@hung319/opencode-iflow-cli 1.1.1

package/README.md

@@ -0,0 +1,187 @@
+# OpenCode iFlow CLI Plugin
+
+[![npm version](https://img.shields.io/npm/v/@hung319/opencode-iflow-cli)](https://www.npmjs.com/package/@hung319/opencode-iflow-cli)
+[![npm downloads](https://img.shields.io/npm/dm/@hung319/opencode-iflow-cli)](https://www.npmjs.com/package/@hung319/opencode-iflow-cli)
+[![license](https://img.shields.io/npm/l/@hung319/opencode-iflow-cli)](https://www.npmjs.com/package/@hung319/opencode-iflow-cli)
+
+OpenCode plugin for iFlow.cn providing access to Qwen, DeepSeek, Kimi, GLM, and iFlow ROME models with auto-configuration and headless OAuth support.
+
+## Features
+
+- **Auto-configuration**: Models are automatically configured, no manual setup needed.
+- **Dual authentication**: OAuth 2.0 (PKCE) and API Key support.
+- **Headless support**: Works in SSH, containers, and CI environments with manual code input.
+- **Multi-account rotation**: Sticky and round-robin strategies for account selection.
+- **Automated token refresh** and rate limit handling with exponential backoff.
+- **Native thinking mode support** for GLM-4.x and DeepSeek R1 models.
+- **Flexible OAuth**: Automatic browser redirect OR manual code input - both work!
+
+## Installation
+
+```bash
+npm install -g @hung319/opencode-iflow-cli
+```
+
+Or add to your `opencode.json`:
+
+```json
+{
+  "plugin": ["@hung319/opencode-iflow-cli"]
+}
+```
+
+That's it! Models are automatically configured. No manual provider configuration needed.
+
+## Quick Start
+
+### Interactive Mode (with browser)
+
+```bash
+opencode auth login
+# Select: Other → type "iflow" → Enter
+# Choose: OAuth 2.0 or API Key
+```
+
+Browser will open automatically. Complete authentication and you're done!
+
+### Headless Mode (SSH, CI, Containers)
+
+```bash
+opencode auth login
+# Select: Other → type "iflow" → Enter
+# Choose: OAuth 2.0
+```
+
+1. Open the displayed URL in your local browser.
+2. Complete authentication on iFlow.cn.
+3. Copy the callback URL or authorization code.
+4. Paste it back into the terminal.
+
+The plugin automatically detects headless environments and adapts accordingly.
+
+## Configuration
+
+Optional configuration file at `~/.config/opencode/iflow.json`:
+
+```json
+{
+  "default_auth_method": "oauth",
+  "account_selection_strategy": "round-robin",
+  "auth_server_port_start": 8087,
+  "auth_server_port_range": 10,
+  "max_request_iterations": 50,
+  "request_timeout_ms": 300000,
+  "enable_log_api_request": false
+}
+```
+
+### Configuration Options
+
+| Option | Description | Default |
+|--------|-------------|---------|
+| `default_auth_method` | Auth method (`oauth`, `apikey`) | `oauth` |
+| `account_selection_strategy` | Rotation strategy (`sticky`, `round-robin`) | `round-robin` |
+| `auth_server_port_start` | OAuth callback server starting port | `8087` |
