@jiayunxie/aerial 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/LICENSE ADDED
@@ -0,0 +1,21 @@
1
+ MIT License
2
+
3
+ Copyright (c) 2026 Jeremy Xie
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining a copy
6
+ of this software and associated documentation files (the "Software"), to deal
7
+ in the Software without restriction, including without limitation the rights
8
+ to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
9
+ copies of the Software, and to permit persons to whom the Software is
10
+ furnished to do so, subject to the following conditions:
11
+
12
+ The above copyright notice and this permission notice shall be included in all
13
+ copies or substantial portions of the Software.
14
+
15
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16
+ IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17
+ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18
+ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19
+ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20
+ OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21
+ SOFTWARE.
package/README.md ADDED
@@ -0,0 +1,264 @@
1
+ # Aerial
2
+
3
+ [![CI](https://github.com/Xiejiayun/aerial/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/Xiejiayun/aerial/actions/workflows/ci.yml)
4
+ [![Nightly](https://github.com/Xiejiayun/aerial/actions/workflows/nightly.yml/badge.svg)](https://github.com/Xiejiayun/aerial/actions/workflows/nightly.yml)
5
+ [![npm version](https://img.shields.io/npm/v/@jiayunxie/aerial.svg)](https://www.npmjs.com/package/@jiayunxie/aerial)
6
+
7
+ Aerial is a lightweight local-only proxy that lets one user connect their own GitHub Copilot subscription to local coding CLIs.
8
+
9
+ The MVP runs on `127.0.0.1:18181`, requires a local Aerial API key for model routes, stores credentials on the user's machine, and avoids public deployment, account sharing, quota bypass, dashboards, analytics, and image APIs.
10
+
11
+ ## MVP Support
12
+
13
+ Implemented routes:
14
+
15
+ - `GET /health` without auth
16
+ - `GET /v1/models` for model discovery, with an `aerial` support annotation per model
17
+ - `POST /v1/responses` for Codex CLI
18
+ - `POST /v1/messages` for Claude Code's Anthropic gateway path
19
+ - `POST /v1/messages/count_tokens` with a local estimate
20
+ - `POST /v1/chat/completions` as a simple passthrough fallback
21
+
22
+ Implemented CLI commands:
23
+
24
+ ```bash
25
+ aerial login
26
+ aerial key generate
27
+ aerial key print
28
+ aerial start
29
+ aerial setup codex
30
+ aerial setup claude --model <available-copilot-model-id>
31
+ aerial setup all
32
+ aerial doctor
33
+ aerial probe
34
+ ```
35
+
36
+ Service installation, rollback automation, Gemini CLI support, dashboards, and analytics are intentionally out of this MVP. For Codex, local clients keep using HTTP POST /v1/responses. Aerial can optionally use Copilot's upstream `ws:/responses` transport for streaming Responses and translate events back to SSE — this transport is opt-in (`AERIAL_RESPONSES_WEBSOCKET=on`) and HTTP is the default.
37
+
38
+ ## Requirements
39
+
40
+ - Node.js 22+
41
+ - A GitHub account with an active Copilot subscription
42
+ - Codex CLI and/or Claude Code installed locally
43
+
44
+ ## Install
45
+
46
+ ```bash
47
+ npm install -g @jiayunxie/aerial
48
+ ```
49
+
50
+ After install, the CLI is available as `aerial`.
51
+
52
+ ### Nightly builds (advanced, unstable)
53
+
54
+ The nightly workflow publishes a `nightly` pre-release of Aerial when there are new commits on `main`. The default install command above is unaffected — nightlies are gated behind the `@nightly` dist-tag and will never be served as `latest`. To opt in:
55
+
56
+ ```bash
57
+ npm install -g @jiayunxie/aerial@nightly
58
+ ```
59
+
60
+ Nightly versions look like `0.1.1-nightly.YYYYMMDD.<sha7>`. They reflect the current `main` and may break; report regressions with `aerial --version` so the exact build can be reproduced. Switch back to stable any time with `npm install -g @jiayunxie/aerial`.
61
+
62
+ ### From source (local development)
63
+
64
+ For working directly on the Aerial codebase:
65
+
66
+ ```bash
67
+ git clone https://github.com/Xiejiayun/aerial.git
68
+ cd aerial
69
+ npm install -g .
