npm - @kenkaiiii/gg-core - Versions diffs - 4.4.0 → 4.6.0 - Mend

@kenkaiiii/gg-core 4.4.0 → 4.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/dist/{chunk-USAVZGPP.js → chunk-74Z6I5V7.js} +34 -4
package/dist/chunk-74Z6I5V7.js.map +1 -0
package/dist/index.cjs +319 -16
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +66 -2
package/dist/index.d.ts +66 -2
package/dist/index.js +276 -7
package/dist/index.js.map +1 -1
package/dist/model-registry.cjs +35 -3
package/dist/model-registry.cjs.map +1 -1
package/dist/model-registry.d.cts +21 -1
package/dist/model-registry.d.ts +21 -1
package/dist/model-registry.js +5 -1
package/package.json +2 -2
package/dist/chunk-USAVZGPP.js.map +0 -1

package/dist/index.d.cts CHANGED Viewed

@@ -1,4 +1,4 @@
-export { ContextWindowOptions, MODELS, ModelInfo, getContextWindow, getDefaultModel, getMaxThinkingLevel, getModel, getModelsForProvider, getSummaryModel, usesOpenAICodexTransport } from './model-registry.cjs';
+export { ContextWindowOptions, DEFAULT_MAX_VIDEO_BYTES, MODELS, ModelInfo, getContextWindow, getDefaultModel, getMaxThinkingLevel, getModel, getModelsForProvider, getSummaryModel, getVideoByteLimit, usesOpenAICodexTransport } from './model-registry.cjs';
 import { Provider, ThinkingLevel } from '@kenkaiiii/gg-ai';
 export { AppPaths, getAppPaths } from './paths.cjs';
@@ -65,6 +65,12 @@ interface OAuthLoginCallbacks {
     onStatus: (message: string) => void;
 }
+/**
+ * Storage key for Kimi Code OAuth credentials. Kept distinct from the
+ * `moonshot` API-key entry so a user can configure BOTH and we always
+ * prefer OAuth for the logical `moonshot` provider.
+ */
+declare const MOONSHOT_OAUTH_KEY = "moonshot-oauth";
 declare class AuthStorage {
     private data;
     private filePath;
@@ -78,6 +84,18 @@ declare class AuthStorage {
     listProviders(): Promise<string[]>;
     /** True if credentials exist for `provider`. */
     hasCredentials(provider: string): Promise<boolean>;
+    /**
+     * True if the user has any usable auth for the logical provider. For
+     * `moonshot` this is satisfied by either the Kimi OAuth credential or the
+     * Moonshot API key.
+     */
+    hasProviderAuth(provider: string): Promise<boolean>;
+    /**
+     * True if the active credential for `provider` is a static API key with no
+     * refresh mechanism. For `moonshot` this is only true when the Kimi OAuth
+     * credential is absent (a present OAuth credential is refreshable).
+     */
+    isStaticApiKey(provider: string): Promise<boolean>;
     load(): Promise<void>;
     private ensureLoaded;
     getCredentials(provider: string): Promise<OAuthCredentials | undefined>;
@@ -119,6 +137,52 @@ declare function refreshOpenAIToken(refreshToken: string): Promise<OAuthCredenti
 declare function loginGemini(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials>;
 declare function refreshGeminiToken(refreshToken: string): Promise<OAuthCredentials>;
+/**
+ * Kimi Code OAuth — Device Authorization Grant (RFC 8628).
+ *
+ * Mirrors MoonshotAI/kimi-code's managed-auth flow. Three form-encoded
+ * POST endpoints against the OAuth host (default `https://auth.kimi.com`):
+ *
+ *  - `/api/oauth/device_authorization` (client_id)           → device + user code
+ *  - `/api/oauth/token` (grant_type=device_code)             → poll until authorized
+ *  - `/api/oauth/token` (grant_type=refresh_token)           → refresh access token
+ *
+ * Unlike Anthropic/OpenAI/Gemini (browser-redirect PKCE), this is a
+ * device-code/poll flow: we show the user a URL + code, they authorize in a
+ * browser on any device, and we poll for the token.
+ *
+ * After login the issued token is used against the managed coding API
+ * (`https://api.kimi.com/coding/v1`, distinct from the `api.moonshot.ai`
+ * API-key endpoint) via `Authorization: Bearer <access_token>`. We persist
+ * that base URL on the credential so the runtime routes there automatically.
