@hypeitnow/opencode-claude-auth 1.6.0

package/dist/oauth.js

@@ -0,0 +1,158 @@
+// OAuth 2.0 + PKCE flow for Anthropic's platform console.
+// Ported from ex-machina/opencode-anthropic-auth to add a fallback auth
+// method: when the raw `sk-ant-` Keychain key is rejected by Anthropic's
+// API (typical for org-locked accounts where direct console API keys are
+// unavailable), the plugin can prompt the user to authorize via the
+// `org:create_api_key` / `user:inference` OAuth flow. The resulting
+// {access, refresh, expires} triple is what Anthropic accepts.
+//
+// Two authorisation modes:
+//   - "console": full org scope, can create API keys (default for fallback)
+//   - "max":     claude.ai Pro/Max subscription
+//
+// Tokens are exchanged at platform.claude.com/v1/oauth/token. The user
+// pastes the callback URL (or just the `code#state` pair) into opencode's
+// auth prompt, and the plugin exchanges it for the access/refresh pair.
+import { generatePKCE } from "./pkce.js";
+import { log } from "./logger.js";
+export const CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e";
+const AUTHORIZE_URLS = {
+    console: "https://platform.claude.com/oauth/authorize",
+    max: "https://claude.ai/oauth/authorize",
+};
+const CODE_CALLBACK_URL = "https://platform.claude.com/oauth/code/callback";
+const TOKEN_URL = "https://platform.claude.com/v1/oauth/token";
+const OAUTH_SCOPES = [
+    "org:create_api_key",
+    "user:profile",
+    "user:inference",
+    "user:sessions:claude_code",
+    "user:mcp_servers",
+    "user:file_upload",
+];
+function generateState() {
+    return crypto.randomUUID().replace(/-/g, "");
+}
+function parseCallbackInput(input) {
+    const trimmed = input.trim();
+    try {
+        const url = new URL(trimmed);
+        const code = url.searchParams.get("code");
+        const state = url.searchParams.get("state");
+        if (code && state)
+            return { code, state };
+    }
+    catch {
+        // Not a URL; try legacy formats below.
+    }
+    const hashSplits = trimmed.split("#");
+    if (hashSplits.length === 2 && hashSplits[0] && hashSplits[1]) {
+        return { code: hashSplits[0], state: hashSplits[1] };
+    }
+    const params = new URLSearchParams(trimmed);
+    const code = params.get("code");
+    const state = params.get("state");
+    if (code && state)
+        return { code, state };
+    return null;
+}
+export async function exchangeCode(callback, verifier, redirectUri, expectedState) {
+    if (expectedState && callback.state !== expectedState) {
+        log("oauth_state_mismatch", { expected: expectedState, got: callback.state });
+        return { type: "failed" };
+    }
+    let response;
+    try {
+        response = await fetch(TOKEN_URL, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                Accept: "application/json, text/plain, */*",
+                "User-Agent": "axios/1.13.6",
+            },
+            body: JSON.stringify({
+                code: callback.code,
+                state: callback.state,
+                grant_type: "authorization_code",
+                client_id: CLIENT_ID,
+                redirect_uri: redirectUri,
+                code_verifier: verifier,
+            }),
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        log("oauth_exchange_network_error", { error: message });
+        return { type: "failed" };
+    }
+    if (!response.ok) {
+        const body = await response.text().catch(() => "");
+        log("oauth_exchange_failed", { status: response.status, body });
+        return { type: "failed" };
+    }
+    const json = (await response.json());
+    return {
+        type: "success",
+        access: json.access_token,
+        refresh: json.refresh_token,
+        expires: Date.now() + json.expires_in * 1000,
+    };
+}
+export async function refreshTokens(refresh) {
+    let response;
+    try {
+        response = await fetch(TOKEN_URL, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                Accept: "application/json, text/plain, */*",
+                "User-Agent": "axios/1.13.6",
+            },
+            body: JSON.stringify({
+                grant_type: "refresh_token",
+                refresh_token: refresh,
+                client_id: CLIENT_ID,
+            }),
+        });
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        log("oauth_refresh_network_error", { error: message });
+        return { type: "failed" };
+    }
+    if (!response.ok) {
+        const body = await response.text().catch(() => "");
+        log("oauth_refresh_failed", { status: response.status, body });
+        return { type: "failed" };
+    }
+    const json = (await response.json());
+    return {
+        type: "success",
+        access: json.access_token,
+        refresh: json.refresh_token,
+        expires: Date.now() + json.expires_in * 1000,
+    };
+}
+export async function buildAuthorizationUrl(mode = "console") {
+    const pkce = await generatePKCE();
+    const state = generateState();
+    const url = new URL(AUTHORIZE_URLS[mode]);
+    url.searchParams.set("code", "true");
+    url.searchParams.set("client_id", CLIENT_ID);
+    url.searchParams.set("response_type", "code");
+    url.searchParams.set("redirect_uri", CODE_CALLBACK_URL);
+    url.searchParams.set("scope", OAUTH_SCOPES.join(" "));
+    url.searchParams.set("code_challenge", pkce.challenge);
+    url.searchParams.set("code_challenge_method", "S256");
+    url.searchParams.set("state", state);
+    return {
+        url: url.toString(),
+        verifier: pkce.verifier,
+        state,
+        redirectUri: CODE_CALLBACK_URL,
+    };
+}
+export function parseCallback(input) {
+    return parseCallbackInput(input);
+}
+//# sourceMappingURL=oauth.js.map