70
+ ```
71
+
72
+ Run without global install:
73
+
74
+ ```bash
75
+ node src/cli.js --help
76
+ ```
77
+
78
+ ## First Run
79
+
80
+ Configure your local clients. This also creates Aerial's local API key and wires it into supported clients:
81
+
82
+ ```bash
83
+ aerial setup all --model <available-copilot-model-id>
84
+ ```
85
+
86
+ On Windows, newly persisted user environment variables are visible to new terminals and newly launched apps. Restart your terminal or VS Code after the first setup if Codex was already open.
87
+
88
+ Log in to GitHub with device flow:
89
+
90
+ ```bash
91
+ aerial login
92
+ ```
93
+
94
+ Start the local server:
95
+
96
+ ```bash
97
+ aerial start
98
+ ```
99
+
100
+ Check health:
101
+
102
+ ```bash
103
+ curl http://127.0.0.1:18181/health
104
+ ```
105
+
106
+ ## Codex CLI Setup
107
+
108
+ Aerial configures Codex through the Responses wire API provider path:
109
+
110
+ ```bash
111
+ aerial setup codex --model <available-copilot-model-id>
112
+ ```
113
+
114
+ This updates `~/.codex/config.toml` and creates a timestamped backup first. If you only want to inspect the exact change, set `HOME`/`USERPROFILE` to a temporary directory before running setup. The inserted provider uses:
115
+
116
+ ```toml
117
+ [model_providers.aerial]
118
+ base_url = "http://127.0.0.1:18181/v1"
119
+ wire_api = "responses"
120
+ env_key = "AERIAL_API_KEY"
121
+ ```
122
+
123
+ Aerial creates the key automatically and persists `AERIAL_API_KEY` for new user sessions when the platform supports it.
124
+
125
+ ## Claude Code Setup
126
+
127
+ Aerial configures Claude Code through its Anthropic-compatible gateway settings:
128
+
129
+ ```bash
130
+ aerial setup claude
131
+ ```
132
+
133
+ This updates `~/.claude/settings.json` and creates a timestamped backup first. If you only want to inspect the exact change, set `HOME`/`USERPROFILE` to a temporary directory before running setup. It sets:
134
+
135
+ ```json
136
+ {
137
+ "model": "<available-copilot-model-id>",
138
+ "apiKeyHelper": "aerial key print",
139
+ "env": {
140
+ "ANTHROPIC_BASE_URL": "http://127.0.0.1:18181",
141
+ "CLAUDE_CODE_ENABLE_GATEWAY_MODEL_DISCOVERY": "1"
142
+ }
143
+ }
144
+ ```
145
+
146
+ The `model` field is written when you pass `--model` or set Aerial's `defaultModel`; otherwise Aerial leaves any existing Claude Code model choice alone while still switching the gateway to the local Aerial endpoint.
147
+
148
+ `aerial key print` prints the locally stored Aerial API key for Claude Code's helper flow. Users normally do not need to call it directly.
149
+
150
+ When switching from another Anthropic-compatible gateway, setup removes stale `ANTHROPIC_API_KEY`, `ANTHROPIC_AUTH_TOKEN`, `ANTHROPIC_MODEL`, and `ANTHROPIC_DEFAULT_*_MODEL` entries from Claude Code's managed `env` block so `apiKeyHelper` and the Aerial gateway are the active route.
151
+
152
+ ## Diagnostics
153
+
154
+ ```bash
155
+ aerial doctor
156
+ aerial probe
157
+ ```
158
+
159
+ The doctor checks config, local API key presence, GitHub login state, Node version, and local bind address.
160
+
161
+ ## Security Boundary
162
+
163
+ Aerial is for personal local use only.
164
+
165
+ - It binds to `127.0.0.1` by default.
166
+ - Model routes require `Authorization: Bearer <AERIAL_API_KEY>` or `x-api-key: <AERIAL_API_KEY>`.
167
+ - GitHub tokens are stored under the user config directory with private file permissions where supported.
168
+ - Aerial does not log raw GitHub tokens, Copilot JWTs, API keys, or request bodies by default.
169
+ - Do not expose this service publicly or use it for account sharing.
170
+
171
+ ## Current Limitations
172
+
173
+ - Copilot inference routes are an observed compatibility target, not a public stable GitHub REST API.
174
+ - `/v1/messages/count_tokens` is a local estimate, not upstream tokenization.
