist/types/utils/abort.d.ts +19 -0
package/dist/types/utils/anthropic-auth.d.ts +31 -0
package/dist/types/utils/discovery/antigravity.d.ts +61 -0
package/dist/types/utils/discovery/codex.d.ts +38 -0
package/dist/types/utils/discovery/cursor.d.ts +23 -0
package/dist/types/utils/discovery/gemini.d.ts +25 -0
package/dist/types/utils/discovery/index.d.ts +4 -0
package/dist/types/utils/discovery/openai-compatible.d.ts +72 -0
package/dist/types/utils/event-stream.d.ts +28 -0
package/dist/types/utils/fireworks-model-id.d.ts +10 -0
package/dist/types/utils/foundry.d.ts +1 -0
package/dist/types/utils/h2-fetch.d.ts +22 -0
package/dist/types/utils/http-inspector.d.ts +31 -0
package/dist/types/utils/idle-iterator.d.ts +67 -0
package/dist/types/utils/json-parse.d.ts +10 -0
package/dist/types/utils/oauth/alibaba-coding-plan.d.ts +18 -0
package/dist/types/utils/oauth/anthropic.d.ts +22 -0
package/dist/types/utils/oauth/api-key-login.d.ts +35 -0
package/dist/types/utils/oauth/api-key-validation.d.ts +27 -0
package/dist/types/utils/oauth/callback-server.d.ts +57 -0
package/dist/types/utils/oauth/cerebras.d.ts +1 -0
package/dist/types/utils/oauth/cloudflare-ai-gateway.d.ts +18 -0
package/dist/types/utils/oauth/cursor.d.ts +15 -0
package/dist/types/utils/oauth/deepseek.d.ts +10 -0
package/dist/types/utils/oauth/firepass.d.ts +1 -0
package/dist/types/utils/oauth/fireworks.d.ts +1 -0
package/dist/types/utils/oauth/github-copilot.d.ts +38 -0
package/dist/types/utils/oauth/gitlab-duo.d.ts +3 -0
package/dist/types/utils/oauth/google-antigravity.d.ts +11 -0
package/dist/types/utils/oauth/google-gemini-cli.d.ts +10 -0
package/dist/types/utils/oauth/google-oauth-shared.d.ts +28 -0
package/dist/types/utils/oauth/huggingface.d.ts +19 -0
package/dist/types/utils/oauth/index.d.ts +38 -0
package/dist/types/utils/oauth/kagi.d.ts +17 -0
package/dist/types/utils/oauth/kilo.d.ts +5 -0
package/dist/types/utils/oauth/kimi.d.ts +21 -0
package/dist/types/utils/oauth/litellm.d.ts +18 -0
package/dist/types/utils/oauth/lm-studio.d.ts +17 -0
package/dist/types/utils/oauth/minimax-code.d.ts +28 -0
package/dist/types/utils/oauth/moonshot.d.ts +1 -0
package/dist/types/utils/oauth/nanogpt.d.ts +1 -0
package/dist/types/utils/oauth/nvidia.d.ts +18 -0
package/dist/types/utils/oauth/ollama-cloud.d.ts +2 -0
package/dist/types/utils/oauth/ollama.d.ts +18 -0
package/dist/types/utils/oauth/openai-codex.d.ts +21 -0
package/dist/types/utils/oauth/opencode.d.ts +18 -0
package/dist/types/utils/oauth/parallel.d.ts +17 -0
package/dist/types/utils/oauth/perplexity.d.ts +9 -0
package/dist/types/utils/oauth/pkce.d.ts +8 -0
package/dist/types/utils/oauth/qianfan.d.ts +17 -0
package/dist/types/utils/oauth/qwen-portal.d.ts +19 -0
package/dist/types/utils/oauth/synthetic.d.ts +1 -0
package/dist/types/utils/oauth/tavily.d.ts +17 -0
package/dist/types/utils/oauth/together.d.ts +1 -0
package/dist/types/utils/oauth/types.d.ts +44 -0
package/dist/types/utils/oauth/venice.d.ts +18 -0
package/dist/types/utils/oauth/vercel-ai-gateway.d.ts +18 -0
package/dist/types/utils/oauth/vllm.d.ts +16 -0
package/dist/types/utils/oauth/xiaomi.d.ts +19 -0
package/dist/types/utils/oauth/zai.d.ts +18 -0
package/dist/types/utils/oauth/zenmux.d.ts +1 -0
package/dist/types/utils/overflow.d.ts +54 -0
package/dist/types/utils/parse-bind.d.ts +23 -0
package/dist/types/utils/provider-response.d.ts +3 -0
package/dist/types/utils/retry-after.d.ts +3 -0
package/dist/types/utils/retry.d.ts +26 -0
package/dist/types/utils/schema/adapt.d.ts +24 -0
package/dist/types/utils/schema/compatibility.d.ts +30 -0
package/dist/types/utils/schema/dereference.d.ts +11 -0
package/dist/types/utils/schema/draft.d.ts +10 -0
package/dist/types/utils/schema/equality.d.ts +4 -0
package/dist/types/utils/schema/fields.d.ts +49 -0
package/dist/types/utils/schema/index.d.ts +13 -0
package/dist/types/utils/schema/json-schema-validator.d.ts +12 -0
package/dist/types/utils/schema/meta-validator.d.ts +2 -0
package/dist/types/utils/schema/normalize.d.ts +93 -0
package/dist/types/utils/schema/spill.d.ts +8 -0
package/dist/types/utils/schema/stamps.d.ts +25 -0
package/dist/types/utils/schema/types.d.ts +4 -0
package/dist/types/utils/schema/wire.d.ts +54 -0
package/dist/types/utils/schema/zod-decontaminate.d.ts +31 -0
package/dist/types/utils/sse-debug.d.ts +10 -0
package/dist/types/utils/tool-call-healing.d.ts +71 -0