+ */
+/** Managed coding API base URL the issued OAuth token is used against. */
+declare function kimiCodeBaseUrl(): string;
+/**
+ * Headers the Kimi For Coding API requires on every model request. The
+ * managed endpoint gates access to recognized coding agents: requests must
+ * carry a `kimi_code_cli` platform identity and matching `User-Agent`, or the
+ * server rejects with "only available for Coding Agents". Attach these to the
+ * inference client's default headers whenever the Kimi OAuth token is used.
+ */
+declare function kimiCodingHeaders(): Record<string, string>;
+/**
+ * True if `baseUrl` targets the Kimi For Coding managed endpoint (the URL
+ * persisted on Kimi OAuth credentials). Callers use this to decide whether to
+ * attach `kimiCodingHeaders()` — the Moonshot API-key path uses a different
+ * host and must NOT receive the coding-agent identity headers.
+ */
+declare function isKimiCodingEndpoint(baseUrl: string | undefined): boolean;
+/**
+ * Drive the Kimi device-code flow end-to-end. Shows the verification URL +
+ * user code via callbacks, opens the browser, and polls until the user
+ * authorizes (or a 15-minute local timeout elapses).
+ */
+declare function loginKimi(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials>;
+/** Exchange a refresh token for a fresh Kimi access token. */
+declare function refreshKimiToken(refreshToken: string): Promise<OAuthCredentials>;
 /**
  * Minimal Telegram Bot API client using raw fetch().
  * Supports long polling, markdown messages, inline keyboards, and message splitting.
@@ -292,4 +356,4 @@ interface AutoUpdater {
 }
 declare function createAutoUpdater(config: AutoUpdateConfig): AutoUpdater;
-export { AuthStorage, type AutoUpdateConfig, type AutoUpdater, type InlineButton, type LogLevel, NotLoggedInError, type OAuthCredentials, type OAuthLoginCallbacks, type ProgressCallback, TelegramBot, type TelegramConfig, type TelegramMessage, type TelegramUpdate, type TelegramVoiceMessage, closeLogger, createAutoUpdater, decodeOggOpus, downmixToMono, generatePKCE, getClaudeCliUserAgent, getClaudeCodeVersion, getNextThinkingLevel, getSessionId, getSupportedThinkingLevels, isLoggerOpen, isModelLoaded, isThinkingLevelSupported, log, loginAnthropic, loginGemini, loginOpenAI, openLog, refreshAnthropicToken, refreshGeminiToken, refreshOpenAIToken, registerLogCleanup, resample, setProgressCallback, transcribeVoice, withFileLock };
+export { AuthStorage, type AutoUpdateConfig, type AutoUpdater, type InlineButton, type LogLevel, MOONSHOT_OAUTH_KEY, NotLoggedInError, type OAuthCredentials, type OAuthLoginCallbacks, type ProgressCallback, TelegramBot, type TelegramConfig, type TelegramMessage, type TelegramUpdate, type TelegramVoiceMessage, closeLogger, createAutoUpdater, decodeOggOpus, downmixToMono, generatePKCE, getClaudeCliUserAgent, getClaudeCodeVersion, getNextThinkingLevel, getSessionId, getSupportedThinkingLevels, isKimiCodingEndpoint, isLoggerOpen, isModelLoaded, isThinkingLevelSupported, kimiCodeBaseUrl, kimiCodingHeaders, log, loginAnthropic, loginGemini, loginKimi, loginOpenAI, openLog, refreshAnthropicToken, refreshGeminiToken, refreshKimiToken, refreshOpenAIToken, registerLogCleanup, resample, setProgressCallback, transcribeVoice, withFileLock };

package/dist/index.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-export { ContextWindowOptions, MODELS, ModelInfo, getContextWindow, getDefaultModel, getMaxThinkingLevel, getModel, getModelsForProvider, getSummaryModel, usesOpenAICodexTransport } from './model-registry.js';
+export { ContextWindowOptions, DEFAULT_MAX_VIDEO_BYTES, MODELS, ModelInfo, getContextWindow, getDefaultModel, getMaxThinkingLevel, getModel, getModelsForProvider, getSummaryModel, getVideoByteLimit, usesOpenAICodexTransport } from './model-registry.js';
 import { Provider, ThinkingLevel } from '@kenkaiiii/gg-ai';
 export { AppPaths, getAppPaths } from './paths.js';
@@ -65,6 +65,12 @@ interface OAuthLoginCallbacks {
     onStatus: (message: string) => void;
 }
+/**
+ * Storage key for Kimi Code OAuth credentials. Kept distinct from the
+ * `moonshot` API-key entry so a user can configure BOTH and we always
+ * prefer OAuth for the logical `moonshot` provider.