175
+ - Service install/uninstall and disable/rollback are not implemented yet.
176
+ - Model choice is not automated; query `/v1/models` and select an available model explicitly.
177
+ - Chat Completions requests normalize `max_tokens` to `max_completion_tokens` for newer OpenAI models that reject the older field.
178
+ - Prompt caching is upstream-managed: Aerial does not store prompt bodies locally, and it preserves or injects cache protocol fields before forwarding.
179
+
180
+
181
+
182
+ ## Capability Probe
183
+
184
+ Use `aerial probe` to inspect the live Copilot model matrix through the same local credentials Aerial uses for proxying:
185
+
186
+ ```bash
187
+ aerial probe
188
+ ```
189
+
190
+ This prints model IDs, Aerial routes, and unsupported notes such as `embeddings_not_implemented` or `no_supported_endpoint_advertised`. Models with upstream `ws:/responses` support are shown with the `responses_websocket` route.
191
+
192
+ Run low-cost live route checks when you want to verify end-to-end behavior:
193
+
194
+ ```bash
195
+ aerial probe --live
196
+ # machine-readable output
197
+ aerial probe --live --json
198
+ ```
199
+
200
+ `--live` sends one small request through the first available `responses`, `messages`, and `chat` model. It does not test every model by default, which keeps the command lightweight.
201
+ ## Prompt Cache
202
+
203
+ Aerial uses the upstream Copilot/OpenAI/Anthropic cache protocols instead of keeping a local prompt-content cache. That keeps the MVP lightweight and avoids storing prompts on disk.
204
+
205
+ Supported behavior:
206
+
207
+ - Responses and Chat Completions preserve `prompt_cache_retention` and `prompt_cache_key` when the client sends them.
208
+ - Responses and Chat Completions automatically add `prompt_cache_retention: "in_memory"` and a stable hashed `prompt_cache_key` when the client omits them.
209
+ - Anthropic Messages preserves client `cache_control` blocks. When none are present and caching is enabled, Aerial automatically adds `cache_control: { "type": "ephemeral" }` to stable `system` content, or to the final tool definition when there is no system content.
210
+ - Usage fields from upstream are returned unchanged, including `cached_tokens`, `cache_creation_input_tokens`, `cache_read_input_tokens`, and Copilot `cache_read` / `cache_write` token details when present.
211
+ - Aerial logs cache metadata to stderr as `cache_request` and `cache_observe` events. These logs do not include prompt text or request bodies.
212
+
213
+ OpenAI's prompt caching documentation says cache hits require an exact prompt prefix match and are only possible once the prompt is at least 1024 tokens. Confirm cache behavior from returned usage fields such as `usage.prompt_tokens_details.cached_tokens` or `usage.input_tokens_details.cached_tokens`; for shorter prompts this value is expected to be zero.
214
+
215
+ Aerial enables ephemeral prompt caching by default for OpenAI-style routes and Anthropic Messages. Override it only when needed:
216
+
217
+ ```bash
218
+ aerial config set promptCacheRetention in_memory
219
+ # or
220
+ aerial config set promptCacheRetention 24h
221
+ # disable automatic cache hints
222
+ aerial config set promptCacheRetention off
223
+ aerial config set promptCacheKey off
224
+ # pin all requests to an explicit cache partition
225
+ aerial config set promptCacheKey my-project
226
+ ```
227
+
228
+ You can also set it per process:
229
+
230
+ ```bash
231
+ export AERIAL_PROMPT_CACHE_RETENTION=in_memory
232
+ export AERIAL_PROMPT_CACHE_KEY=my-project
233
+ ```
234
+
235
+ Per-request fields win over the configured default. Use `24h` only with models whose upstream route accepts extended retention; Anthropic Messages still uses Anthropic-style `cache_control: { "type": "ephemeral" }`. Set `promptCacheKey` to `auto` to use Aerial's hashed stable key, `off` to omit it, or a string to force a specific cache partition.
236
+ ## Model Support
237
+
238
+ `GET /v1/models` returns Copilot's raw model metadata and adds an Aerial-specific field:
239
+
240
+ ```json
241
+ {
242
+ "id": "gpt-5.4-mini",
243
+ "supported_endpoints": ["/responses", "ws:/responses"],
244
+ "aerial": {
245
+ "supported": true,
246
+ "routes": ["responses", "responses_websocket"],
247
+ "notes": []
248
+ }
249
+ }
250
+ ```
251
+
252
+ Route meanings:
253
+
254
+ - `responses`: usable by Codex through HTTP `POST /v1/responses`.