package/dist/types/utils/tool-choice.d.ts +50 -0
package/dist/types/utils/validation.d.ts +17 -0
package/dist/types/utils.d.ts +28 -0
package/package.json +146 -0
package/src/api-registry.ts +96 -0
package/src/auth-broker/client.ts +358 -0
package/src/auth-broker/index.ts +5 -0
package/src/auth-broker/refresher.ts +127 -0
package/src/auth-broker/remote-store.ts +623 -0
package/src/auth-broker/server.ts +644 -0
package/src/auth-broker/types.ts +127 -0
package/src/auth-broker/wire-schemas.ts +200 -0
package/src/auth-gateway/http.ts +194 -0
package/src/auth-gateway/index.ts +3 -0
package/src/auth-gateway/server.ts +717 -0
package/src/auth-gateway/types.ts +134 -0
package/src/auth-storage.ts +4104 -0
package/src/cli.ts +262 -0
package/src/index.ts +54 -0
package/src/model-cache.ts +129 -0
package/src/model-manager.ts +450 -0
package/src/model-thinking.ts +691 -0
package/src/models.json +73853 -0
package/src/models.json.d.ts +9 -0
package/src/models.ts +56 -0
package/src/prompts/turn-aborted-guidance.md +4 -0
package/src/provider-details.ts +90 -0
package/src/provider-models/bundled-references.ts +38 -0
package/src/provider-models/descriptors.ts +308 -0
package/src/provider-models/google.ts +91 -0
package/src/provider-models/index.ts +5 -0
package/src/provider-models/ollama.ts +153 -0
package/src/provider-models/openai-compat.ts +2275 -0
package/src/provider-models/special.ts +67 -0
package/src/providers/amazon-bedrock.ts +849 -0
package/src/providers/anthropic-messages-server-schema.ts +229 -0
package/src/providers/anthropic-messages-server.ts +677 -0
package/src/providers/anthropic.ts +2696 -0
package/src/providers/aws-credentials.ts +501 -0
package/src/providers/aws-eventstream.ts +185 -0
package/src/providers/aws-sigv4.ts +218 -0
package/src/providers/azure-openai-responses.ts +337 -0
package/src/providers/cursor/gen/agent_pb.ts +15274 -0
package/src/providers/cursor/proto/agent.proto +3526 -0
package/src/providers/cursor/proto/buf.gen.yaml +6 -0
package/src/providers/cursor/proto/buf.yaml +17 -0
package/src/providers/cursor.ts +2561 -0
package/src/providers/error-message.ts +21 -0
package/src/providers/github-copilot-headers.ts +140 -0
package/src/providers/gitlab-duo.ts +372 -0
package/src/providers/google-auth.ts +252 -0
package/src/providers/google-gemini-cli.ts +795 -0
package/src/providers/google-gemini-headers.ts +41 -0
package/src/providers/google-shared.ts +902 -0
package/src/providers/google-types.ts +167 -0
package/src/providers/google-vertex.ts +88 -0
package/src/providers/google.ts +41 -0
package/src/providers/grammar.ts +70 -0
package/src/providers/kimi.ts +52 -0
package/src/providers/mock.ts +500 -0
package/src/providers/ollama.ts +544 -0
package/src/providers/openai-anthropic-shim.ts +138 -0
package/src/providers/openai-chat-server-schema.ts +243 -0
package/src/providers/openai-chat-server.ts +628 -0
package/src/providers/openai-codex/constants.ts +43 -0
package/src/providers/openai-codex/request-transformer.ts +161 -0
package/src/providers/openai-codex/response-handler.ts +81 -0
package/src/providers/openai-codex-responses.ts +2598 -0
package/src/providers/openai-completions-compat.ts +279 -0
package/src/providers/openai-completions.ts +1853 -0
package/src/providers/openai-responses-server-schema.ts +290 -0
package/src/providers/openai-responses-server.ts +1183 -0
package/src/providers/openai-responses-shared.ts +800 -0
package/src/providers/openai-responses.ts +621 -0
package/src/providers/pi-native-client.ts +228 -0
package/src/providers/pi-native-server.ts +210 -0
package/src/providers/register-builtins.ts +412 -0
package/src/providers/synthetic.ts +50 -0
package/src/providers/transform-messages.ts +309 -0
package/src/providers/vision-guard.ts +31 -0
package/src/rate-limit-utils.ts +84 -0
package/src/stream.ts +895 -0
package/src/types.ts +884 -0
package/src/usage/claude.ts +431 -0
package/src/usage/gemini.ts +250 -0
package/src/usage/github-copilot.ts +421 -0
package/src/usage/google-antigravity.ts +201 -0
package/src/usage/kimi.ts +271 -0
package/src/usage/minimax-code.ts +31 -0
package/src/usage/openai-codex.ts +503 -0
package/src/usage/shared.ts +10 -0
package/src/usage/zai.ts +247 -0
package/src/usage.ts +183 -0
package/src/utils/abort.ts +51 -0
package/src/utils/anthropic-auth.ts +87 -0
package/src/utils/discovery/antigravity.ts +261 -0
package/src/utils/discovery/codex.ts +371 -0