+ */
+declare const MOONSHOT_OAUTH_KEY = "moonshot-oauth";
 declare class AuthStorage {
     private data;
     private filePath;
@@ -78,6 +84,18 @@ declare class AuthStorage {
     listProviders(): Promise<string[]>;
     /** True if credentials exist for `provider`. */
     hasCredentials(provider: string): Promise<boolean>;
+    /**
+     * True if the user has any usable auth for the logical provider. For
+     * `moonshot` this is satisfied by either the Kimi OAuth credential or the
+     * Moonshot API key.
+     */
+    hasProviderAuth(provider: string): Promise<boolean>;
+    /**
+     * True if the active credential for `provider` is a static API key with no
+     * refresh mechanism. For `moonshot` this is only true when the Kimi OAuth
+     * credential is absent (a present OAuth credential is refreshable).
+     */
+    isStaticApiKey(provider: string): Promise<boolean>;
     load(): Promise<void>;
     private ensureLoaded;
     getCredentials(provider: string): Promise<OAuthCredentials | undefined>;
@@ -119,6 +137,52 @@ declare function refreshOpenAIToken(refreshToken: string): Promise<OAuthCredenti
 declare function loginGemini(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials>;
 declare function refreshGeminiToken(refreshToken: string): Promise<OAuthCredentials>;
+/**
+ * Kimi Code OAuth — Device Authorization Grant (RFC 8628).
+ *
+ * Mirrors MoonshotAI/kimi-code's managed-auth flow. Three form-encoded
+ * POST endpoints against the OAuth host (default `https://auth.kimi.com`):
+ *
+ *  - `/api/oauth/device_authorization` (client_id)           → device + user code
+ *  - `/api/oauth/token` (grant_type=device_code)             → poll until authorized
+ *  - `/api/oauth/token` (grant_type=refresh_token)           → refresh access token
+ *
+ * Unlike Anthropic/OpenAI/Gemini (browser-redirect PKCE), this is a
+ * device-code/poll flow: we show the user a URL + code, they authorize in a
+ * browser on any device, and we poll for the token.
+ *
+ * After login the issued token is used against the managed coding API
+ * (`https://api.kimi.com/coding/v1`, distinct from the `api.moonshot.ai`
+ * API-key endpoint) via `Authorization: Bearer <access_token>`. We persist
+ * that base URL on the credential so the runtime routes there automatically.
+ */
+/** Managed coding API base URL the issued OAuth token is used against. */
+declare function kimiCodeBaseUrl(): string;
+/**
+ * Headers the Kimi For Coding API requires on every model request. The
+ * managed endpoint gates access to recognized coding agents: requests must
+ * carry a `kimi_code_cli` platform identity and matching `User-Agent`, or the
+ * server rejects with "only available for Coding Agents". Attach these to the
+ * inference client's default headers whenever the Kimi OAuth token is used.
+ */
+declare function kimiCodingHeaders(): Record<string, string>;
+/**
+ * True if `baseUrl` targets the Kimi For Coding managed endpoint (the URL
+ * persisted on Kimi OAuth credentials). Callers use this to decide whether to
+ * attach `kimiCodingHeaders()` — the Moonshot API-key path uses a different
+ * host and must NOT receive the coding-agent identity headers.
+ */
+declare function isKimiCodingEndpoint(baseUrl: string | undefined): boolean;
+/**
+ * Drive the Kimi device-code flow end-to-end. Shows the verification URL +
+ * user code via callbacks, opens the browser, and polls until the user
+ * authorizes (or a 15-minute local timeout elapses).
+ */
+declare function loginKimi(callbacks: OAuthLoginCallbacks): Promise<OAuthCredentials>;
+/** Exchange a refresh token for a fresh Kimi access token. */
+declare function refreshKimiToken(refreshToken: string): Promise<OAuthCredentials>;
 /**
  * Minimal Telegram Bot API client using raw fetch().
  * Supports long polling, markdown messages, inline keyboards, and message splitting.