255
+ - `responses_websocket`: Aerial can use Copilot's upstream `ws:/responses` transport for streaming `/v1/responses` requests when `AERIAL_RESPONSES_WEBSOCKET=on` is set, then return SSE to the local client. When the opt-in is off (default), Aerial always uses HTTP upstream Responses even if a model advertises `ws:/responses`.
256
+ - `messages`: usable by Claude Code through `POST /v1/messages`.
257
+ - `chat`: usable by generic OpenAI Chat clients through `POST /v1/chat/completions`.
258
+
259
+ Local clients should not open WebSocket connections to Aerial directly. Direct WebSocket upgrades still return `501 Not Implemented`; use HTTP `POST /v1/responses` and let Aerial choose the upstream transport. HTTP upstream Responses is the default; set `AERIAL_RESPONSES_WEBSOCKET=on` to opt into Copilot's upstream WebSocket transport for streaming Responses calls (still experimental, only effective for streaming requests on models that advertise `ws:/responses`).
260
+
261
+ Known unsupported notes:
262
+
263
+ - `embeddings_not_implemented`: Aerial does not expose `/v1/embeddings` yet.
264
+ - `no_supported_endpoint_advertised`: the model did not declare a route Aerial can safely select.
package/docs/usage.md ADDED
@@ -0,0 +1,176 @@
1
+ # Aerial MVP Usage
2
+
3
+ This document describes the current MVP implementation.
4
+
5
+ ## 1. Install
6
+
7
+ ```bash
8
+ npm install -g @jiayunxie/aerial
9
+ ```
10
+
11
+ After install, the CLI is available as `aerial`.
12
+
13
+ For local development against the repo source:
14
+
15
+ ```bash
16
+ git clone https://github.com/Xiejiayun/aerial.git
17
+ cd aerial
18
+ npm install -g .
19
+ # or run without global install:
20
+ node src/cli.js --help
21
+ ```
22
+
23
+ ## 2. Configure Local Clients
24
+
25
+ ```bash
26
+ aerial setup all --model <model-id>
27
+ ```
28
+
29
+ Aerial creates a local API key, stores it privately, and configures supported clients to use it. On Windows, restart the terminal or VS Code after first setup so newly persisted user environment variables are visible to Codex.
30
+
31
+ ## 3. Login To GitHub
32
+
33
+ ```bash
34
+ aerial login
35
+ ```
36
+
37
+ Open the printed URL, enter the user code, and authorize the GitHub OAuth device flow. Aerial saves the GitHub access token locally and exchanges it for short-lived Copilot JWTs when proxy requests arrive.
38
+
39
+ ## 4. Start Server
40
+
41
+ ```bash
42
+ aerial start
43
+ ```
44
+
45
+ Default URL: `http://127.0.0.1:18181`.
46
+
47
+ ## 5. Configure Codex CLI
48
+
49
+ ```bash
50
+ aerial setup codex --model <model-id>
51
+ ```
52
+
53
+ The setup command backs up and merges `~/.codex/config.toml`, then persists the local key for new user sessions when the platform supports it.
54
+
55
+ For a dry inspection without touching your real config, set `HOME`/`USERPROFILE` to a temporary directory before running this command.
56
+
57
+ ## 6. Configure Claude Code
58
+
59
+ ```bash
60
+ aerial setup claude --model <model-id>
61
+ ```
62
+
63
+ The setup command backs up and merges `~/.claude/settings.json`, using `apiKeyHelper = "aerial key print"` and `ANTHROPIC_BASE_URL=http://127.0.0.1:18181`. When you pass `--model` or set Aerial's `defaultModel`, it also writes Claude Code's default `model` to that Aerial-routed model.
64
+
65
+ If Claude Code was previously pointed at another Anthropic-compatible gateway, setup removes stale `ANTHROPIC_API_KEY`, `ANTHROPIC_AUTH_TOKEN`, `ANTHROPIC_MODEL`, and `ANTHROPIC_DEFAULT_*_MODEL` entries from the managed `env` block.
66
+
67
+ For a dry inspection without touching your real config, set `HOME`/`USERPROFILE` to a temporary directory before running this command.