package/src/utils/discovery/cursor.ts +306 -0
package/src/utils/discovery/gemini.ts +248 -0
package/src/utils/discovery/index.ts +4 -0
package/src/utils/discovery/openai-compatible.ts +224 -0
package/src/utils/event-stream.ts +142 -0
package/src/utils/fireworks-model-id.ts +30 -0
package/src/utils/foundry.ts +8 -0
package/src/utils/h2-fetch.ts +60 -0
package/src/utils/http-inspector.ts +176 -0
package/src/utils/idle-iterator.ts +250 -0
package/src/utils/json-parse.ts +148 -0
package/src/utils/oauth/alibaba-coding-plan.ts +59 -0
package/src/utils/oauth/anthropic.ts +200 -0
package/src/utils/oauth/api-key-login.ts +87 -0
package/src/utils/oauth/api-key-validation.ts +92 -0
package/src/utils/oauth/callback-server.ts +276 -0
package/src/utils/oauth/cerebras.ts +16 -0
package/src/utils/oauth/cloudflare-ai-gateway.ts +48 -0
package/src/utils/oauth/cursor.ts +157 -0
package/src/utils/oauth/deepseek.ts +53 -0
package/src/utils/oauth/firepass.ts +24 -0
package/src/utils/oauth/fireworks.ts +15 -0
package/src/utils/oauth/github-copilot.ts +362 -0
package/src/utils/oauth/gitlab-duo.ts +123 -0
package/src/utils/oauth/google-antigravity.ts +200 -0
package/src/utils/oauth/google-gemini-cli.ts +256 -0
package/src/utils/oauth/google-oauth-shared.ts +110 -0
package/src/utils/oauth/huggingface.ts +62 -0
package/src/utils/oauth/index.ts +444 -0
package/src/utils/oauth/kagi.ts +47 -0
package/src/utils/oauth/kilo.ts +87 -0
package/src/utils/oauth/kimi.ts +254 -0
package/src/utils/oauth/litellm.ts +47 -0
package/src/utils/oauth/lm-studio.ts +38 -0
package/src/utils/oauth/minimax-code.ts +78 -0
package/src/utils/oauth/moonshot.ts +16 -0
package/src/utils/oauth/nanogpt.ts +15 -0
package/src/utils/oauth/nvidia.ts +70 -0
package/src/utils/oauth/oauth.html +199 -0
package/src/utils/oauth/ollama-cloud.ts +28 -0
package/src/utils/oauth/ollama.ts +47 -0
package/src/utils/oauth/openai-codex.ts +299 -0
package/src/utils/oauth/opencode.ts +49 -0
package/src/utils/oauth/parallel.ts +46 -0
package/src/utils/oauth/perplexity.ts +206 -0
package/src/utils/oauth/pkce.ts +18 -0
package/src/utils/oauth/qianfan.ts +58 -0
package/src/utils/oauth/qwen-portal.ts +60 -0
package/src/utils/oauth/synthetic.ts +16 -0
package/src/utils/oauth/tavily.ts +46 -0
package/src/utils/oauth/together.ts +16 -0
package/src/utils/oauth/types.ts +94 -0
package/src/utils/oauth/venice.ts +59 -0
package/src/utils/oauth/vercel-ai-gateway.ts +47 -0
package/src/utils/oauth/vllm.ts +40 -0
package/src/utils/oauth/xiaomi.ts +137 -0
package/src/utils/oauth/zai.ts +60 -0
package/src/utils/oauth/zenmux.ts +15 -0
package/src/utils/overflow.ts +137 -0
package/src/utils/parse-bind.ts +54 -0
package/src/utils/provider-response.ts +30 -0
package/src/utils/retry-after.ts +110 -0
package/src/utils/retry.ts +54 -0
package/src/utils/schema/CONSTRAINTS.md +164 -0
package/src/utils/schema/adapt.ts +36 -0
package/src/utils/schema/compatibility.ts +435 -0
package/src/utils/schema/dereference.ts +98 -0
package/src/utils/schema/draft.ts +341 -0
package/src/utils/schema/equality.ts +97 -0
package/src/utils/schema/fields.ts +190 -0
package/src/utils/schema/index.ts +13 -0
package/src/utils/schema/json-schema-validator.ts +577 -0
package/src/utils/schema/meta-validator.ts +167 -0
package/src/utils/schema/normalize.ts +1588 -0
package/src/utils/schema/spill.ts +43 -0
package/src/utils/schema/stamps.ts +97 -0
package/src/utils/schema/types.ts +11 -0
package/src/utils/schema/wire.ts +213 -0
package/src/utils/schema/zod-decontaminate.ts +331 -0
package/src/utils/sse-debug.ts +289 -0
package/src/utils/tool-call-healing.ts +271 -0
package/src/utils/tool-choice.ts +99 -0
package/src/utils/validation.ts +1019 -0
package/src/utils.ts +166 -0

package/dist/types/auth-broker/wire-schemas.d.ts ADDED Viewed

@@ -0,0 +1,412 @@
+/**
+ * Zod schemas for the auth-broker wire protocol.
+ *
+ * Shared between the server (validates inbound request bodies) and the client
+ * (validates responses from the broker). Schemas mirror the TypeScript types
+ * in `./types.ts` 1:1; the types remain the source of truth for static typing,
+ * and `z.infer<typeof Schema>` is asserted-compatible with them where possible.
+ *
+ * Schemas use `.strict()` on objects with a closed set of fields so unknown
+ * keys are rejected — the previous implementation used a hand-rolled
+ * `hasOnlyFields` allowlist for the same effect.