package/dist/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAAA,0DAA0D;AAC1D,wEAAwE;AACxE,yEAAyE;AACzE,yEAAyE;AACzE,oEAAoE;AACpE,oEAAoE;AACpE,+DAA+D;AAC/D,EAAE;AACF,2BAA2B;AAC3B,4EAA4E;AAC5E,gDAAgD;AAChD,EAAE;AACF,uEAAuE;AACvE,0EAA0E;AAC1E,wEAAwE;AAExE,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAA;AACxC,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAA;AAEjC,MAAM,CAAC,MAAM,SAAS,GAAG,sCAAsC,CAAA;AAC/D,MAAM,cAAc,GAAG;IACrB,OAAO,EAAE,6CAA6C;IACtD,GAAG,EAAE,mCAAmC;CAChC,CAAA;AACV,MAAM,iBAAiB,GAAG,iDAAiD,CAAA;AAC3E,MAAM,SAAS,GAAG,4CAA4C,CAAA;AAC9D,MAAM,YAAY,GAAG;IACnB,oBAAoB;IACpB,cAAc;IACd,gBAAgB;IAChB,2BAA2B;IAC3B,kBAAkB;IAClB,kBAAkB;CACnB,CAAA;AAYD,SAAS,aAAa;IACpB,OAAO,MAAM,CAAC,UAAU,EAAE,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;AAC9C,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAa;IACvC,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,EAAE,CAAA;IAC5B,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAA;QAC5B,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QACzC,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;QAC3C,IAAI,IAAI,IAAI,KAAK;YAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAA;IAC3C,CAAC;IAAC,MAAM,CAAC;QACP,uCAAuC;IACzC,CAAC;IACD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACrC,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,IAAI,UAAU,CAAC,CAAC,CAAC,EAAE,CAAC;QAC9D,OAAO,EAAE,IAAI,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,CAAC,CAAC,EAAE,CAAA;IACtD,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC,OAAO,CAAC,CAAA;IAC3C,MAAM,IAAI,GAAG,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;IAC/B,MAAM,KAAK,GAAG,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;IACjC,IAAI,IAAI,IAAI,KAAK;QAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,CAAA;IACzC,OAAO,IAAI,CAAA;AACb,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,QAAyC,EACzC,QAAgB,EAChB,WAAmB,EACnB,aAAsB;IAEtB,IAAI,aAAa,IAAI,QAAQ,CAAC,KAAK,KAAK,aAAa,EAAE,CAAC;QACtD,GAAG,CAAC,sBAAsB,EAAE,EAAE,QAAQ,EAAE,aAAa,EAAE,GAAG,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAA;QAC7E,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;IAC3B,CAAC;IACD,IAAI,QAAkB,CAAA;IACtB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,mCAAmC;gBAC3C,YAAY,EAAE,cAAc;aAC7B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,IAAI,EAAE,QAAQ,CAAC,IAAI;gBACnB,KAAK,EAAE,QAAQ,CAAC,KAAK;gBACrB,UAAU,EAAE,oBAAoB;gBAChC,SAAS,EAAE,SAAS;gBACpB,YAAY,EAAE,WAAW;gBACzB,aAAa,EAAE,QAAQ;aACxB,CAAC;SACH,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QAChE,GAAG,CAAC,8BAA8B,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAA;QACvD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;IAC3B,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAA;QAClD,GAAG,CAAC,uBAAuB,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;QAC/D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;IAC3B,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIlC,CAAA;IACD,OAAO;QACL,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,IAAI,CAAC,YAAY;QACzB,OAAO,EAAE,IAAI,CAAC,aAAa;QAC3B,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;KAC7C,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,OAAe;IACjD,IAAI,QAAkB,CAAA;IACtB,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YAChC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,mCAAmC;gBAC3C,YAAY,EAAE,cAAc;aAC7B;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,OAAO;gBACtB,SAAS,EAAE,SAAS;aACrB,CAAC;SACH,CAAC,CAAA;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;QAChE,GAAG,CAAC,6BAA6B,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAA;QACtD,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;IAC3B,CAAC;IACD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,EAAE,CAAC,CAAA;QAClD,GAAG,CAAC,sBAAsB,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAA;QAC9D,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAA;IAC3B,CAAC;IACD,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAIlC,CAAA;IACD,OAAO;QACL,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,IAAI,CAAC,YAAY;QACzB,OAAO,EAAE,IAAI,CAAC,aAAa;QAC3B,OAAO,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;KAC7C,CAAA;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,qBAAqB,CACzC,OAAsB,SAAS;IAE/B,MAAM,IAAI,GAAG,MAAM,YAAY,EAAE,CAAA;IACjC,MAAM,KAAK,GAAG,aAAa,EAAE,CAAA;IAC7B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,cAAc,CAAC,IAAI,CAAC,CAAC,CAAA;IACzC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IACpC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAA;IAC5C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAA;IAC7C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,iBAAiB,CAAC,CAAA;IACvD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAA;IACrD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,CAAA;IACtD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAA;IACrD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAA;IACpC,OAAO;QACL,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE;QACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;QACvB,KAAK;QACL,WAAW,EAAE,iBAAiB;KAC/B,CAAA;AACH,CAAC;AAED,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,OAAO,kBAAkB,CAAC,KAAK,CAAC,CAAA;AAClC,CAAC"}