68
+
69
+ ## 7. Verify
70
+
71
+ ```bash
72
+ aerial doctor
73
+ aerial probe
74
+ ```
75
+
76
+ Each model returned by `/v1/models` includes an `aerial` field that tells you whether the MVP can route it:
77
+
78
+ ```json
79
+ "aerial": {
80
+ "supported": true,
81
+ "routes": ["responses", "responses_websocket", "chat"],
82
+ "notes": []
83
+ }
84
+ ```
85
+
86
+ Use `responses` models for Codex, `messages` models for Claude Code, and `chat` models only for generic Chat Completions clients. `responses_websocket` means Aerial can optionally use Copilot's upstream `ws:/responses` transport for streaming Responses calls when `AERIAL_RESPONSES_WEBSOCKET=on` is set; with the opt-in off (default), Aerial always uses HTTP upstream Responses. Models marked with `embeddings_not_implemented` or `no_supported_endpoint_advertised` need additional Aerial work before they are first-class choices.
87
+
88
+
89
+
90
+ ## 8. Probe Capabilities
91
+
92
+ ```bash
93
+ aerial probe
94
+ ```
95
+
96
+ This prints the current model matrix returned by Copilot plus Aerial's route annotations. It is the fastest way to see which models currently expose `responses`, `messages`, or `chat` routes.
97
+
98
+ For a low-cost end-to-end check:
99
+
100
+ ```bash
101
+ aerial probe --live
102
+ ```
103
+
104
+ `--live` sends one small request through the first available model for each supported route. Use `--json` when you want machine-readable output for CI or debugging.
105
+
106
+ For streaming `/v1/responses` requests, Aerial defaults to HTTP upstream Responses. Set `AERIAL_RESPONSES_WEBSOCKET=on` to opt into Copilot's upstream `ws:/responses` transport for streaming Responses calls; Aerial then converts upstream WebSocket events back to SSE for the local client. Direct client WebSocket upgrades to Aerial are still not exposed and return `501 Not Implemented`; clients should keep using HTTP `POST /v1/responses`.
107
+
108
+ ## 9. Use Prompt Cache
109
+
110
+ Aerial does not implement a local prompt-content cache. It forwards cache protocol fields to Copilot and returns upstream usage fields unchanged. This is the intended design: prompts are not written to a local cache, and cache hits are controlled by the upstream service.
111
+
112
+ For Codex/OpenAI Responses clients, users normally do not need to send cache fields directly. A manual request can still override Aerial's defaults:
113
+
114
+ ```bash
115
+ curl -s http://127.0.0.1:18181/v1/responses \
116
+ -H "Authorization: Bearer $AERIAL_API_KEY" \
117
+ -H "Content-Type: application/json" \
118
+ -d '{
119
+ "model": "gpt-5.4-mini",
120
+ "input": "<long stable prefix first, variable request last>",
121
+ "prompt_cache_retention": "in_memory",
122
+ "prompt_cache_key": "my-project"
123
+ }'
124
+ ```
125
+
126
+ For Claude Code or Anthropic Messages clients, Aerial automatically adds Anthropic `cache_control` to stable `system` content when the client omits cache hints. You can still send `cache_control` manually to choose the exact breakpoint:
127
+
128
+ ```json
129
+ {
130
+ "model": "claude-sonnet-4.6",
131
+ "max_tokens": 1024,
132
+ "system": [
133
+ {
134
+ "type": "text",
135
+ "text": "Long stable project context...",
136
+ "cache_control": { "type": "ephemeral" }
137
+ }
138
+ ],
139
+ "messages": [{ "role": "user", "content": "Summarize the current diff" }]
140
+ }
141
+ ```
142
+
143
+ Aerial automatically applies ephemeral prompt cache hints for OpenAI-style `/v1/responses`, `/v1/chat/completions`, and Anthropic-style `/v1/messages` requests that do not set them. Override this only when needed:
144
+
145
+ ```bash
146
+ aerial config set promptCacheRetention in_memory
147
+ # or: aerial config set promptCacheRetention 24h
148
+ # disable automatic cache hints: aerial config set promptCacheRetention off && aerial config set promptCacheKey off
149
+ # pin cache partition: aerial config set promptCacheKey my-project
150
+ # per process: export AERIAL_PROMPT_CACHE_RETENTION=in_memory && export AERIAL_PROMPT_CACHE_KEY=my-project
151
+ ```
152
+
153
+ Look for these usage fields to confirm cache behavior:
154
+
155
+ - Responses/Chat: `usage.input_tokens_details.cached_tokens` or `usage.prompt_tokens_details.cached_tokens`.