@@ -292,4 +356,4 @@ interface AutoUpdater {
 }
 declare function createAutoUpdater(config: AutoUpdateConfig): AutoUpdater;
-export { AuthStorage, type AutoUpdateConfig, type AutoUpdater, type InlineButton, type LogLevel, NotLoggedInError, type OAuthCredentials, type OAuthLoginCallbacks, type ProgressCallback, TelegramBot, type TelegramConfig, type TelegramMessage, type TelegramUpdate, type TelegramVoiceMessage, closeLogger, createAutoUpdater, decodeOggOpus, downmixToMono, generatePKCE, getClaudeCliUserAgent, getClaudeCodeVersion, getNextThinkingLevel, getSessionId, getSupportedThinkingLevels, isLoggerOpen, isModelLoaded, isThinkingLevelSupported, log, loginAnthropic, loginGemini, loginOpenAI, openLog, refreshAnthropicToken, refreshGeminiToken, refreshOpenAIToken, registerLogCleanup, resample, setProgressCallback, transcribeVoice, withFileLock };
+export { AuthStorage, type AutoUpdateConfig, type AutoUpdater, type InlineButton, type LogLevel, MOONSHOT_OAUTH_KEY, NotLoggedInError, type OAuthCredentials, type OAuthLoginCallbacks, type ProgressCallback, TelegramBot, type TelegramConfig, type TelegramMessage, type TelegramUpdate, type TelegramVoiceMessage, closeLogger, createAutoUpdater, decodeOggOpus, downmixToMono, generatePKCE, getClaudeCliUserAgent, getClaudeCodeVersion, getNextThinkingLevel, getSessionId, getSupportedThinkingLevels, isKimiCodingEndpoint, isLoggerOpen, isModelLoaded, isThinkingLevelSupported, kimiCodeBaseUrl, kimiCodingHeaders, log, loginAnthropic, loginGemini, loginKimi, loginOpenAI, openLog, refreshAnthropicToken, refreshGeminiToken, refreshKimiToken, refreshOpenAIToken, registerLogCleanup, resample, setProgressCallback, transcribeVoice, withFileLock };

package/dist/index.js CHANGED Viewed

@@ -1,4 +1,5 @@
 import {
+  DEFAULT_MAX_VIDEO_BYTES,
   MODELS,
   getContextWindow,
   getDefaultModel,
@@ -6,8 +7,9 @@ import {
   getModel,
   getModelsForProvider,
   getSummaryModel,
+  getVideoByteLimit,
   usesOpenAICodexTransport
-} from "./chunk-USAVZGPP.js";
+} from "./chunk-74Z6I5V7.js";
 import {
   getAppPaths
 } from "./chunk-TZNVRILI.js";
@@ -951,7 +953,232 @@ function codeAssistHeaders(accessToken) {
   };
 }
+// src/oauth/kimi.ts
+import { execFileSync } from "child_process";
+import { randomUUID } from "crypto";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { arch, hostname, release, type } from "os";
+import path3 from "path";
+var CLIENT_ID3 = "17e5f671-d194-4dfb-9706-5516cb48c098";
+var DEFAULT_OAUTH_HOST = "https://auth.kimi.com";
+var DEFAULT_CODING_BASE_URL = "https://api.kimi.com/coding/v1";
+var KIMI_PLATFORM = "kimi_code_cli";
+var DEFAULT_KIMI_VERSION = "1.0.11";
+var DEVICE_TIMEOUT_MS = 15 * 60 * 1e3;
+function oauthHost() {
+  const host = process.env.KIMI_CODE_OAUTH_HOST ?? process.env.KIMI_OAUTH_HOST ?? DEFAULT_OAUTH_HOST;
+  return host.replace(/\/+$/, "");
+}
+function kimiCodeBaseUrl() {
+  return (process.env.KIMI_CODE_BASE_URL ?? DEFAULT_CODING_BASE_URL).replace(/\/+$/, "");
+}
+function kimiVersion() {
+  const v = process.env.KIMI_CODE_VERSION ?? DEFAULT_KIMI_VERSION;
+  return asciiHeader(v, DEFAULT_KIMI_VERSION);
+}
+function asciiHeader(value, fallback = "unknown") {
+  const cleaned = value.replace(/[^\u0020-\u007E]/g, "").trim();
+  return cleaned.length > 0 ? cleaned : fallback;
+}
+function macOsProductVersion() {
+  try {
+    const version = execFileSync("/usr/bin/sw_vers", ["-productVersion"], {
+      encoding: "utf-8",
+      timeout: 1e3
+    }).trim();
+    return version.length > 0 ? version : void 0;
+  } catch {
+    return void 0;
+  }
+}
+function deviceModel() {
+  const os = type();
+  const version = release();
+  const osArch = arch();