+| `auth_server_port_range` | Number of ports to try | `10` |
+| `max_request_iterations` | Max iterations to prevent hangs | `50` |
+| `request_timeout_ms` | Request timeout in milliseconds | `300000` |
+| `enable_log_api_request` | Enable request/response logging | `false` |
+
+### Environment Variables
+
+All config options can be overridden via environment variables:
+
+```bash
+export IFLOW_DEFAULT_AUTH_METHOD=oauth
+export IFLOW_ACCOUNT_SELECTION_STRATEGY=round-robin
+export IFLOW_AUTH_SERVER_PORT_START=8087
+export IFLOW_MAX_REQUEST_ITERATIONS=50
+export IFLOW_REQUEST_TIMEOUT_MS=300000
+```
+
+## Supported Models
+
+Models are automatically configured when you install the plugin:
+
+| Model | Context | Output | Features |
+|-------|---------|--------|----------|
+| `iflow-rome-30ba3b` | 256K | 64K | iFlow ROME 30B |
+| `qwen3-coder-plus` | 1M | 64K | Qwen3 Coder Plus |
+| `qwen3-max` | 256K | 32K | Qwen3 Max |
+| `qwen3-vl-plus` | 256K | 32K | Vision support |
+| `qwen3-235b-a22b-thinking-2507` | 256K | 64K | Thinking mode |
+| `kimi-k2` | 128K | 64K | Kimi K2 |
+| `kimi-k2-0905` | 256K | 64K | Kimi K2 0905 |
+| `glm-4.6` | 200K | 128K | Thinking + Vision |
+| `deepseek-v3` | 128K | 32K | DeepSeek V3 |
+| `deepseek-v3.2` | 128K | 64K | DeepSeek V3.2 |
+| `deepseek-r1` | 128K | 32K | Reasoning model |
+| `qwen3-32b` | 128K | 32K | Qwen3 32B |
+
+## Data Storage
+
+**Linux/macOS:**
+- Credentials: `~/.config/opencode/iflow-accounts.json`
+- Config: `~/.config/opencode/iflow.json`
+
+**Windows:**
+- Credentials: `%APPDATA%\opencode\iflow-accounts.json`
+- Config: `%APPDATA%\opencode\iflow.json`
+
+## Thinking Models
+
+### GLM-4.6
+
+Variants with thinking budgets:
+
+```json
+{
+  "model": "glm-4.6",
+  "variant": "medium"
+}
+```
+
+Available variants:
+- `low`: 1024 thinking tokens
+- `medium`: 8192 thinking tokens
+- `max`: 32768 thinking tokens
+
+### DeepSeek R1
+
+```json
+{
+  "model": "deepseek-r1",
+  "variant": "medium"
+}
+```
+
+Same variant options as GLM-4.6.
+
+## Headless Environment Detection
+
+The plugin automatically detects headless environments via:
+- `SSH_CONNECTION`, `SSH_CLIENT`, `SSH_TTY`
+- `OPENCODE_HEADLESS`
+- `CI`, `CONTAINER`
+- Missing `DISPLAY` on Linux
+
+In headless mode:
+- OAuth URL is displayed for manual opening
+- Browser auto-open is disabled
+- Manual code input is prompted
+
+## Links
+
+- **NPM Package**: https://www.npmjs.com/package/@hung319/opencode-iflow-cli
+- **GitHub Repository**: https://github.com/hung319/opencode-iflow-cli
+- **Issues**: https://github.com/hung319/opencode-iflow-cli/issues
+
+## License
+
+MIT
+
+## Disclaimer
+
+This plugin is provided strictly for learning and educational purposes. It is an independent implementation and is not affiliated with, endorsed by, or supported by iFlow.cn. Use of this plugin is at your own risk.
+
+Feel free to open a PR to optimize this plugin further.