156
+ - Messages: `usage.cache_creation_input_tokens` and `usage.cache_read_input_tokens`.
157
+ - Copilot details when present: `copilot_usage.token_details` entries with `cache_read` or `cache_write`.
158
+
159
+ When `aerial start` is running in a terminal, Aerial also writes cache-only metadata logs to stderr:
160
+
161
+ ```json
162
+ {"event":"cache_request","route":"/v1/messages","cacheControlBlocks":1}
163
+ {"event":"cache_observe","route":"/v1/messages","usage":{"cacheRead":1920}}
164
+ ```
165
+
166
+ These logs deliberately omit prompt text and request bodies. If `cached` stays zero, first check that the repeated prefix is identical and at least 1024 tokens. This matches OpenAI's prompt caching requirements; GitHub's public Copilot REST docs cover management and usage-metrics APIs, but do not document Copilot inference cache fields.
167
+
168
+ Best practice: put stable system/project/tool context first, put changing user input last, and keep the prefix identical between requests. OpenAI-style prompt caching generally needs at least 1024 tokens before hits appear.
169
+ ## Troubleshooting
170
+
171
+ - `503 Missing GitHub token`: run `aerial login`.
172
+ - `401 Invalid or missing Aerial API key`: run `aerial setup all`, then restart the client terminal or VS Code.
173
+ - Claude Code cannot read key: ensure `aerial` is on `PATH`; it uses `aerial key print` as its helper.
174
+ - Upstream compatibility error: run `aerial doctor`, then retry with a model returned by `/v1/models`.
175
+ - `Unsupported parameter: max_tokens`: Aerial normalizes Chat Completions `max_tokens` into `max_completion_tokens` before forwarding to newer OpenAI models.
176
+ - Cache hit stays zero: ensure the stable prefix is long enough, unchanged, and placed before variable content. For Responses/Chat, try a stable `prompt_cache_key`; for Messages, keep stable content in `system` or put manual `cache_control` on the stable content block.
package/package.json ADDED
@@ -0,0 +1,46 @@
1
+ {
2
+ "name": "@jiayunxie/aerial",
3
+ "version": "0.1.0",
4
+ "description": "Local-only GitHub Copilot proxy for Codex CLI and Claude Code.",
5
+ "type": "module",
6
+ "private": false,
7
+ "homepage": "https://github.com/Xiejiayun/aerial#readme",
8
+ "repository": {
9
+ "type": "git",
10
+ "url": "git+https://github.com/Xiejiayun/aerial.git"
11
+ },
12
+ "bugs": {
13
+ "url": "https://github.com/Xiejiayun/aerial/issues"
14
+ },
15
+ "keywords": [
16
+ "copilot",
17
+ "codex",
18
+ "claude-code",
19
+ "local-proxy"
20
+ ],
21
+ "files": [
22
+ "src",
23
+ "docs/usage.md",
24
+ "README.md",
25
+ "LICENSE"
26
+ ],
27
+ "bin": {
28
+ "aerial": "src/cli.js"
29
+ },
30
+ "scripts": {
31
+ "start": "node src/cli.js start",
32
+ "doctor": "node src/cli.js doctor",
33
+ "test": "node --test",
34
+ "prepublishOnly": "npm test"
35
+ },
36
+ "engines": {
37
+ "node": ">=22"
38
+ },
39
+ "license": "MIT",
40
+ "publishConfig": {
41
+ "access": "public"
42
+ },
43
+ "dependencies": {
44
+ "undici": "^7.25.0"
45
+ }
46
+ }
package/src/auth.js ADDED
@@ -0,0 +1,92 @@
1
+ import fs from "node:fs";
2
+ import { COPILOT_TOKEN_URL, GITHUB_CLIENT_ID } from "./constants.js";
3
+ import { githubTokenPath, writePrivateFile } from "./paths.js";
4
+ import { logEvent } from "./log.js";
5
+
6
+ let cachedCopilotToken;
7
+ let refreshPromise;
8
+
9
+ function formBody(values) {
10
+ return new URLSearchParams(values).toString();
11
+ }
12
+
13
+ export async function startDeviceFlow() {
14
+ logEvent("login_start");
15
