@gitlab/gitlab-ai-provider 3.4.1 → 3.5.1

package/CHANGELOG.md

@@ -2,6 +2,16 @@
 
 All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines.
 
+## <small>3.5.1 (2026-02-16)</small>
+
+- Merge branch 'vg/token-refresh' into 'main' ([38295cf](https://gitlab.com/gitlab-org/editor-extensions/gitlab-ai-provider/commit/38295cf))
+- fix: resolve mid-session OAuth token refresh failures ([b495153](https://gitlab.com/gitlab-org/editor-extensions/gitlab-ai-provider/commit/b495153))
+
+## 3.5.0 (2026-02-06)
+
+- Merge branch 'feat/add-opus-4-6' into 'main' ([b776bd7](https://gitlab.com/gitlab-org/editor-extensions/gitlab-ai-provider/commit/b776bd7))
+- feat(models): add Claude Opus 4.6 model support ([e221e45](https://gitlab.com/gitlab-org/editor-extensions/gitlab-ai-provider/commit/e221e45))
+
 ## <small>3.4.1 (2026-02-06)</small>
 
 - Merge branch 'vg/token_refresh_fix' into 'main' ([8c1f2c4](https://gitlab.com/gitlab-org/editor-extensions/gitlab-ai-provider/commit/8c1f2c4))

package/dist/index.d.mts

@@ -392,7 +392,10 @@ interface OpenCodeAuthOAuth {
     refresh: string;
     access: string;
     expires: number;
+    /** @deprecated Use enterpriseUrl instead. Kept for backwards compatibility with older auth.json files. */
     instanceUrl?: string;
+    /** Instance URL as written by opencode-gitlab-auth plugin (e.g. 'https://gitlab.com') */
+    enterpriseUrl?: string;
 }
 interface OpenCodeAuthApi {
     type: 'api';
@@ -400,8 +403,16 @@ interface OpenCodeAuthApi {
 }
 type OpenCodeAuth = OpenCodeAuthOAuth | OpenCodeAuthApi;
 /**
- * Bundled OAuth client ID for GitLab.com
- * Same as used in gitlab-vscode-extension
+ * Default OAuth client ID for GitLab.com
+ * This is the same client ID used by opencode-gitlab-auth plugin.
+ * The GITLAB_OAUTH_CLIENT_ID env var takes precedence if set.
+ * Note: VS Code extension uses a different client ID ('36f2a70c...') but we use the opencode plugin's ID
+ * to ensure token refresh works correctly with tokens created by the auth plugin.
+ */
+declare const OPENCODE_GITLAB_AUTH_CLIENT_ID = "1d89f9fdb23ee96d4e603201f6861dab6e143c5c3c00469a018a2d94bdc03d4e";
+/**
+ * @deprecated Use OPENCODE_GITLAB_AUTH_CLIENT_ID instead. This is the VS Code extension's client ID
+ * and will cause refresh failures if used with tokens created by opencode-gitlab-auth.
  */
 declare const BUNDLED_CLIENT_ID = "36f2a70cddeb5a0889d4fd8295c241b7e9848e89cf9e599d0eed2d8e5350fbf5";
 /**
@@ -463,7 +474,10 @@ declare class GitLabOAuthManager {
      */
     exchangeRefreshToken(params: RefreshTokenParams): Promise<GitLabOAuthTokens>;
     /**
-     * Get the OAuth client ID for an instance
+     * Get the OAuth client ID for an instance.
+     * Priority: env var > opencode-gitlab-auth default (for GitLab.com).
+     * Note: callers (e.g. exchangeRefreshToken) may pass an explicit clientId
+     * that bypasses this method entirely.
      */
     private getClientId;
     /**
@@ -680,4 +694,4 @@ declare class GitLabDirectAccessClient {
     invalidateToken(): void;
 }
 