+  if (os === "Darwin") return `macOS ${macOsProductVersion() ?? version} ${osArch}`;
+  if (os === "Windows_NT") return `Windows ${version} ${osArch}`;
+  return `${os} ${version} ${osArch}`.trim();
+}
+function deviceId() {
+  const idPath = path3.join(getAppPaths().agentDir, "kimi_device_id");
+  if (existsSync(idPath)) {
+    try {
+      const text = readFileSync(idPath, "utf-8").trim();
+      if (text.length > 0) return text;
+    } catch {
+    }
+  }
+  const id = randomUUID();
+  try {
+    mkdirSync(getAppPaths().agentDir, { recursive: true, mode: 448 });
+    writeFileSync(idPath, id, { encoding: "utf-8", mode: 384 });
+  } catch {
+  }
+  return id;
+}
+function deviceHeaders() {
+  return {
+    "X-Msh-Platform": KIMI_PLATFORM,
+    "X-Msh-Version": kimiVersion(),
+    "X-Msh-Device-Name": asciiHeader(hostname()),
+    "X-Msh-Device-Model": asciiHeader(deviceModel()),
+    "X-Msh-Os-Version": asciiHeader(release()),
+    "X-Msh-Device-Id": deviceId()
+  };
+}
+function kimiCodingHeaders() {
+  return {
+    "User-Agent": `kimi-code-cli/${kimiVersion()}`,
+    ...deviceHeaders()
+  };
+}
+function isKimiCodingEndpoint(baseUrl) {
+  if (typeof baseUrl !== "string" || baseUrl.length === 0) return false;
+  const normalized = baseUrl.replace(/\/+$/, "");
+  return normalized === kimiCodeBaseUrl() || /(^|\.)kimi\.com/i.test(normalized);
+}
+async function postForm(endpoint, params) {
+  const response = await fetch(`${oauthHost()}${endpoint}`, {
+    method: "POST",
+    headers: {
+      ...deviceHeaders(),
+      "Content-Type": "application/x-www-form-urlencoded",
+      Accept: "application/json"
+    },
+    body: new URLSearchParams(params).toString()
+  });
+  let data = {};
+  try {
+    const parsed = await response.json();
+    if (parsed && typeof parsed === "object") data = parsed;
+  } catch {
+  }
+  return { status: response.status, data };
+}
+function errorDetail(data) {
+  const desc = data.error_description ?? data.message ?? data.error;
+  return typeof desc === "string" && desc.length > 0 ? desc : "unknown error";
+}
+function credsFromTokenResponse(data) {
+  const accessToken = data.access_token;
+  const refreshToken = data.refresh_token;
+  const expiresIn = Number(data.expires_in);
+  if (typeof accessToken !== "string" || accessToken.length === 0) {
+    throw new Error("Kimi OAuth response missing access_token.");
+  }
+  if (typeof refreshToken !== "string" || refreshToken.length === 0) {
+    throw new Error("Kimi OAuth response missing refresh_token.");
+  }
+  if (!Number.isFinite(expiresIn) || expiresIn <= 0) {
+    throw new Error("Kimi OAuth response missing or invalid expires_in.");
+  }
+  return {
+    accessToken,
+    refreshToken,
+    expiresAt: Date.now() + expiresIn * 1e3,
+    baseUrl: kimiCodeBaseUrl()
+  };
+}
+async function requestDeviceAuthorization() {
+  const { status, data } = await postForm("/api/oauth/device_authorization", {
+    client_id: CLIENT_ID3
+  });
+  if (status !== 200) {
+    throw new Error(`Kimi device authorization failed (${status}): ${errorDetail(data)}`);
+  }
+  const userCode = data.user_code;
+  const deviceCode = data.device_code;
+  const verificationUriComplete = data.verification_uri_complete;
+  if (typeof userCode !== "string" || typeof deviceCode !== "string") {
+    throw new Error("Kimi device authorization response missing user_code/device_code.");
+  }
+  return {
+    userCode,
+    deviceCode,
+    verificationUri: typeof data.verification_uri === "string" ? data.verification_uri : "",
+    verificationUriComplete: typeof verificationUriComplete === "string" ? verificationUriComplete : "",
+    interval: Number(data.interval ?? 5) || 5