package/dist/pkce.d.ts

@@ -0,0 +1,6 @@
+export declare function generatePKCE(): Promise<{
+    verifier: string;
+    challenge: string;
+    method: "S256";
+}>;
+//# sourceMappingURL=pkce.d.ts.map

package/dist/pkce.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.d.ts","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AAYA,wBAAsB,YAAY,IAAI,OAAO,CAAC;IAC5C,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,CAAA;CACf,CAAC,CAaD"}

package/dist/pkce.js

@@ -0,0 +1,23 @@
+// PKCE (Proof Key for Code Exchange) helper for OAuth 2.0 flows.
+// Ported from ex-machina/opencode-anthropic-auth to support the fallback
+// "Claude OAuth" authorization method that triggers when the raw `sk-ant-`
+// Keychain key is rejected by Anthropic's API (e.g. for org-locked accounts
+// where the only direct auth method is OAuth, not a console API key).
+function base64UrlEncode(bytes) {
+    let bin = "";
+    for (const byte of bytes)
+        bin += String.fromCharCode(byte);
+    return btoa(bin).replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+}
+export async function generatePKCE() {
+    const buf = new Uint8Array(64);
+    crypto.getRandomValues(buf);
+    const verifier = base64UrlEncode(buf);
+    const digest = await crypto.subtle.digest("SHA-256", new TextEncoder().encode(verifier));
+    return {
+        verifier,
+        challenge: base64UrlEncode(new Uint8Array(digest)),
+        method: "S256",
+    };
+}
+//# sourceMappingURL=pkce.js.map