+ */
+import * as z from "zod/v4";
+/** Real OAuth credential (broker-side) — refresh token is the actual upstream value. */
+export declare const oauthCredentialSchema: z.ZodObject<{
+    type: z.ZodLiteral<"oauth">;
+    refresh: z.ZodString;
+    access: z.ZodString;
+    expires: z.ZodNumber;
+    enterpriseUrl: z.ZodOptional<z.ZodString>;
+    projectId: z.ZodOptional<z.ZodString>;
+    email: z.ZodOptional<z.ZodString>;
+    accountId: z.ZodOptional<z.ZodString>;
+}, z.core.$strict>;
+/** OAuth credential as it appears in broker snapshots — refresh replaced with sentinel. */
+export declare const remoteOauthCredentialSchema: z.ZodObject<{
+    type: z.ZodLiteral<"oauth">;
+    access: z.ZodString;
+    expires: z.ZodNumber;
+    enterpriseUrl: z.ZodOptional<z.ZodString>;
+    projectId: z.ZodOptional<z.ZodString>;
+    email: z.ZodOptional<z.ZodString>;
+    accountId: z.ZodOptional<z.ZodString>;
+    refresh: z.ZodLiteral<"__remote__">;
+}, z.core.$strict>;
+export declare const apiKeyCredentialSchema: z.ZodObject<{
+    type: z.ZodLiteral<"api_key">;
+    key: z.ZodString;
+}, z.core.$strict>;
+/** Discriminated union accepted on POST /v1/credential (writes). */
+export declare const writableAuthCredentialSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
+    type: z.ZodLiteral<"oauth">;
+    refresh: z.ZodString;
+    access: z.ZodString;
+    expires: z.ZodNumber;
+    enterpriseUrl: z.ZodOptional<z.ZodString>;
+    projectId: z.ZodOptional<z.ZodString>;
+    email: z.ZodOptional<z.ZodString>;
+    accountId: z.ZodOptional<z.ZodString>;
+}, z.core.$strict>, z.ZodObject<{
+    type: z.ZodLiteral<"api_key">;
+    key: z.ZodString;
+}, z.core.$strict>], "type">;
+/** Discriminated union returned in snapshots (refresh is sentinel for OAuth). */
+export declare const snapshotCredentialSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
+    type: z.ZodLiteral<"oauth">;
+    access: z.ZodString;
+    expires: z.ZodNumber;
+    enterpriseUrl: z.ZodOptional<z.ZodString>;
+    projectId: z.ZodOptional<z.ZodString>;
+    email: z.ZodOptional<z.ZodString>;
+    accountId: z.ZodOptional<z.ZodString>;
+    refresh: z.ZodLiteral<"__remote__">;
+}, z.core.$strict>, z.ZodObject<{
+    type: z.ZodLiteral<"api_key">;
+    key: z.ZodString;
+}, z.core.$strict>], "type">;
+export declare const credentialSnapshotEntrySchema: z.ZodObject<{
+    id: z.ZodNumber;
+    provider: z.ZodString;
+    credential: z.ZodDiscriminatedUnion<[z.ZodObject<{
+        type: z.ZodLiteral<"oauth">;
+        access: z.ZodString;
+        expires: z.ZodNumber;
+        enterpriseUrl: z.ZodOptional<z.ZodString>;
+        projectId: z.ZodOptional<z.ZodString>;
+        email: z.ZodOptional<z.ZodString>;
+        accountId: z.ZodOptional<z.ZodString>;
+        refresh: z.ZodLiteral<"__remote__">;
+    }, z.core.$strict>, z.ZodObject<{
+        type: z.ZodLiteral<"api_key">;
+        key: z.ZodString;
+    }, z.core.$strict>], "type">;
+    identityKey: z.ZodNullable<z.ZodString>;
+}, z.core.$strict>;
+export declare const snapshotEntrySchema: z.ZodObject<{
+    id: z.ZodNumber;
+    provider: z.ZodString;
+    credential: z.ZodDiscriminatedUnion<[z.ZodObject<{
+        type: z.ZodLiteral<"oauth">;
+        access: z.ZodString;
+        expires: z.ZodNumber;
+        enterpriseUrl: z.ZodOptional<z.ZodString>;
+        projectId: z.ZodOptional<z.ZodString>;
+        email: z.ZodOptional<z.ZodString>;
+        accountId: z.ZodOptional<z.ZodString>;
+        refresh: z.ZodLiteral<"__remote__">;
+    }, z.core.$strict>, z.ZodObject<{
+        type: z.ZodLiteral<"api_key">;
+        key: z.ZodString;
+    }, z.core.$strict>], "type">;
+    identityKey: z.ZodNullable<z.ZodString>;
+    rotatesInMs: z.ZodNullable<z.ZodNumber>;
+}, z.core.$strict>;
+export declare const refresherScheduleSchema: z.ZodObject<{
+    enabled: z.ZodBoolean;
+    intervalMs: z.ZodNumber;
+    skewMs: z.ZodNumber;
+    nextSweepInMs: z.ZodNumber;
+}, z.core.$strict>;
+export declare const snapshotResponseSchema: z.ZodObject<{
+    generation: z.ZodNumber;
+    generatedAt: z.ZodNumber;
+    serverNowMs: z.ZodNumber;
+    refresher: z.ZodObject<{
+        enabled: z.ZodBoolean;
+        intervalMs: z.ZodNumber;
+        skewMs: z.ZodNumber;
+        nextSweepInMs: z.ZodNumber;
+    }, z.core.$strict>;
+    credentials: z.ZodArray<z.ZodObject<{
+        id: z.ZodNumber;
+        provider: z.ZodString;
+        credential: z.ZodDiscriminatedUnion<[z.ZodObject<{
+            type: z.ZodLiteral<"oauth">;
+            access: z.ZodString;
+            expires: z.ZodNumber;
+            enterpriseUrl: z.ZodOptional<z.ZodString>;
+            projectId: z.ZodOptional<z.ZodString>;
+            email: z.ZodOptional<z.ZodString>;
+            accountId: z.ZodOptional<z.ZodString>;