package/dist/constants.d.ts

@@ -0,0 +1,19 @@
+export type IFlowAuthMethod = 'oauth' | 'apikey';
+export declare function isValidAuthMethod(method: string): method is IFlowAuthMethod;
+export declare const IFLOW_CONSTANTS: {
+    BASE_URL: string;
+    OAUTH_TOKEN_URL: string;
+    OAUTH_AUTHORIZE_URL: string;
+    USER_INFO_URL: string;
+    SUCCESS_REDIRECT: string;
+    CLIENT_ID: string;
+    CLIENT_SECRET: string;
+    AXIOS_TIMEOUT: number;
+    USER_AGENT: string;
+    CALLBACK_PORT_START: number;
+    CALLBACK_PORT_RANGE: number;
+};
+export declare const SUPPORTED_MODELS: string[];
+export declare const THINKING_MODELS: string[];
+export declare function isThinkingModel(model: string): boolean;
+export declare function applyThinkingConfig(body: any, model: string): any;

package/dist/constants.js

@@ -0,0 +1,61 @@
+export function isValidAuthMethod(method) {
+    return method === 'oauth' || method === 'apikey';
+}
+export const IFLOW_CONSTANTS = {
+    BASE_URL: 'https://apis.iflow.cn/v1',
+    OAUTH_TOKEN_URL: 'https://iflow.cn/oauth/token',
+    OAUTH_AUTHORIZE_URL: 'https://iflow.cn/oauth',
+    USER_INFO_URL: 'https://iflow.cn/api/oauth/getUserInfo',
+    SUCCESS_REDIRECT: 'https://iflow.cn/oauth/success',
+    CLIENT_ID: '10009311001',
+    CLIENT_SECRET: '4Z3YjXycVsQvyGF1etiNlIBB4RsqSDtW',
+    AXIOS_TIMEOUT: 120000,
+    USER_AGENT: 'OpenCode-iFlow',
+    CALLBACK_PORT_START: 8087,
+    CALLBACK_PORT_RANGE: 10
+};
+export const SUPPORTED_MODELS = [
+    'iflow-rome-30ba3b',
+    'qwen3-coder-plus',
+    'qwen3-max',
+    'qwen3-vl-plus',
+    'qwen3-max-preview',
+    'qwen3-32b',
+    'qwen3-235b-a22b-thinking-2507',
+    'qwen3-235b-a22b-instruct',
+    'qwen3-235b',
+    'kimi-k2-0905',
+    'kimi-k2',
+    'glm-4.6',
+    'deepseek-v3.2',
+    'deepseek-r1',
+    'deepseek-v3'
+];
+export const THINKING_MODELS = ['glm-4.6', 'qwen3-235b-a22b-thinking-2507', 'deepseek-r1'];
+export function isThinkingModel(model) {
+    return THINKING_MODELS.some((m) => model.startsWith(m));
+}
+export function applyThinkingConfig(body, model) {
+    const thinkingBudget = body.providerOptions?.thinkingConfig?.thinkingBudget;
+    if (model.startsWith('glm-4')) {
+        const result = {
+            ...body,
+            chat_template_kwargs: {
+                enable_thinking: true,
+                clear_thinking: false
+            }
+        };
+        if (thinkingBudget) {
+            result.thinking_budget = thinkingBudget;
+        }
+        return result;
+    }
+    if (model.startsWith('deepseek-r1')) {
+        const result = { ...body };
+        if (thinkingBudget) {
+            result.thinking_budget = thinkingBudget;
+        }
+        return result;
+    }
+    return body;
+}

package/dist/iflow/apikey.d.ts

@@ -0,0 +1,6 @@
+export interface IFlowApiKeyResult {
+    apiKey: string;
+    email: string;
+    authMethod: 'apikey';
+}
+export declare function validateApiKey(apiKey: string): Promise<IFlowApiKeyResult>;

package/dist/iflow/apikey.js

@@ -0,0 +1,17 @@
+import { IFLOW_CONSTANTS } from '../constants';
+export async function validateApiKey(apiKey) {
+    const response = await fetch(`${IFLOW_CONSTANTS.BASE_URL}/models`, {
+        headers: {
+            Authorization: `Bearer ${apiKey}`,
+            'User-Agent': IFLOW_CONSTANTS.USER_AGENT
+        }
+    });
+    if (!response.ok) {
+        throw new Error(`API key validation failed: ${response.status}`);
+    }
+    return {
+        apiKey,
+        email: 'api-key-user',
+        authMethod: 'apikey'
+    };
+}

package/dist/iflow/oauth.d.ts

@@ -0,0 +1,20 @@
+export interface IFlowOAuthAuthorization {
+    authUrl: string;
+    state: string;
+    redirectUri: string;
+}
+export interface IFlowOAuthTokenResult {
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+    apiKey: string;
+    email: string;
+    authMethod: 'oauth';
+}
+export declare function authorizeIFlowOAuth(port: number): Promise<IFlowOAuthAuthorization>;
+export declare function exchangeOAuthCode(code: string, redirectUri: string): Promise<IFlowOAuthTokenResult>;
+export declare function refreshOAuthToken(refreshToken: string): Promise<IFlowOAuthTokenResult>;
+export declare function fetchUserInfo(accessToken: string): Promise<{
+    apiKey: string;
+    email: string;
+}>;