+ const response = await fetch("https://github.com/login/device/code", {
16
+ method: "POST",
17
+ headers: { accept: "application/json", "content-type": "application/x-www-form-urlencoded" },
18
+ body: formBody({ client_id: GITHUB_CLIENT_ID, scope: "read:user copilot" })
19
+ });
20
+ if (!response.ok) throw new Error(`GitHub device flow failed: ${response.status} ${await response.text()}`);
21
+ return response.json();
22
+ }
23
+
24
+ export async function pollDeviceFlow(deviceCode, intervalSeconds) {
25
+ let interval = Math.max(Number(intervalSeconds || 5), 1);
26
+ while (true) {
27
+ await new Promise((resolve) => setTimeout(resolve, interval * 1000));
28
+ const response = await fetch("https://github.com/login/oauth/access_token", {
29
+ method: "POST",
30
+ headers: { accept: "application/json", "content-type": "application/x-www-form-urlencoded" },
31
+ body: formBody({ client_id: GITHUB_CLIENT_ID, device_code: deviceCode, grant_type: "urn:ietf:params:oauth:grant-type:device_code" })
32
+ });
33
+ if (!response.ok) throw new Error(`GitHub token poll failed: ${response.status} ${await response.text()}`);
34
+ const payload = await response.json();
35
+ if (payload.access_token) {
36
+ writePrivateFile(githubTokenPath(), `${payload.access_token}\n`);
37
+ logEvent("login_success");
38
+ return payload.access_token;
39
+ }
40
+ if (payload.error === "authorization_pending") continue;
41
+ if (payload.error === "slow_down") {
42
+ interval += 5;
43
+ continue;
44
+ }
45
+ if (payload.error === "expired_token") throw new Error("GitHub device code expired. Run `aerial login` again.");
46
+ throw new Error(`GitHub login failed: ${payload.error_description || payload.error}`);
47
+ }
48
+ }
49
+
50
+ export function readGitHubToken() {
51
+ if (process.env.AERIAL_GITHUB_TOKEN) return process.env.AERIAL_GITHUB_TOKEN;
52
+ if (!fs.existsSync(githubTokenPath())) return undefined;
53
+ return fs.readFileSync(githubTokenPath(), "utf8").trim();
54
+ }
55
+
56
+ function jwtExpirySeconds(token) {
57
+ try {
58
+ const [, payload] = token.split(".");
59
+ return JSON.parse(Buffer.from(payload, "base64url").toString("utf8")).exp;
60
+ } catch {
61
+ return undefined;
62
+ }
63
+ }
64
+
65
+ export async function exchangeCopilotToken(githubToken = readGitHubToken()) {
66
+ if (!githubToken) throw new Error("Missing GitHub token. Run: aerial login");
67
+ const response = await fetch(COPILOT_TOKEN_URL, {
68
+ headers: {
69
+ authorization: `Bearer ${githubToken}`,
70
+ accept: "application/json",
71
+ "user-agent": "Aerial/0.1"
72
+ }
73
+ });
74
+ if (!response.ok) throw new Error(`Copilot token exchange failed: ${response.status} ${await response.text()}`);
75
+ const payload = await response.json();
76
+ const token = payload.token;
77
+ if (!token) throw new Error("Copilot token exchange response did not include token");
78
+ cachedCopilotToken = { token, expiresAt: (payload.expires_at ? Date.parse(payload.expires_at) / 1000 : jwtExpirySeconds(token)) || Math.floor(Date.now() / 1000) + 1200 };
79
+ logEvent("token_refresh_success", { expiresAt: cachedCopilotToken.expiresAt });
80
+ return cachedCopilotToken.token;
81
+ }
82
+
83
+ export async function getCopilotToken({ force = false } = {}) {
84
+ const now = Math.floor(Date.now() / 1000);
85
+ if (!force && cachedCopilotToken && cachedCopilotToken.expiresAt - now > 120) return cachedCopilotToken.token;
86
+ if (!refreshPromise) {
87
+ refreshPromise = exchangeCopilotToken().finally(() => {
88
+ refreshPromise = undefined;
89
+ });
90
+ }
91
+ return refreshPromise;
92
+ }