+  };
+}
+async function pollDeviceToken(deviceCode) {
+  const { status, data } = await postForm("/api/oauth/token", {
+    client_id: CLIENT_ID3,
+    device_code: deviceCode,
+    grant_type: "urn:ietf:params:oauth:grant-type:device_code"
+  });
+  if (status === 200 && typeof data.access_token === "string") {
+    return { kind: "success", creds: credsFromTokenResponse(data) };
+  }
+  if (status >= 500) {
+    throw new Error(`Kimi token polling server error (${status}): ${errorDetail(data)}`);
+  }
+  const errorCode = typeof data.error === "string" ? data.error : "unknown_error";
+  switch (errorCode) {
+    case "authorization_pending":
+      return { kind: "pending" };
+    case "slow_down":
+      return { kind: "slow_down" };
+    case "expired_token":
+      return { kind: "expired" };
+    case "access_denied":
+      return { kind: "denied" };
+    default:
+      throw new Error(`Kimi token polling failed (${status}): ${errorDetail(data)}`);
+  }
+}
+function sleep(ms) {
+  return new Promise((resolve) => {
+    setTimeout(resolve, ms);
+  });
+}
+async function loginKimi(callbacks) {
+  const auth = await requestDeviceAuthorization();
+  callbacks.onStatus(
+    `Visit ${auth.verificationUri || auth.verificationUriComplete} and enter code: ${auth.userCode}`
+  );
+  callbacks.onOpenUrl(auth.verificationUriComplete || auth.verificationUri);
+  callbacks.onStatus("Waiting for you to authorize in the browser...");
+  const deadline = Date.now() + DEVICE_TIMEOUT_MS;
+  let interval = Math.max(auth.interval, 1);
+  while (Date.now() < deadline) {
+    await sleep(interval * 1e3);
+    const result = await pollDeviceToken(auth.deviceCode);
+    if (result.kind === "success") return result.creds;
+    if (result.kind === "denied") {
+      throw new Error("Kimi authorization was denied.");
+    }
+    if (result.kind === "expired") {
+      throw new Error("Kimi device code expired. Please run login again.");
+    }
+    if (result.kind === "slow_down") {
+      interval += 5;
+    }
+  }
+  throw new Error("Kimi login timed out. Please run login again.");
+}
+async function refreshKimiToken(refreshToken) {
+  const { status, data } = await postForm("/api/oauth/token", {
+    client_id: CLIENT_ID3,
+    grant_type: "refresh_token",
+    refresh_token: refreshToken
+  });
+  if (status === 200 && typeof data.access_token === "string") {
+    return credsFromTokenResponse(data);
+  }
+  const errorCode = typeof data.error === "string" ? data.error : "";
+  throw new Error(`Kimi token refresh failed (${status}): ${errorCode || errorDetail(data)}`);
+}
 // src/auth-storage.ts
+var MOONSHOT_OAUTH_KEY = "moonshot-oauth";
+var STATIC_API_KEY_PROVIDERS = /* @__PURE__ */ new Set([
+  "glm",
+  "moonshot",
+  "xiaomi",
+  "minimax",
+  "deepseek",
+  "openrouter"
+]);
 var AuthStorage = class {
   data = {};
   filePath;
@@ -975,6 +1202,30 @@ var AuthStorage = class {
     await this.ensureLoaded();
     return Boolean(this.data[provider]);
   }
+  /**
+   * True if the user has any usable auth for the logical provider. For
+   * `moonshot` this is satisfied by either the Kimi OAuth credential or the
+   * Moonshot API key.
+   */
+  async hasProviderAuth(provider) {
+    await this.ensureLoaded();
+    if (provider === "moonshot") {
+      return Boolean(this.data[MOONSHOT_OAUTH_KEY] || this.data["moonshot"]);
+    }
+    return Boolean(this.data[provider]);
+  }
+  /**
+   * True if the active credential for `provider` is a static API key with no
+   * refresh mechanism. For `moonshot` this is only true when the Kimi OAuth
+   * credential is absent (a present OAuth credential is refreshable).
