@kidsinai/kids-client 0.0.7 → 0.0.8

package/package.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://json.schemastore.org/package.json",
   "name": "@kidsinai/kids-client",
-  "version": "0.0.7",
+  "version": "0.0.8",
   "type": "module",
   "description": "Own-client TUI for Kids OpenCode — talks to local `opencode serve` via @opencode-ai/sdk v2 with kid-warm rendering, mission progress, permission dialog, and stderr-tail audit pipeline.",
   "license": "MIT",

package/src/core/env.ts

@@ -62,15 +62,18 @@ export function validateEnv(env: KidsClientEnv): { ok: true } | { ok: false; rea
   // setup wizard writes whatever the parent picked into ~/.config/kids-opencode/env
   // which the wrapper sources before exec.
   //
-  // KIDS_OAUTH_PROVIDER was previously trusted as a credential signal —
-  // that was wrong: upstream opencode dropped Anthropic Pro/Max OAuth in
-  // 1.3.0, so the marker existed without a real credential and opencode
-  // silently fell back to its own api-key picker. Users now get re-routed
-  // through SetupScreen until they paste an actual API key.
+  // KIDS_OAUTH_PROVIDER signals that the wrapper finished
+  // `opencode auth login` and opencode now holds an OAuth token in its
+  // own auth.json store. Only trusted when paired with a provider opencode
+  // actually supports OAuth for — Anthropic Pro/Max stale markers from
+  // 0.0.7/0.0.8 are filtered out in hasAnyProviderKey via the
+  // OAUTH_PROVIDERS check, but here at the env level we accept the bare
+  // marker since validity will be re-checked by opencode at serve time.
   const hasAnyKey =
     env.deeprouterApiKey
     || process.env.ANTHROPIC_API_KEY
     || process.env.OPENAI_API_KEY
+    || process.env.KIDS_OAUTH_PROVIDER
   if (!env.bypassGateway && !hasAnyKey) {
     return {
       ok: false,

package/src/core/setup.ts

@@ -19,28 +19,40 @@ export type ProviderId = "anthropic" | "openai" | "deeprouter"
 /**
  * Wire protocol between SetupScreen and bin/kids-opencode wrapper:
  * kids-client exits with this code to ask the wrapper to run
- * `opencode auth login --provider <p>` (interactive OAuth that needs the
- * TTY), then re-exec kids-client. See bin/kids-opencode §11 loop.
+ * `opencode auth login --provider <p> --method <m>` (interactive OAuth
+ * that needs the TTY), then re-exec kids-client. See bin/kids-opencode loop.
  */
 export const OAUTH_HANDOFF_EXIT_CODE = 123
 
 /**
- * Providers for which upstream opencode currently ships an OAuth/subscription
- * login method. Anthropic Pro/Max was REMOVED in opencode 1.3.0 — Anthropic's
- * ToS prohibits using consumer Claude Pro/Max subscriptions through coding
- * agents like opencode. See:
- *   ~/Documents/sites/kidsinai/opencode-kernel/packages/web/src/content/docs/providers.mdx
+ * Providers for which upstream opencode currently ships an OAuth /
+ * subscription login method.
  *
- * OpenAI ChatGPT Plus IS supported by upstream and is the obvious next
- * candidate to wire here — but until that's done, no provider triggers the
- * auth_choice step and every kid lands directly on the api-key screen.
+ * - openai: ChatGPT Pro/Plus via OAuth. Verified in
+ *   ~/Documents/sites/kidsinai/opencode-kernel/packages/opencode/src/plugin/codex.ts
+ *   (methods: "ChatGPT Pro/Plus (browser)" + "(headless)"). Allowed models
+ *   include gpt-5.4-mini / gpt-5.3-codex / gpt-5.5.
  *
- * The OAuth handoff infrastructure below (OAUTH_HANDOFF_EXIT_CODE,
- * saveSetupOauth, the wrapper's exit-123 loop, the auth_choice screen) is
- * intentionally kept inert rather than deleted — flipping OPENAI back on
- * here when ChatGPT Plus is wired is a one-line revival.
+ * - anthropic: NOT supported. Removed in opencode 1.3.0 because Anthropic's
+ *   ToS prohibits Pro/Max in coding agents. Do not re-add.
+ *
+ * - deeprouter: own gateway, uses api-key.
+ */
+export const OAUTH_PROVIDERS: ReadonlyArray<ProviderId> = ["openai"] as const
+
+/** Per-provider OAuth method label expected by `opencode auth login --method`. */
+export const OAUTH_METHOD_LABELS: Partial<Record<ProviderId, string>> = {
+  openai: "ChatGPT Pro/Plus (browser)",
+}
+
+/**
+ * Default model id to write into opencode.json when the user picks OAuth
+ * (the api-key default is in PROVIDERS[i].defaultModel below — different
+ * because the codex plugin restricts the model list when OAuth is active).
  */
-export const OAUTH_PROVIDERS: ReadonlyArray<ProviderId> = [] as const
+const OAUTH_DEFAULT_MODELS: Partial<Record<ProviderId, string>> = {
+  openai: "openai/gpt-5.4-mini",
+}
 