package/dist/iflow/oauth.js

@@ -0,0 +1,113 @@
+import { IFLOW_CONSTANTS } from '../constants';
+import { randomBytes } from 'node:crypto';
+function base64URLEncode(buffer) {
+    return buffer.toString('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
+}
+function generateState() {
+    return base64URLEncode(randomBytes(16));
+}
+export async function authorizeIFlowOAuth(port) {
+    const state = generateState();
+    const redirectUri = `http://localhost:${port}/oauth2callback`;
+    const params = new URLSearchParams({
+        loginMethod: 'phone',
+        type: 'phone',
+        redirect: redirectUri,
+        state,
+        client_id: IFLOW_CONSTANTS.CLIENT_ID
+    });
+    const authUrl = `${IFLOW_CONSTANTS.OAUTH_AUTHORIZE_URL}?${params.toString()}`;
+    return { authUrl, state, redirectUri };
+}
+export async function exchangeOAuthCode(code, redirectUri) {
+    const params = new URLSearchParams({
+        grant_type: 'authorization_code',
+        code,
+        redirect_uri: redirectUri,
+        client_id: IFLOW_CONSTANTS.CLIENT_ID,
+        client_secret: IFLOW_CONSTANTS.CLIENT_SECRET
+    });
+    const basicAuth = Buffer.from(`${IFLOW_CONSTANTS.CLIENT_ID}:${IFLOW_CONSTANTS.CLIENT_SECRET}`).toString('base64');
+    const response = await fetch(IFLOW_CONSTANTS.OAUTH_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            Accept: 'application/json',
+            Authorization: `Basic ${basicAuth}`
+        },
+        body: params.toString()
+    });
+    if (!response.ok) {
+        const errorText = await response.text().catch(() => '');
+        throw new Error(`Token exchange failed: ${response.status} ${errorText}`);
+    }
+    const data = await response.json();
+    const userInfo = await fetchUserInfo(data.access_token);
+    const expiresIn = data.expires_in || 3600;
+    const expiresAt = Date.now() + expiresIn * 1000;
+    return {
+        accessToken: data.access_token,
+        refreshToken: data.refresh_token,
+        expiresAt,
+        apiKey: userInfo.apiKey,
+        email: userInfo.email,
+        authMethod: 'oauth'
+    };
+}
+export async function refreshOAuthToken(refreshToken) {
+    const params = new URLSearchParams({
+        grant_type: 'refresh_token',
+        refresh_token: refreshToken,
+        client_id: IFLOW_CONSTANTS.CLIENT_ID,
+        client_secret: IFLOW_CONSTANTS.CLIENT_SECRET
+    });
+    const basicAuth = Buffer.from(`${IFLOW_CONSTANTS.CLIENT_ID}:${IFLOW_CONSTANTS.CLIENT_SECRET}`).toString('base64');
+    const response = await fetch(IFLOW_CONSTANTS.OAUTH_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            Accept: 'application/json',
+            Authorization: `Basic ${basicAuth}`
+        },
+        body: params.toString()
+    });
+    if (!response.ok) {
+        const errorText = await response.text().catch(() => '');
+        throw new Error(`Token refresh failed: ${response.status} ${errorText}`);
+    }
+    const data = await response.json();
+    const userInfo = await fetchUserInfo(data.access_token);
+    const expiresIn = data.expires_in || 3600;
+    const expiresAt = Date.now() + expiresIn * 1000;
+    return {
+        accessToken: data.access_token,
+        refreshToken: data.refresh_token || refreshToken,
+        expiresAt,
+        apiKey: userInfo.apiKey,
+        email: userInfo.email,
+        authMethod: 'oauth'
+    };
+}
+export async function fetchUserInfo(accessToken) {
+    const response = await fetch(`${IFLOW_CONSTANTS.USER_INFO_URL}?accessToken=${encodeURIComponent(accessToken)}`, {
+        headers: {
+            Accept: 'application/json'
+        }
+    });
+    if (!response.ok) {
+        const errorText = await response.text().catch(() => '');
+        throw new Error(`User info fetch failed: ${response.status} ${errorText}`);
+    }
+    const data = await response.json();
+    if (!data.success || !data.data) {
+        throw new Error('User info request not successful');
+    }
+    if (!data.data.apiKey) {
+        throw new Error('Missing apiKey in user info response');
+    }
+    const email = data.data.email || data.data.phone || 'oauth-user';
+    return {
+        apiKey: data.data.apiKey,
+        email
+    };
+}