-export { BUNDLED_CLIENT_ID, DEFAULT_AI_GATEWAY_URL, type DirectAccessToken, GITLAB_COM_URL, type GitLabAgenticOptions, type GitLabAnthropicConfig, GitLabAnthropicLanguageModel, GitLabDirectAccessClient, type GitLabDirectAccessConfig, GitLabError, type GitLabErrorOptions, GitLabOAuthManager, type GitLabOAuthTokenResponse, type GitLabOAuthTokens, type GitLabOpenAIConfig, GitLabOpenAILanguageModel, type GitLabProject, GitLabProjectCache, GitLabProjectDetector, type GitLabProjectDetectorConfig, type GitLabProvider, type GitLabProviderSettings, MODEL_ID_TO_ANTHROPIC_MODEL, MODEL_MAPPINGS, type ModelMapping, type ModelProvider, OAUTH_SCOPES, type OpenAIApiType, type OpenCodeAuth, type OpenCodeAuthApi, type OpenCodeAuthOAuth, TOKEN_EXPIRY_SKEW_MS, VERSION, createGitLab, getAnthropicModelForModelId, getModelMapping, getOpenAIApiType, getOpenAIModelForModelId, getProviderForModelId, getValidModelsForProvider, gitlab, isResponsesApiModel };
+export { BUNDLED_CLIENT_ID, DEFAULT_AI_GATEWAY_URL, type DirectAccessToken, GITLAB_COM_URL, type GitLabAgenticOptions, type GitLabAnthropicConfig, GitLabAnthropicLanguageModel, GitLabDirectAccessClient, type GitLabDirectAccessConfig, GitLabError, type GitLabErrorOptions, GitLabOAuthManager, type GitLabOAuthTokenResponse, type GitLabOAuthTokens, type GitLabOpenAIConfig, GitLabOpenAILanguageModel, type GitLabProject, GitLabProjectCache, GitLabProjectDetector, type GitLabProjectDetectorConfig, type GitLabProvider, type GitLabProviderSettings, MODEL_ID_TO_ANTHROPIC_MODEL, MODEL_MAPPINGS, type ModelMapping, type ModelProvider, OAUTH_SCOPES, OPENCODE_GITLAB_AUTH_CLIENT_ID, type OpenAIApiType, type OpenCodeAuth, type OpenCodeAuthApi, type OpenCodeAuthOAuth, TOKEN_EXPIRY_SKEW_MS, VERSION, createGitLab, getAnthropicModelForModelId, getModelMapping, getOpenAIApiType, getOpenAIModelForModelId, getProviderForModelId, getValidModelsForProvider, gitlab, isResponsesApiModel };

package/dist/index.d.ts

@@ -392,7 +392,10 @@ interface OpenCodeAuthOAuth {
     refresh: string;
     access: string;
     expires: number;
+    /** @deprecated Use enterpriseUrl instead. Kept for backwards compatibility with older auth.json files. */
     instanceUrl?: string;
+    /** Instance URL as written by opencode-gitlab-auth plugin (e.g. 'https://gitlab.com') */
+    enterpriseUrl?: string;
 }
 interface OpenCodeAuthApi {
     type: 'api';
@@ -400,8 +403,16 @@ interface OpenCodeAuthApi {
 }
 type OpenCodeAuth = OpenCodeAuthOAuth | OpenCodeAuthApi;
 /**
- * Bundled OAuth client ID for GitLab.com
- * Same as used in gitlab-vscode-extension
+ * Default OAuth client ID for GitLab.com
+ * This is the same client ID used by opencode-gitlab-auth plugin.
+ * The GITLAB_OAUTH_CLIENT_ID env var takes precedence if set.
+ * Note: VS Code extension uses a different client ID ('36f2a70c...') but we use the opencode plugin's ID
+ * to ensure token refresh works correctly with tokens created by the auth plugin.
+ */
+declare const OPENCODE_GITLAB_AUTH_CLIENT_ID = "1d89f9fdb23ee96d4e603201f6861dab6e143c5c3c00469a018a2d94bdc03d4e";
+/**
+ * @deprecated Use OPENCODE_GITLAB_AUTH_CLIENT_ID instead. This is the VS Code extension's client ID
+ * and will cause refresh failures if used with tokens created by opencode-gitlab-auth.
  */
 declare const BUNDLED_CLIENT_ID = "36f2a70cddeb5a0889d4fd8295c241b7e9848e89cf9e599d0eed2d8e5350fbf5";
 /**
@@ -463,7 +474,10 @@ declare class GitLabOAuthManager {
      */
     exchangeRefreshToken(params: RefreshTokenParams): Promise<GitLabOAuthTokens>;
     /**
-     * Get the OAuth client ID for an instance
+     * Get the OAuth client ID for an instance.
+     * Priority: env var > opencode-gitlab-auth default (for GitLab.com).
+     * Note: callers (e.g. exchangeRefreshToken) may pass an explicit clientId
+     * that bypasses this method entirely.
      */
     private getClientId;
     /**
@@ -680,4 +694,4 @@ declare class GitLabDirectAccessClient {
     invalidateToken(): void;
 }
 