+            refresh: z.ZodLiteral<"__remote__">;
+        }, z.core.$strict>, z.ZodObject<{
+            type: z.ZodLiteral<"api_key">;
+            key: z.ZodString;
+        }, z.core.$strict>], "type">;
+        identityKey: z.ZodNullable<z.ZodString>;
+        rotatesInMs: z.ZodNullable<z.ZodNumber>;
+    }, z.core.$strict>>;
+}, z.core.$strict>;
+/** First frame on connect — full snapshot embedded inline with a `kind` tag. */
+export declare const snapshotStreamSnapshotEventSchema: z.ZodObject<{
+    generation: z.ZodNumber;
+    generatedAt: z.ZodNumber;
+    serverNowMs: z.ZodNumber;
+    refresher: z.ZodObject<{
+        enabled: z.ZodBoolean;
+        intervalMs: z.ZodNumber;
+        skewMs: z.ZodNumber;
+        nextSweepInMs: z.ZodNumber;
+    }, z.core.$strict>;
+    credentials: z.ZodArray<z.ZodObject<{
+        id: z.ZodNumber;
+        provider: z.ZodString;
+        credential: z.ZodDiscriminatedUnion<[z.ZodObject<{
+            type: z.ZodLiteral<"oauth">;
+            access: z.ZodString;
+            expires: z.ZodNumber;
+            enterpriseUrl: z.ZodOptional<z.ZodString>;
+            projectId: z.ZodOptional<z.ZodString>;
+            email: z.ZodOptional<z.ZodString>;
+            accountId: z.ZodOptional<z.ZodString>;
+            refresh: z.ZodLiteral<"__remote__">;
+        }, z.core.$strict>, z.ZodObject<{
+            type: z.ZodLiteral<"api_key">;
+            key: z.ZodString;
+        }, z.core.$strict>], "type">;
+        identityKey: z.ZodNullable<z.ZodString>;
+        rotatesInMs: z.ZodNullable<z.ZodNumber>;
+    }, z.core.$strict>>;
+    kind: z.ZodLiteral<"snapshot">;
+}, z.core.$strict>;
+/** Per-credential upsert/refresh delta. */
+export declare const snapshotStreamEntryEventSchema: z.ZodObject<{
+    kind: z.ZodLiteral<"entry">;
+    generation: z.ZodNumber;
+    serverNowMs: z.ZodNumber;
+    refresher: z.ZodObject<{
+        enabled: z.ZodBoolean;
+        intervalMs: z.ZodNumber;
+        skewMs: z.ZodNumber;
+        nextSweepInMs: z.ZodNumber;
+    }, z.core.$strict>;
+    entry: z.ZodObject<{
+        id: z.ZodNumber;
+        provider: z.ZodString;
+        credential: z.ZodDiscriminatedUnion<[z.ZodObject<{
+            type: z.ZodLiteral<"oauth">;
+            access: z.ZodString;
+            expires: z.ZodNumber;
+            enterpriseUrl: z.ZodOptional<z.ZodString>;
+            projectId: z.ZodOptional<z.ZodString>;
+            email: z.ZodOptional<z.ZodString>;
+            accountId: z.ZodOptional<z.ZodString>;
+            refresh: z.ZodLiteral<"__remote__">;
+        }, z.core.$strict>, z.ZodObject<{
+            type: z.ZodLiteral<"api_key">;
+            key: z.ZodString;
+        }, z.core.$strict>], "type">;
+        identityKey: z.ZodNullable<z.ZodString>;
+        rotatesInMs: z.ZodNullable<z.ZodNumber>;
+    }, z.core.$strict>;
+}, z.core.$strict>;
+/** Per-credential delete delta. */
+export declare const snapshotStreamRemovedEventSchema: z.ZodObject<{
+    kind: z.ZodLiteral<"removed">;
+    generation: z.ZodNumber;
+    serverNowMs: z.ZodNumber;
+    refresher: z.ZodObject<{
+        enabled: z.ZodBoolean;
+        intervalMs: z.ZodNumber;
+        skewMs: z.ZodNumber;
+        nextSweepInMs: z.ZodNumber;
+    }, z.core.$strict>;
+    id: z.ZodNumber;
+}, z.core.$strict>;
+/** Discriminated union over every event frame the snapshot stream emits. */
+export declare const snapshotStreamEventSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
+    generation: z.ZodNumber;
+    generatedAt: z.ZodNumber;
+    serverNowMs: z.ZodNumber;
+    refresher: z.ZodObject<{
+        enabled: z.ZodBoolean;
+        intervalMs: z.ZodNumber;
+        skewMs: z.ZodNumber;
+        nextSweepInMs: z.ZodNumber;
+    }, z.core.$strict>;
+    credentials: z.ZodArray<z.ZodObject<{
+        id: z.ZodNumber;
+        provider: z.ZodString;
+        credential: z.ZodDiscriminatedUnion<[z.ZodObject<{
+            type: z.ZodLiteral<"oauth">;
+            access: z.ZodString;
+            expires: z.ZodNumber;
+            enterpriseUrl: z.ZodOptional<z.ZodString>;
+            projectId: z.ZodOptional<z.ZodString>;
+            email: z.ZodOptional<z.ZodString>;
+            accountId: z.ZodOptional<z.ZodString>;
+            refresh: z.ZodLiteral<"__remote__">;
+        }, z.core.$strict>, z.ZodObject<{
+            type: z.ZodLiteral<"api_key">;
+            key: z.ZodString;
+        }, z.core.$strict>], "type">;
+        identityKey: z.ZodNullable<z.ZodString>;
+        rotatesInMs: z.ZodNullable<z.ZodNumber>;
+    }, z.core.$strict>>;
+    kind: z.ZodLiteral<"snapshot">;
+}, z.core.$strict>, z.ZodObject<{
+    kind: z.ZodLiteral<"entry">;
+    generation: z.ZodNumber;
+    serverNowMs: z.ZodNumber;
+    refresher: z.ZodObject<{