package/dist/index.d.ts

@@ -0,0 +1,3 @@
+export { IFlowOAuthPlugin } from './plugin.js';
+export type { IFlowConfig } from './plugin/config/index.js';
+export type { IFlowAuthMethod, ManagedAccount } from './plugin/types.js';

package/dist/index.js

@@ -0,0 +1 @@
+export { IFlowOAuthPlugin } from './plugin.js';

package/dist/plugin/accounts.d.ts

@@ -0,0 +1,24 @@
+import type { ManagedAccount, AccountSelectionStrategy, IFlowAuthDetails, RefreshParts } from './types';
+export declare function generateAccountId(): string;
+export declare function encodeRefreshToken(parts: RefreshParts): string;
+export declare function decodeRefreshToken(encoded: string): RefreshParts;
+export declare class AccountManager {
+    private accounts;
+    private cursor;
+    private strategy;
+    private lastToastTime;
+    constructor(accounts: ManagedAccount[], strategy?: AccountSelectionStrategy);
+    static loadFromDisk(strategy?: AccountSelectionStrategy): Promise<AccountManager>;
+    getAccountCount(): number;
+    getAccounts(): ManagedAccount[];
+    shouldShowToast(debounce?: number): boolean;
+    getMinWaitTime(): number;
+    getCurrentOrNext(): ManagedAccount | null;
+    addAccount(a: ManagedAccount): void;
+    removeAccount(a: ManagedAccount): void;
+    updateFromAuth(a: ManagedAccount, auth: IFlowAuthDetails): void;
+    markRateLimited(a: ManagedAccount, ms: number): void;
+    markUnhealthy(a: ManagedAccount, reason: string, recovery?: number): void;
+    saveToDisk(): Promise<void>;
+    toAuthDetails(a: ManagedAccount): IFlowAuthDetails;
+}