package/dist/pkce.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.js","sourceRoot":"","sources":["../src/pkce.ts"],"names":[],"mappings":"AAAA,iEAAiE;AACjE,yEAAyE;AACzE,2EAA2E;AAC3E,4EAA4E;AAC5E,sEAAsE;AAEtE,SAAS,eAAe,CAAC,KAAiB;IACxC,IAAI,GAAG,GAAG,EAAE,CAAA;IACZ,KAAK,MAAM,IAAI,IAAI,KAAK;QAAE,GAAG,IAAI,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAA;IAC1D,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;AAC5E,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,YAAY;IAKhC,MAAM,GAAG,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAA;IAC9B,MAAM,CAAC,eAAe,CAAC,GAAG,CAAC,CAAA;IAC3B,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,CAAA;IACrC,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,MAAM,CACvC,SAAS,EACT,IAAI,WAAW,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,CACnC,CAAA;IACD,OAAO;QACL,QAAQ;QACR,SAAS,EAAE,eAAe,CAAC,IAAI,UAAU,CAAC,MAAM,CAAC,CAAC;QAClD,MAAM,EAAE,MAAM;KACf,CAAA;AACH,CAAC"}

package/dist/plugin-config.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Plugin settings that can be set via opencode.json as an alternative
+ * to environment variables.
+ *
+ * Priority: environment variable > opencode.json config > hardcoded default
+ *
+ * In opencode.json (project-level or ~/.config/opencode/opencode.json):
+ *
+ * ```json
+ * {
+ *   "agent": {
+ *     "build": {
+ *       "enable1mContext": true
+ *     }
+ *   }
+ * }
+ * ```
+ */
+export interface PluginSettings {
+    enable1mContext?: boolean;
+}
+/**
+ * Extract plugin settings from the opencode Config object.
+ *
+ * Scans all agent configs for our plugin-specific keys. AgentConfig has
+ * a catch-all `[key: string]: unknown` index signature, so arbitrary
+ * keys placed in agent configs are preserved through OpenCode's
+ * config parser and passed to the plugin via the `config` hook.
+ *
+ * NOTE: OpenCode's Zod schema may relocate unknown top-level agent keys
+ * into `agent.options`. We check both locations defensively so this
+ * survives future config parser changes.
+ *
+ * The first boolean value found (in any agent) wins — even if `false`.
+ */
+export declare function applyOpencodeConfig(config: unknown): void;
+/**
+ * Whether 1M context should be enabled.
+ *
+ * Priority: ANTHROPIC_ENABLE_1M_CONTEXT env var > opencode.json > false
+ */
+export declare function isEnable1mContext(): boolean;
+export declare function resetPluginSettings(): void;
+export declare function getPluginSettings(): Readonly<PluginSettings>;
+//# sourceMappingURL=plugin-config.d.ts.map

package/dist/plugin-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"plugin-config.d.ts","sourceRoot":"","sources":["../src/plugin-config.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,cAAc;IAC7B,eAAe,CAAC,EAAE,OAAO,CAAA;CAC1B;AAID;;;;;;;;;;;;;GAaG;AACH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,OAAO,GAAG,IAAI,CAoCzD;AAED;;;;GAIG;AACH,wBAAgB,iBAAiB,IAAI,OAAO,CAI3C;AAED,wBAAgB,mBAAmB,IAAI,IAAI,CAE1C;AAED,wBAAgB,iBAAiB,IAAI,QAAQ,CAAC,cAAc,CAAC,CAE5D"}