+        enabled: z.ZodBoolean;
+        intervalMs: z.ZodNumber;
+        skewMs: z.ZodNumber;
+        nextSweepInMs: z.ZodNumber;
+    }, z.core.$strict>;
+    entry: z.ZodObject<{
+        id: z.ZodNumber;
+        provider: z.ZodString;
+        credential: z.ZodDiscriminatedUnion<[z.ZodObject<{
+            type: z.ZodLiteral<"oauth">;
+            access: z.ZodString;
+            expires: z.ZodNumber;
+            enterpriseUrl: z.ZodOptional<z.ZodString>;
+            projectId: z.ZodOptional<z.ZodString>;
+            email: z.ZodOptional<z.ZodString>;
+            accountId: z.ZodOptional<z.ZodString>;
+            refresh: z.ZodLiteral<"__remote__">;
+        }, z.core.$strict>, z.ZodObject<{
+            type: z.ZodLiteral<"api_key">;
+            key: z.ZodString;
+        }, z.core.$strict>], "type">;
+        identityKey: z.ZodNullable<z.ZodString>;
+        rotatesInMs: z.ZodNullable<z.ZodNumber>;
+    }, z.core.$strict>;
+}, z.core.$strict>, z.ZodObject<{
+    kind: z.ZodLiteral<"removed">;
+    generation: z.ZodNumber;
+    serverNowMs: z.ZodNumber;
+    refresher: z.ZodObject<{
+        enabled: z.ZodBoolean;
+        intervalMs: z.ZodNumber;
+        skewMs: z.ZodNumber;
+        nextSweepInMs: z.ZodNumber;
+    }, z.core.$strict>;
+    id: z.ZodNumber;
+}, z.core.$strict>], "kind">;
+export declare const healthzResponseSchema: z.ZodObject<{
+    ok: z.ZodBoolean;
+    version: z.ZodOptional<z.ZodString>;
+}, z.core.$strict>;
+/**
+ * Broker `/v1/usage` response. Reports are full {@link UsageReport}s minus the
+ * heavy provider-specific `raw` field (the server strips it before send) — we
+ * keep `raw` optional in the underlying schema so a misconfigured broker that
+ * forgot to strip still validates.
+ */
+export declare const usageResponseSchema: z.ZodObject<{
+    generatedAt: z.ZodNumber;
+    reports: z.ZodArray<z.ZodObject<{
+        provider: z.ZodString;
+        fetchedAt: z.ZodNumber;
+        limits: z.ZodArray<z.ZodObject<{
+            id: z.ZodString;
+            label: z.ZodString;
+            scope: z.ZodObject<{
+                provider: z.ZodString;
+                accountId: z.ZodOptional<z.ZodString>;
+                projectId: z.ZodOptional<z.ZodString>;
+                orgId: z.ZodOptional<z.ZodString>;
+                modelId: z.ZodOptional<z.ZodString>;
+                tier: z.ZodOptional<z.ZodString>;
+                windowId: z.ZodOptional<z.ZodString>;
+                shared: z.ZodOptional<z.ZodBoolean>;
+            }, z.core.$strip>;
+            window: z.ZodOptional<z.ZodObject<{
+                id: z.ZodString;
+                label: z.ZodString;
+                durationMs: z.ZodOptional<z.ZodNumber>;
+                resetsAt: z.ZodOptional<z.ZodNumber>;
+            }, z.core.$strip>>;
+            amount: z.ZodObject<{
+                used: z.ZodOptional<z.ZodNumber>;
+                limit: z.ZodOptional<z.ZodNumber>;
+                remaining: z.ZodOptional<z.ZodNumber>;
+                usedFraction: z.ZodOptional<z.ZodNumber>;
+                remainingFraction: z.ZodOptional<z.ZodNumber>;
+                unit: z.ZodEnum<{
+                    bytes: "bytes";
+                    minutes: "minutes";
+                    percent: "percent";
+                    requests: "requests";
+                    tokens: "tokens";
+                    unknown: "unknown";
+                    usd: "usd";
+                }>;
+            }, z.core.$strip>;
+            status: z.ZodOptional<z.ZodEnum<{
+                exhausted: "exhausted";
+                ok: "ok";
+                unknown: "unknown";
+                warning: "warning";
+            }>>;
+            notes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        }, z.core.$strip>>;
+        metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+        raw: z.ZodOptional<z.ZodUnknown>;
+    }, z.core.$strip>>;
+}, z.core.$strict>;
+export declare const credentialRefreshResponseSchema: z.ZodObject<{
+    entry: z.ZodObject<{
+        id: z.ZodNumber;
+        provider: z.ZodString;
+        credential: z.ZodDiscriminatedUnion<[z.ZodObject<{
+            type: z.ZodLiteral<"oauth">;
+            access: z.ZodString;
+            expires: z.ZodNumber;
+            enterpriseUrl: z.ZodOptional<z.ZodString>;
+            projectId: z.ZodOptional<z.ZodString>;
+            email: z.ZodOptional<z.ZodString>;
+            accountId: z.ZodOptional<z.ZodString>;
+            refresh: z.ZodLiteral<"__remote__">;
+        }, z.core.$strict>, z.ZodObject<{
+            type: z.ZodLiteral<"api_key">;
+            key: z.ZodString;
+        }, z.core.$strict>], "type">;
+        identityKey: z.ZodNullable<z.ZodString>;
+    }, z.core.$strict>;
+}, z.core.$strict>;