-export { BUNDLED_CLIENT_ID, DEFAULT_AI_GATEWAY_URL, type DirectAccessToken, GITLAB_COM_URL, type GitLabAgenticOptions, type GitLabAnthropicConfig, GitLabAnthropicLanguageModel, GitLabDirectAccessClient, type GitLabDirectAccessConfig, GitLabError, type GitLabErrorOptions, GitLabOAuthManager, type GitLabOAuthTokenResponse, type GitLabOAuthTokens, type GitLabOpenAIConfig, GitLabOpenAILanguageModel, type GitLabProject, GitLabProjectCache, GitLabProjectDetector, type GitLabProjectDetectorConfig, type GitLabProvider, type GitLabProviderSettings, MODEL_ID_TO_ANTHROPIC_MODEL, MODEL_MAPPINGS, type ModelMapping, type ModelProvider, OAUTH_SCOPES, type OpenAIApiType, type OpenCodeAuth, type OpenCodeAuthApi, type OpenCodeAuthOAuth, TOKEN_EXPIRY_SKEW_MS, VERSION, createGitLab, getAnthropicModelForModelId, getModelMapping, getOpenAIApiType, getOpenAIModelForModelId, getProviderForModelId, getValidModelsForProvider, gitlab, isResponsesApiModel };
+export { BUNDLED_CLIENT_ID, DEFAULT_AI_GATEWAY_URL, type DirectAccessToken, GITLAB_COM_URL, type GitLabAgenticOptions, type GitLabAnthropicConfig, GitLabAnthropicLanguageModel, GitLabDirectAccessClient, type GitLabDirectAccessConfig, GitLabError, type GitLabErrorOptions, GitLabOAuthManager, type GitLabOAuthTokenResponse, type GitLabOAuthTokens, type GitLabOpenAIConfig, GitLabOpenAILanguageModel, type GitLabProject, GitLabProjectCache, GitLabProjectDetector, type GitLabProjectDetectorConfig, type GitLabProvider, type GitLabProviderSettings, MODEL_ID_TO_ANTHROPIC_MODEL, MODEL_MAPPINGS, type ModelMapping, type ModelProvider, OAUTH_SCOPES, OPENCODE_GITLAB_AUTH_CLIENT_ID, type OpenAIApiType, type OpenCodeAuth, type OpenCodeAuthApi, type OpenCodeAuthOAuth, TOKEN_EXPIRY_SKEW_MS, VERSION, createGitLab, getAnthropicModelForModelId, getModelMapping, getOpenAIApiType, getOpenAIModelForModelId, getProviderForModelId, getValidModelsForProvider, gitlab, isResponsesApiModel };

package/dist/index.js

@@ -42,6 +42,7 @@ __export(index_exports, {
   MODEL_ID_TO_ANTHROPIC_MODEL: () => MODEL_ID_TO_ANTHROPIC_MODEL,
   MODEL_MAPPINGS: () => MODEL_MAPPINGS,
   OAUTH_SCOPES: () => OAUTH_SCOPES,
+  OPENCODE_GITLAB_AUTH_CLIENT_ID: () => OPENCODE_GITLAB_AUTH_CLIENT_ID,
   TOKEN_EXPIRY_SKEW_MS: () => TOKEN_EXPIRY_SKEW_MS,
   VERSION: () => VERSION,
   createGitLab: () => createGitLab,
@@ -722,6 +723,7 @@ var import_openai = __toESM(require("openai"));
 // src/model-mappings.ts
 var MODEL_MAPPINGS = {
   // Anthropic models
+  "duo-chat-opus-4-6": { provider: "anthropic", model: "claude-opus-4-6" },
   "duo-chat-opus-4-5": { provider: "anthropic", model: "claude-opus-4-5-20251101" },
   "duo-chat-sonnet-4-5": { provider: "anthropic", model: "claude-sonnet-4-5-20250929" },
   "duo-chat-haiku-4-5": { provider: "anthropic", model: "claude-haiku-4-5-20251001" },
@@ -1517,6 +1519,7 @@ var GitLabOpenAILanguageModel = class {
 };
 