package/dist/plugin-config.js

@@ -0,0 +1,66 @@
+import { log } from "./logger.js";
+let settings = {};
+/**
+ * Extract plugin settings from the opencode Config object.
+ *
+ * Scans all agent configs for our plugin-specific keys. AgentConfig has
+ * a catch-all `[key: string]: unknown` index signature, so arbitrary
+ * keys placed in agent configs are preserved through OpenCode's
+ * config parser and passed to the plugin via the `config` hook.
+ *
+ * NOTE: OpenCode's Zod schema may relocate unknown top-level agent keys
+ * into `agent.options`. We check both locations defensively so this
+ * survives future config parser changes.
+ *
+ * The first boolean value found (in any agent) wins — even if `false`.
+ */
+export function applyOpencodeConfig(config) {
+    if (!config || typeof config !== "object")
+        return;
+    const cfg = config;
+    const agents = cfg.agent;
+    if (!agents || typeof agents !== "object")
+        return;
+    for (const agentConfig of Object.values(agents)) {
+        if (!agentConfig || typeof agentConfig !== "object")
+            continue;
+        const agent = agentConfig;
+        // Check top-level first, then fall back to options (where OpenCode's
+        // Zod transform may relocate unknown keys)
+        const val = agent.enable1mContext ??
+            agent.options?.enable1mContext;
+        if (typeof val === "boolean") {
+            settings.enable1mContext = val;
+            log("config_loaded", { enable1mContext: val });
+            return;
+        }
+        if (val !== undefined) {
+            log("config_invalid_type", {
+                key: "enable1mContext",
+                expectedType: "boolean",
+                actualType: typeof val,
+            });
+        }
+    }
+    log("config_no_plugin_keys", {
+        agentCount: Object.keys(agents).length,
+    });
+}
+/**
+ * Whether 1M context should be enabled.
+ *
+ * Priority: ANTHROPIC_ENABLE_1M_CONTEXT env var > opencode.json > false
+ */
+export function isEnable1mContext() {
+    const envVal = process.env.ANTHROPIC_ENABLE_1M_CONTEXT;
+    if (envVal !== undefined)
+        return envVal === "true";
+    return settings.enable1mContext === true;
+}
+export function resetPluginSettings() {
+    settings = {};
+}
+export function getPluginSettings() {
+    return { ...settings };
+}
+//# sourceMappingURL=plugin-config.js.map

package/dist/plugin-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"plugin-config.js","sourceRoot":"","sources":["../src/plugin-config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAA;AAwBjC,IAAI,QAAQ,GAAmB,EAAE,CAAA;AAEjC;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,mBAAmB,CAAC,MAAe;IACjD,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAM;IAEjD,MAAM,GAAG,GAAG,MAAiC,CAAA;IAC7C,MAAM,MAAM,GAAG,GAAG,CAAC,KAA4C,CAAA;IAE/D,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,KAAK,QAAQ;QAAE,OAAM;IAEjD,KAAK,MAAM,WAAW,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC;QAChD,IAAI,CAAC,WAAW,IAAI,OAAO,WAAW,KAAK,QAAQ;YAAE,SAAQ;QAC7D,MAAM,KAAK,GAAG,WAAsC,CAAA;QAEpD,qEAAqE;QACrE,2CAA2C;QAC3C,MAAM,GAAG,GACP,KAAK,CAAC,eAAe;YACpB,KAAK,CAAC,OAA+C,EAAE,eAAe,CAAA;QAEzE,IAAI,OAAO,GAAG,KAAK,SAAS,EAAE,CAAC;YAC7B,QAAQ,CAAC,eAAe,GAAG,GAAG,CAAA;YAC9B,GAAG,CAAC,eAAe,EAAE,EAAE,eAAe,EAAE,GAAG,EAAE,CAAC,CAAA;YAC9C,OAAM;QACR,CAAC;QAED,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;YACtB,GAAG,CAAC,qBAAqB,EAAE;gBACzB,GAAG,EAAE,iBAAiB;gBACtB,YAAY,EAAE,SAAS;gBACvB,UAAU,EAAE,OAAO,GAAG;aACvB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,GAAG,CAAC,uBAAuB,EAAE;QAC3B,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,MAAM;KACvC,CAAC,CAAA;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,iBAAiB;IAC/B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAA;IACtD,IAAI,MAAM,KAAK,SAAS;QAAE,OAAO,MAAM,KAAK,MAAM,CAAA;IAClD,OAAO,QAAQ,CAAC,eAAe,KAAK,IAAI,CAAA;AAC1C,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,QAAQ,GAAG,EAAE,CAAA;AACf,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,EAAE,GAAG,QAAQ,EAAE,CAAA;AACxB,CAAC"}