+export declare const credentialDisableRequestSchema: z.ZodObject<{
+    cause: z.ZodOptional<z.ZodString>;
+}, z.core.$strict>;
+export declare const credentialDisableResponseSchema: z.ZodObject<{
+    ok: z.ZodBoolean;
+}, z.core.$strict>;
+export declare const credentialUploadRequestSchema: z.ZodObject<{
+    provider: z.ZodString;
+    credential: z.ZodDiscriminatedUnion<[z.ZodObject<{
+        type: z.ZodLiteral<"oauth">;
+        refresh: z.ZodString;
+        access: z.ZodString;
+        expires: z.ZodNumber;
+        enterpriseUrl: z.ZodOptional<z.ZodString>;
+        projectId: z.ZodOptional<z.ZodString>;
+        email: z.ZodOptional<z.ZodString>;
+        accountId: z.ZodOptional<z.ZodString>;
+    }, z.core.$strict>, z.ZodObject<{
+        type: z.ZodLiteral<"api_key">;
+        key: z.ZodString;
+    }, z.core.$strict>], "type">;
+}, z.core.$strict>;
+export declare const credentialUploadResponseSchema: z.ZodObject<{
+    entries: z.ZodArray<z.ZodObject<{
+        id: z.ZodNumber;
+        provider: z.ZodString;
+        credential: z.ZodDiscriminatedUnion<[z.ZodObject<{
+            type: z.ZodLiteral<"oauth">;
+            access: z.ZodString;
+            expires: z.ZodNumber;
+            enterpriseUrl: z.ZodOptional<z.ZodString>;
+            projectId: z.ZodOptional<z.ZodString>;
+            email: z.ZodOptional<z.ZodString>;
+            accountId: z.ZodOptional<z.ZodString>;
+            refresh: z.ZodLiteral<"__remote__">;
+        }, z.core.$strict>, z.ZodObject<{
+            type: z.ZodLiteral<"api_key">;
+            key: z.ZodString;
+        }, z.core.$strict>], "type">;
+        identityKey: z.ZodNullable<z.ZodString>;
+    }, z.core.$strict>>;
+}, z.core.$strict>;

package/dist/types/auth-gateway/http.d.ts ADDED Viewed

@@ -0,0 +1,39 @@
+export declare function json(status: number, body: unknown): Response;
+export declare function resolvePeer(req: Request): string;
+/**
+ * Constant-time byte comparison. Falls back to a manual XOR accumulator if
+ * `node:crypto.timingSafeEqual` isn't available. Always processes every byte
+ * of the longer input so length itself doesn't leak via timing.
+ */
+export declare function timingSafeEqual(a: Uint8Array, b: Uint8Array): boolean;
+export declare function isAuthorized(req: Request, tokens: ReadonlySet<string>): boolean;
+/**
+ * Extract allow-listed passthrough headers from an inbound request. Keys are
+ * lowercased; empty values are dropped. Called once per request in
+ * `handleFormatEndpoint`; parsers then read `options.headers`.
+ */
+export declare function captureRequestHeaders(headers: Headers): Record<string, string>;
+/**
+ * Resolve a prompt-cache identity from inbound request body + headers.
+ * Order of precedence (first wins):
+ *   1. Body `prompt_cache_key`
+ *   2. Body `metadata.{prompt_cache_key,session_id,conversation_id}`
+ *   3. Header `x-prompt-cache-key`
+ *   4. Header `session_id` / `conversation_id` (OpenAI code backend / ChatGPT-OAuth surface)
+ *   5. Header `x-session-id` / `x-conversation-id` (common informal)
+ * Returns undefined when none present; the gateway then derives a stable
+ * UUID from the request's stable parts.
+ */
+export declare function resolvePromptCacheKey(body: unknown, headers?: Headers): string | undefined;
+/**
+ * CORS headers for the auth-gateway. Currently echoes a wildcard origin; the
+ * request is accepted so future tightening can mirror `Origin` without
+ * threading the request through every caller.
+ */
+export declare function corsHeaders(_req: Request): Record<string, string>;
+/**
+ * Re-emit `response` with CORS headers merged. The original response body is
+ * passed through unchanged. Used by the gateway wrapper so every outbound
+ * format-endpoint response carries the same CORS surface as the preflight.
+ */
+export declare function withCors(response: Response, req: Request): Response;

package/dist/types/auth-gateway/index.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+export * from "./http";
+export * from "./server";
+export * from "./types";

package/dist/types/auth-gateway/server.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import type { AuthStorage } from "../auth-storage";
+import type { Api, Model } from "../types";
+import type { AuthGatewayServerHandle, AuthGatewayServerOptions } from "./types";
+export type ModelResolver = (modelId: string) => Model<Api> | undefined;
+export interface AuthGatewayBootOptions extends AuthGatewayServerOptions {
+    /** Source of credentials. Caller wires this to a broker-backed AuthStorage. */
+    storage: AuthStorage;
+    /**
+     * Resolve a client-requested model id to a pi-ai Model. Caller supplies
+     * this from a ModelRegistry (lives in `coding-agent` to avoid an inverse
+     * dependency in `pi-ai`).