package/dist/plugin/accounts.js

@@ -0,0 +1,147 @@
+import { randomBytes } from 'node:crypto';
+import { loadAccounts, saveAccounts } from './storage';
+export function generateAccountId() {
+    return randomBytes(16).toString('hex');
+}
+export function encodeRefreshToken(parts) {
+    return Buffer.from(JSON.stringify(parts)).toString('base64');
+}
+export function decodeRefreshToken(encoded) {
+    try {
+        return JSON.parse(Buffer.from(encoded, 'base64').toString('utf-8'));
+    }
+    catch {
+        return { authMethod: 'apikey' };
+    }
+}
+export class AccountManager {
+    accounts;
+    cursor;
+    strategy;
+    lastToastTime = 0;
+    constructor(accounts, strategy = 'sticky') {
+        this.accounts = accounts;
+        this.cursor = 0;
+        this.strategy = strategy;
+    }
+    static async loadFromDisk(strategy) {
+        const s = await loadAccounts();
+        return new AccountManager(s.accounts, strategy || 'sticky');
+    }
+    getAccountCount() {
+        return this.accounts.length;
+    }
+    getAccounts() {
+        return [...this.accounts];
+    }
+    shouldShowToast(debounce = 30000) {
+        if (Date.now() - this.lastToastTime < debounce)
+            return false;
+        this.lastToastTime = Date.now();
+        return true;
+    }
+    getMinWaitTime() {
+        const now = Date.now();
+        const waits = this.accounts.map((a) => (a.rateLimitResetTime || 0) - now).filter((t) => t > 0);
+        return waits.length > 0 ? Math.min(...waits) : 0;
+    }
+    getCurrentOrNext() {
+        const now = Date.now();
+        const available = this.accounts.filter((a) => {
+            if (!a.isHealthy) {
+                if (a.recoveryTime && now >= a.recoveryTime) {
+                    a.isHealthy = true;
+                    delete a.unhealthyReason;
+                    delete a.recoveryTime;
+                    return true;
+                }
+                return false;
+            }
+            return !(a.rateLimitResetTime && now < a.rateLimitResetTime);
+        });
+        if (available.length === 0)
+            return null;
+        let selected;
+        if (this.strategy === 'sticky') {
+            selected = available.find((_, i) => i === this.cursor) || available[0];
+        }
+        else if (this.strategy === 'round-robin') {
+            selected = available[this.cursor % available.length];
+            this.cursor = (this.cursor + 1) % available.length;
+        }
+        if (selected) {
+            selected.lastUsed = now;
+            this.cursor = this.accounts.indexOf(selected);
+            return selected;
+        }
+        return null;
+    }
+    addAccount(a) {
+        const i = this.accounts.findIndex((x) => x.id === a.id);
+        if (i === -1)
+            this.accounts.push(a);
+        else
+            this.accounts[i] = a;
+    }
+    removeAccount(a) {
+        const removedIndex = this.accounts.findIndex((x) => x.id === a.id);
+        if (removedIndex === -1)
+            return;
+        this.accounts = this.accounts.filter((x) => x.id !== a.id);
+        if (this.accounts.length === 0) {
+            this.cursor = 0;
+        }
+        else if (this.cursor >= this.accounts.length) {
+            this.cursor = this.accounts.length - 1;
+        }
+        else if (removedIndex <= this.cursor && this.cursor > 0) {
+            this.cursor--;
+        }
+    }
+    updateFromAuth(a, auth) {
+        const acc = this.accounts.find((x) => x.id === a.id);
+        if (acc) {
+            acc.apiKey = auth.apiKey;
+            if (auth.authMethod === 'oauth') {
+                acc.accessToken = auth.access;
+                acc.expiresAt = auth.expires;
+                const p = decodeRefreshToken(auth.refresh);
+                acc.refreshToken = p.refreshToken;
+            }
+            acc.lastUsed = Date.now();
+            if (auth.email)
+                acc.email = auth.email;
+        }
+    }
+    markRateLimited(a, ms) {
+        const acc = this.accounts.find((x) => x.id === a.id);
+        if (acc)
+            acc.rateLimitResetTime = Date.now() + ms;
+    }
+    markUnhealthy(a, reason, recovery) {
+        const acc = this.accounts.find((x) => x.id === a.id);
+        if (acc) {
+            acc.isHealthy = false;
+            acc.unhealthyReason = reason;
+            acc.recoveryTime = recovery;
+        }
+    }
+    async saveToDisk() {
+        const metadata = this.accounts.map(({ lastUsed, ...rest }) => rest);
+        await saveAccounts({ version: 1, accounts: metadata, activeIndex: this.cursor });
+    }
+    toAuthDetails(a) {
+        const p = {
+            refreshToken: a.refreshToken,
+            authMethod: a.authMethod
+        };
+        return {
+            refresh: encodeRefreshToken(p),
+            access: a.accessToken || '',
+            expires: a.expiresAt || 0,
+            authMethod: a.authMethod,
+            apiKey: a.apiKey,
+            email: a.email
+        };
+    }
+}

package/dist/plugin/auth-page.d.ts

@@ -0,0 +1,3 @@
+export declare function getIDCAuthHtml(verificationUrl: string, userCode: string, statusUrl: string): string;
+export declare function getSuccessHtml(): string;
+export declare function getErrorHtml(message: string): string;