package/dist/signing.d.ts

@@ -0,0 +1,31 @@
+interface Message {
+    role?: string;
+    content?: string | Array<{
+        type?: string;
+        text?: string;
+    }>;
+}
+/**
+ * Extract text from the first user message's first text block.
+ * Matches Claude Code's K19() function exactly: find the first message
+ * with role "user", then return the text of its first text content block.
+ */
+export declare function extractFirstUserMessageText(messages: Message[]): string;
+/**
+ * Compute cch: first 5 hex characters of SHA-256(messageText).
+ */
+export declare function computeCch(messageText: string): string;
+/**
+ * Compute the 3-char version suffix.
+ * Samples characters at indices 4, 7, 20 from the message text (padding
+ * with "0" when the message is shorter), then hashes with the billing salt
+ * and version string.
+ */
+export declare function computeVersionSuffix(messageText: string, version: string): string;
+/**
+ * Build the complete billing header string for insertion into system[0].
+ * Format: x-anthropic-billing-header: cc_version=V.S; cc_entrypoint=E; cch=H;
+ */
+export declare function buildBillingHeaderValue(messages: Message[], version: string, entrypoint: string): string;
+export {};
+//# sourceMappingURL=signing.d.ts.map

package/dist/signing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signing.d.ts","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAIA,UAAU,OAAO;IACf,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,OAAO,CAAC,EAAE,MAAM,GAAG,KAAK,CAAC;QAAE,IAAI,CAAC,EAAE,MAAM,CAAC;QAAC,IAAI,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC,CAAA;CAC3D;AAED;;;;GAIG;AACH,wBAAgB,2BAA2B,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,MAAM,CAYvE;AAED;;GAEG;AACH,wBAAgB,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,MAAM,CAEtD;AAED;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAClC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE,MAAM,GACd,MAAM,CAMR;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,QAAQ,EAAE,OAAO,EAAE,EACnB,OAAO,EAAE,MAAM,EACf,UAAU,EAAE,MAAM,GACjB,MAAM,CAUR"}

package/dist/signing.js

@@ -0,0 +1,55 @@
+import { createHash } from "node:crypto";
+const BILLING_SALT = "59cf53e54c78";
+/**
+ * Extract text from the first user message's first text block.
+ * Matches Claude Code's K19() function exactly: find the first message
+ * with role "user", then return the text of its first text content block.
+ */
+export function extractFirstUserMessageText(messages) {
+    const userMsg = messages.find((m) => m.role === "user");
+    if (!userMsg)
+        return "";
+    const content = userMsg.content;
+    if (typeof content === "string")
+        return content;
+    if (Array.isArray(content)) {
+        const textBlock = content.find((b) => b.type === "text");
+        if (textBlock && textBlock.type === "text" && textBlock.text) {
+            return textBlock.text;
+        }
+    }
+    return "";
+}
+/**
+ * Compute cch: first 5 hex characters of SHA-256(messageText).
+ */
+export function computeCch(messageText) {
+    return createHash("sha256").update(messageText).digest("hex").slice(0, 5);
+}
+/**
+ * Compute the 3-char version suffix.
+ * Samples characters at indices 4, 7, 20 from the message text (padding
+ * with "0" when the message is shorter), then hashes with the billing salt
+ * and version string.
+ */
+export function computeVersionSuffix(messageText, version) {
+    const sampled = [4, 7, 20]
+        .map((i) => (i < messageText.length ? messageText[i] : "0"))
+        .join("");
+    const input = `${BILLING_SALT}${sampled}${version}`;
+    return createHash("sha256").update(input).digest("hex").slice(0, 3);
+}
+/**
+ * Build the complete billing header string for insertion into system[0].
+ * Format: x-anthropic-billing-header: cc_version=V.S; cc_entrypoint=E; cch=H;
+ */
+export function buildBillingHeaderValue(messages, version, entrypoint) {
+    const text = extractFirstUserMessageText(messages);
+    const suffix = computeVersionSuffix(text, version);
+    const cch = computeCch(text);
+    return (`x-anthropic-billing-header: ` +
+        `cc_version=${version}.${suffix}; ` +
+        `cc_entrypoint=${entrypoint}; ` +
+        `cch=${cch};`);
+}
+//# sourceMappingURL=signing.js.map