 export interface ProviderChoice {
   id: ProviderId
@@ -68,8 +80,8 @@ export const PROVIDERS: ProviderChoice[] = [
   },
   {
     id: "openai",
-    label: "OpenAI GPT-4",
-    hint: "Also works. ~$5-10/month for typical kid use.",
+    label: "OpenAI GPT (ChatGPT Plus/Pro 可直接登录)",
+    hint: "Already pay for ChatGPT Plus/Pro? Sign in with that — no API key. Otherwise pay-as-you-go ~$5-10/month.",
     envVar: "OPENAI_API_KEY",
     apiKeyUrl: "https://platform.openai.com/api-keys",
     config: (env) => ({
@@ -136,38 +148,49 @@ export interface SaveOauthOptions {
 /**
  * Stage the OAuth handoff. We write opencode.json without an apiKey block
  * (opencode reads OAuth tokens from its own auth.json), drop any stale
- * provider API keys, and write a KIDS_OAUTH_PROVIDER marker so the
- * wrapper knows which provider to log into. The actual
- * `opencode auth login --provider <p>` invocation happens in
- * bin/kids-opencode after kids-client exits with OAUTH_HANDOFF_EXIT_CODE.
+ * provider API keys, and write KIDS_OAUTH_PROVIDER + KIDS_OAUTH_METHOD
+ * markers so the wrapper knows which provider+method to log into. The
+ * actual `opencode auth login --provider <p> --method <m>` invocation
+ * happens in bin/kids-opencode after kids-client exits with
+ * OAUTH_HANDOFF_EXIT_CODE.
  */
 export function saveSetupOauth(opts: SaveOauthOptions): void {
   const provider = findProvider(opts.provider)
+  const methodLabel = OAUTH_METHOD_LABELS[opts.provider]
+  if (!methodLabel) {
+    throw new Error(`No OAuth method label registered for provider '${opts.provider}'.`)
+  }
   ensureConfigDir(opts.configDir)
 
   // 1. Update env file: clear this provider's API key (avoid stale leakage),
-  //    set marker pointing at the OAuth provider.
+  //    set markers pointing at the OAuth provider + method.
   const envPath = join(opts.configDir, "env")
   const existing = readEnvFile(envPath)
   delete existing[provider.envVar]
   existing.KIDS_OAUTH_PROVIDER = opts.provider
+  existing.KIDS_OAUTH_METHOD = methodLabel
   writeEnvFile(envPath, existing)
 
   // 2. opencode.json without apiKey — opencode uses its auth.json store.
-  writeOpencodeConfig(opts.configDir, provider, { withApiKey: false })
+  //    Use the OAuth-specific default model since the codex plugin restricts
+  //    the model list when OAuth is the active credential.
+  writeOpencodeConfig(opts.configDir, provider, {
+    withApiKey: false,
+    modelOverride: OAUTH_DEFAULT_MODELS[opts.provider],
+  })
 }
 