+   */
+  async isStaticApiKey(provider) {
+    await this.ensureLoaded();
+    if (provider === "moonshot" && this.data[MOONSHOT_OAUTH_KEY]) {
+      return false;
+    }
+    return STATIC_API_KEY_PROVIDERS.has(provider);
+  }
   async load() {
     await withFileLock(this.filePath, async () => {
       try {
@@ -1029,11 +1280,21 @@ var AuthStorage = class {
    */
   async resolveCredentials(provider, opts) {
     await this.ensureLoaded();
+    if (provider === "moonshot" && this.data[MOONSHOT_OAUTH_KEY]) {
+      try {
+        return await this.resolveCredentials(MOONSHOT_OAUTH_KEY, opts);
+      } catch (err) {
+        if (err instanceof NotLoggedInError && this.data["moonshot"]) {
+          return this.data["moonshot"];
+        }
+        throw err;
+      }
+    }
     const creds = this.data[provider];
     if (!creds) {
       throw new NotLoggedInError(provider);
     }
-    if (provider === "glm" || provider === "moonshot" || provider === "xiaomi" || provider === "minimax" || provider === "deepseek" || provider === "openrouter") {
+    if (STATIC_API_KEY_PROVIDERS.has(provider)) {
       return creds;
     }
     if (!opts?.forceRefresh && Date.now() < creds.expiresAt) {
@@ -1052,7 +1313,7 @@ var AuthStorage = class {
         }
       } catch {
       }
-      const refreshFn = provider === "anthropic" ? refreshAnthropicToken : provider === "gemini" ? refreshGeminiToken : refreshOpenAIToken;
+      const refreshFn = provider === "anthropic" ? refreshAnthropicToken : provider === "gemini" ? refreshGeminiToken : provider === MOONSHOT_OAUTH_KEY ? refreshKimiToken : refreshOpenAIToken;
       let refreshed;
       try {
         refreshed = await refreshFn(creds.refreshToken);
@@ -1170,7 +1431,7 @@ var TelegramBot = class {
       } catch (err) {
         if (!this.running) break;
         console.error(`[telegram] Poll error: ${err instanceof Error ? err.message : err}`);
-        await sleep(3e3);
+        await sleep2(3e3);
       }
     }
   }
@@ -1340,7 +1601,7 @@ function splitMessage(text) {
   }
   return chunks;
 }
-function sleep(ms) {
+function sleep2(ms) {
   return new Promise((r) => setTimeout(r, ms));
 }
@@ -1427,7 +1688,7 @@ async function transcribeVoice(fileUrl) {
 // src/auto-update.ts
 import { spawn } from "child_process";
 import fs5 from "fs";
-import path3 from "path";
+import path4 from "path";
 var CHECK_INTERVAL_MS = 60 * 60 * 1e3;
 var FETCH_TIMEOUT_MS2 = 1e4;
 function compareVersions(a, b) {
@@ -1469,7 +1730,7 @@ function createAutoUpdater(config) {
   function writeState(state) {
     try {
       const filePath = stateFilePath();
-      fs5.mkdirSync(path3.dirname(filePath), { recursive: true, mode: 448 });
+      fs5.mkdirSync(path4.dirname(filePath), { recursive: true, mode: 448 });
       fs5.writeFileSync(filePath, JSON.stringify(state));
     } catch {
     }
@@ -1594,7 +1855,9 @@ function createAutoUpdater(config) {
 }
 export {
   AuthStorage,
+  DEFAULT_MAX_VIDEO_BYTES,
   MODELS,
+  MOONSHOT_OAUTH_KEY,
   NotLoggedInError,
   TelegramBot,
   closeLogger,
@@ -1614,16 +1877,22 @@ export {
   getSessionId,
   getSummaryModel,
   getSupportedThinkingLevels,
+  getVideoByteLimit,
+  isKimiCodingEndpoint,
   isLoggerOpen,
   isModelLoaded,
   isThinkingLevelSupported,
+  kimiCodeBaseUrl,
+  kimiCodingHeaders,
   log,
   loginAnthropic,
   loginGemini,
+  loginKimi,
   loginOpenAI,
   openLog,
   refreshAnthropicToken,
   refreshGeminiToken,
+  refreshKimiToken,
   refreshOpenAIToken,
   registerLogCleanup,
   resample,