+     */
+    resolveModel: ModelResolver;
+    /** Optional supplier for `/v1/models` listing. Returns the full model array. */
+    listModels?: () => Iterable<Model<Api>>;
+}
+export declare function startAuthGateway(opts: AuthGatewayBootOptions): AuthGatewayServerHandle;

package/dist/types/auth-gateway/types.d.ts ADDED Viewed

@@ -0,0 +1,115 @@
+import type { Effort } from "../model-thinking";
+import type { AssistantMessage, AssistantMessageEventStream, CacheRetention, Context, ServiceTier } from "../types";
+/**
+ * Wire types for the gjc auth-gateway.
+ *
+ * The gateway sits between unauthenticated clients (containerized gjc,
+ * llm-git, …) and the broker. It accepts provider-format HTTP requests
+ * (OpenAI chat-completions / Anthropic messages / OpenAI Responses),
+ * dispatches them through pi-ai's `streamSimple()`, and translates the
+ * canonical event stream back to the matching wire format. The gateway
+ * injects `Authorization` server-side so clients never see access tokens.
+ */
+/** Default bind. Loopback-only — front with reverse proxy for remote access. */
+export declare const DEFAULT_AUTH_GATEWAY_BIND = "127.0.0.1:4000";
+export type AuthGatewayToolChoice = "auto" | "none" | "required" | {
+    name: string;
+};
+export interface AuthGatewayParsedRequestOptions {
+    maxOutputTokens?: number;
+    temperature?: number;
+    topP?: number;
+    topK?: number;
+    /** OpenAI nucleus-min sampling (`min_p`). */
+    minP?: number;
+    /** Anthropic `stop_sequences` / OpenAI `stop`. */
+    stopSequences?: string[];
+    /** OpenAI `presence_penalty`. */
+    presencePenalty?: number;
+    /** OpenAI `frequency_penalty`. */
+    frequencyPenalty?: number;
+    /** OpenRouter / vLLM `repetition_penalty`. */
+    repetitionPenalty?: number;
+    /** OpenAI deterministic-sampling `seed`. */
+    seed?: number;
+    /** OpenAI `logit_bias` map (token id → bias). */
+    logitBias?: Record<string, number>;
+    /** OpenAI `response_format` (text | json_object | json_schema). Opaque passthrough. */
+    responseFormat?: unknown;
+    toolChoice?: AuthGatewayToolChoice;
+    /** OpenAI `parallel_tool_calls`. */
+    parallelToolCalls?: boolean;
+    /** Effort-level reasoning request (OpenAI Responses / Chat `reasoning_effort`). */
+    reasoning?: Effort;
+    /** Force-disable reasoning (Anthropic `thinking: { type: "disabled" }`). */
+    disableReasoning?: boolean;
+    /**
+     * Explicit Anthropic `thinking.budget_tokens`. Mirrors Rust's
+     * `resolve_thinking_budget`: pins onto whichever effort the client
+     * requested (defaulting to High when unspecified). Preferred over the
+     * removed legacy single-number `thinkingBudget` for new code.
+     */
+    explicitThinkingBudgetTokens?: number;
+    /** Per-effort thinking budget map. */
+    thinkingBudgets?: Partial<Record<Effort, number>>;
+    /** Suppress the provider's reasoning summary stream. */
+    hideThinkingSummary?: boolean;
+    /** OpenAI service tier (auto|default|flex|scale|priority). */
+    serviceTier?: ServiceTier;
+    /** Cache retention hint derived from inbound `cache_control` markers. */
+    cacheRetention?: CacheRetention;
+    /** OpenAI Responses `prompt_cache_key`; bridges to pi-ai `sessionId`. */
+    promptCacheKey?: string;
+    /** OpenAI Responses `previous_response_id` for response chaining. */
+    previousResponseId?: string;
+    /** OpenAI / abuse-tracking `user` field. */
+    user?: string;
+    /**
+     * Provider-specific metadata. Anthropic uses `metadata.user_id`; OpenRouter
+     * carries routing hints; xAI uses `search_parameters`; OpenAI accepts a
+     * free-form bag. The gateway forwards as-is.
+     */
+    metadata?: Record<string, unknown>;
+    /**
+     * Captured allow-listed passthrough headers (anthropic-beta,
+     * anthropic-version, openai-organization, openai-project, openai-beta,
+     * x-stainless-*). Keys are lowercased.
+     */
+    headers?: Record<string, string>;
+    /**
+     * Escape hatch for provider-specific request controls that don't yet have a
+     * first-class field. Prefer adding a typed field over widening this.
+     */
+    extra?: Record<string, unknown>;
+}
+export interface AuthGatewayParsedRequest {
+    modelId: string;
+    context: Context;
+    stream: boolean;
+    options: AuthGatewayParsedRequestOptions;
+}
+export interface AuthGatewayFormatModule {
+    parseRequest(body: unknown, headers?: Headers): AuthGatewayParsedRequest;
+    encodeResponse(message: AssistantMessage, requestedModelId: string): Record<string, unknown>;
+    encodeStream(events: AssistantMessageEventStream, requestedModelId: string, options?: AuthGatewayParsedRequestOptions): ReadableStream<Uint8Array>;
+    /**
+     * Emit a protocol-specific error envelope. OpenAI returns
+     * `{ error: { message, type } }`; Anthropic returns
+     * `{ type: "error", error: { type, message } }`.
+     */
+    formatError(status: number, type: string, message: string): Response;
+}
+export interface AuthGatewayServerOptions {
+    /** Listen address. Default `127.0.0.1:4000`. */
+    bind?: string;
+    /** Accept any of these bearer tokens. Empty allows unauthenticated calls. */
+    bearerTokens: string[];
+    /** Version surfaced on `/healthz`. */
+    version?: string;
+}
+export interface AuthGatewayServerHandle {
+    url: string;
+    port: number;
+    hostname: string;
+    close(): Promise<void>;
+}