 function writeOpencodeConfig(
   configDir: string,
   provider: ProviderChoice,
-  flags: { withApiKey: boolean },
+  flags: { withApiKey: boolean; modelOverride?: string },
 ): void {
   const configPath = join(configDir, "opencode.json")
   const config = readJsonOrEmpty(configPath)
   config.provider = flags.withApiKey
     ? provider.config(provider.envVar)
     : { [provider.id]: {} }
-  config.model = provider.defaultModel
+  config.model = flags.modelOverride ?? provider.defaultModel
   if (!config.permission) {
     config.permission = {
       default: "ask",
@@ -188,16 +211,18 @@ function writeOpencodeConfig(
 export function hasAnyProviderKey(configDir: string): boolean {
   const env = readEnvFile(join(configDir, "env"))
   if (env.ANTHROPIC_API_KEY || env.OPENAI_API_KEY || env.DEEPROUTER_API_KEY) return true
+  // KIDS_OAUTH_PROVIDER means setup wizard staged an OAuth handoff and the
+  // wrapper successfully completed `opencode auth login`. opencode keeps the
+  // real token in its own auth.json — we trust it to gate on validity at
+  // serve time. (Only meaningful for providers in OAUTH_PROVIDERS; stale
+  // markers from removed providers are cleaned up at next setup.)
+  if (env.KIDS_OAUTH_PROVIDER && OAUTH_PROVIDERS.includes(env.KIDS_OAUTH_PROVIDER as ProviderId)) return true
   // Also accept keys present in the parent shell env (advanced users).
   return !!(
     process.env.ANTHROPIC_API_KEY
     || process.env.OPENAI_API_KEY
     || process.env.DEEPROUTER_API_KEY
   )
-  // Note: KIDS_OAUTH_PROVIDER marker is intentionally NOT accepted anymore.
-  // Users who got stuck with the marker but no actual OAuth credential
-  // (because opencode never had an Anthropic Pro/Max method to begin with)
-  // will be routed back through SetupScreen to pick an API-key flow.
 }
 
 /** Crude check of API key shape — refuses obvious typos. */

package/src/render/ink/screens/SetupScreen.tsx

@@ -427,8 +427,8 @@ const STRINGS = {
       keys: "[↑↓] 选 · [Enter] 确认 · [Esc] 返回",
       options: [
         {
-          label: "用我的 Claude Pro/Max 订阅（推荐）",
-          hint: "不用 API key、不用充值；用现有 claude.ai 账号一键登录",
+          label: "用我的 ChatGPT Plus / Pro 订阅（推荐）",
+          hint: "不用 API key、不用充值；用现有 chatgpt.com 账号一键登录",
         },
         {
           label: "用 API key（按量计费 ~$5/月）",
@@ -437,8 +437,8 @@ const STRINGS = {
       ],
     },
     oauthHandoff: {
-      title: "正在让 Claude 登录接管屏幕…",
-      line1: "马上会跳出浏览器让你登录 claude.ai 账号。",
+      title: "正在让 ChatGPT 登录接管屏幕…",
+      line1: "马上会跳出浏览器让你登录 chatgpt.com 账号。",
       line2: "登录完后我会自动接回来，给孩子继续。",
     },
     apiKeyTitle: (label: string) => `输入 ${label} 的 API key`,
@@ -496,8 +496,8 @@ const STRINGS = {
       keys: "[↑↓] choose · [Enter] confirm · [Esc] back",
       options: [
         {
-          label: "Use my Claude Pro/Max subscription (recommended)",
-          hint: "No API key, no top-up — sign in with your existing claude.ai account",
+          label: "Use my ChatGPT Plus / Pro subscription (recommended)",
+          hint: "No API key, no top-up — sign in with your existing chatgpt.com account",
         },
         {
           label: "Use an API key (pay-as-you-go ~$5/month)",
@@ -506,8 +506,8 @@ const STRINGS = {
       ],
     },
     oauthHandoff: {
-      title: "Handing off to Claude login…",
-      line1: "A browser window will open to sign in to your claude.ai account.",
+      title: "Handing off to ChatGPT login…",
+      line1: "A browser window will open to sign in to your chatgpt.com account.",
       line2: "I'll pick back up automatically once you're done.",
     },
     apiKeyTitle: (label: string) => `Enter your ${label} API key`,