 // src/gitlab-oauth-types.ts
+var OPENCODE_GITLAB_AUTH_CLIENT_ID = "1d89f9fdb23ee96d4e603201f6861dab6e143c5c3c00469a018a2d94bdc03d4e";
 var BUNDLED_CLIENT_ID = "36f2a70cddeb5a0889d4fd8295c241b7e9848e89cf9e599d0eed2d8e5350fbf5";
 var GITLAB_COM_URL = "https://gitlab.com";
 var TOKEN_EXPIRY_SKEW_MS = 5 * 60 * 1e3;
@@ -1590,14 +1593,21 @@ var GitLabOAuthManager = class {
     return this.createTokensFromResponse(tokenResponse, instanceUrl);
   }
   /**
-   * Get the OAuth client ID for an instance
+   * Get the OAuth client ID for an instance.
+   * Priority: env var > opencode-gitlab-auth default (for GitLab.com).
+   * Note: callers (e.g. exchangeRefreshToken) may pass an explicit clientId
+   * that bypasses this method entirely.
    */
   getClientId(instanceUrl) {
+    const envClientId = process.env["GITLAB_OAUTH_CLIENT_ID"];
+    if (envClientId) {
+      return envClientId;
+    }
     if (instanceUrl === GITLAB_COM_URL) {
-      return BUNDLED_CLIENT_ID;
+      return OPENCODE_GITLAB_AUTH_CLIENT_ID;
     }
     throw new GitLabError({
-      message: `No OAuth client ID configured for instance ${instanceUrl}. Please provide a clientId parameter.`
+      message: `No OAuth client ID configured for instance ${instanceUrl}. Please provide a clientId parameter or set GITLAB_OAUTH_CLIENT_ID environment variable.`
     });
   }
   /**
@@ -1679,7 +1689,7 @@ var GitLabOAuthManager = class {
 };
 
 // src/version.ts
-var VERSION = true ? "3.4.0" : "0.0.0-dev";
+var VERSION = true ? "3.5.0" : "0.0.0-dev";
 
 // src/gitlab-provider.ts
 var fs = __toESM(require("fs"));
@@ -1732,20 +1742,26 @@ async function loadApiKey(options, instanceUrl, clientId) {
         });
         const authPath = getOpenCodeAuthPath();
         const authData = JSON.parse(fs.readFileSync(authPath, "utf-8"));
-        const normalizedUrl = instanceUrl.replace(/\/$/, "");
-        authData[normalizedUrl] = {
+        authData.gitlab = {
           type: "oauth",
           refresh: refreshed.refreshToken,
           access: refreshed.accessToken,
           expires: refreshed.expiresAt,
-          instanceUrl
+          enterpriseUrl: instanceUrl
+          // Use enterpriseUrl to match auth plugin format
         };
-        fs.writeFileSync(authPath, JSON.stringify(authData, null, 2));
+        fs.writeFileSync(authPath, JSON.stringify(authData, null, 2), { mode: 384 });
         return refreshed.accessToken;
       } catch (error) {
-        console.warn(
-          `Failed to refresh OAuth token: ${error instanceof Error ? error.message : String(error)}`
-        );
+        const refreshErrorMsg = error instanceof Error ? error.message : String(error);
+        console.warn(`Failed to refresh OAuth token: ${refreshErrorMsg}`);
+        const envApiKey = process.env[options.environmentVariableName];
+        if (envApiKey) {
+          return envApiKey;
+        }
+        throw new GitLabError({
+          message: `OAuth token refresh failed and no fallback ${options.environmentVariableName} environment variable is set. Refresh error: ${refreshErrorMsg}. Re-authenticate with 'opencode auth login gitlab' or set ${options.environmentVariableName}.`
+        });
       }
     } else {
       return auth.access;
@@ -1794,7 +1810,16 @@ function createGitLab(options = {}) {
   const refreshApiKey = async () => {
     cachedApiKey = void 0;
     apiKeyPromise = void 0;
-    cachedApiKey = await getApiKey();
+    cachedApiKey = await loadApiKey(
+      {
+        apiKey: void 0,
+        // Bypass stale options.apiKey to force auth.json read
+        environmentVariableName: "GITLAB_TOKEN",
+        description: "GitLab"
+      },
+      instanceUrl,
+      options.clientId
+    );
   };
   const getHeaders = () => {
     const apiKey = cachedApiKey || options.apiKey || process.env["GITLAB_TOKEN"] || "";
@@ -2171,6 +2196,7 @@ var GitLabProjectDetector = class {
   MODEL_ID_TO_ANTHROPIC_MODEL,
   MODEL_MAPPINGS,
   OAUTH_SCOPES,
+  OPENCODE_GITLAB_AUTH_CLIENT_ID,
   TOKEN_EXPIRY_SKEW_MS,
   VERSION,
   createGitLab,