package/dist/signing.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"signing.js","sourceRoot":"","sources":["../src/signing.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAA;AAExC,MAAM,YAAY,GAAG,cAAc,CAAA;AAOnC;;;;GAIG;AACH,MAAM,UAAU,2BAA2B,CAAC,QAAmB;IAC7D,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAA;IACvD,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,CAAA;IACvB,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,CAAA;IAC/B,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAA;IAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QAC3B,MAAM,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAA;QACxD,IAAI,SAAS,IAAI,SAAS,CAAC,IAAI,KAAK,MAAM,IAAI,SAAS,CAAC,IAAI,EAAE,CAAC;YAC7D,OAAO,SAAS,CAAC,IAAI,CAAA;QACvB,CAAC;IACH,CAAC;IACD,OAAO,EAAE,CAAA;AACX,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU,CAAC,WAAmB;IAC5C,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;AAC3E,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,oBAAoB,CAClC,WAAmB,EACnB,OAAe;IAEf,MAAM,OAAO,GAAG,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;SACvB,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;SAC3D,IAAI,CAAC,EAAE,CAAC,CAAA;IACX,MAAM,KAAK,GAAG,GAAG,YAAY,GAAG,OAAO,GAAG,OAAO,EAAE,CAAA;IACnD,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAA;AACrE,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CACrC,QAAmB,EACnB,OAAe,EACf,UAAkB;IAElB,MAAM,IAAI,GAAG,2BAA2B,CAAC,QAAQ,CAAC,CAAA;IAClD,MAAM,MAAM,GAAG,oBAAoB,CAAC,IAAI,EAAE,OAAO,CAAC,CAAA;IAClD,MAAM,GAAG,GAAG,UAAU,CAAC,IAAI,CAAC,CAAA;IAC5B,OAAO,CACL,8BAA8B;QAC9B,cAAc,OAAO,IAAI,MAAM,IAAI;QACnC,iBAAiB,UAAU,IAAI;QAC/B,OAAO,GAAG,GAAG,CACd,CAAA;AACH,CAAC"}

package/dist/transforms.d.ts

@@ -0,0 +1,14 @@
+type ContentBlock = {
+    type?: string;
+    text?: string;
+} & Record<string, unknown>;
+type Message = {
+    role?: string;
+    content?: string | ContentBlock[];
+};
+export declare function repairToolPairs(messages: Message[]): Message[];
+export declare function transformBody(body: BodyInit | null | undefined): BodyInit | null | undefined;
+export declare function stripToolPrefix(text: string): string;
+export declare function transformResponseStream(response: Response): Response;
+export {};
+//# sourceMappingURL=transforms.d.ts.map

package/dist/transforms.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"transforms.d.ts","sourceRoot":"","sources":["../src/transforms.ts"],"names":[],"mappings":"AAyBA,KAAK,YAAY,GAAG;IAAE,IAAI,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAE,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;AAC9E,KAAK,OAAO,GAAG;IACb,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,OAAO,CAAC,EAAE,MAAM,GAAG,YAAY,EAAE,CAAA;CAClC,CAAA;AAED,wBAAgB,eAAe,CAAC,QAAQ,EAAE,OAAO,EAAE,GAAG,OAAO,EAAE,CAuD9D;AAED,wBAAgB,aAAa,CAC3B,IAAI,EAAE,QAAQ,GAAG,IAAI,GAAG,SAAS,GAChC,QAAQ,GAAG,IAAI,GAAG,SAAS,CA2K7B;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAKpD;AAED,wBAAgB,uBAAuB,CAAC,QAAQ,EAAE,QAAQ,GAAG,QAAQ,CAqEpE"}