@link-assistant/agent 0.0.8 → 0.0.11

package/src/agent/agent.ts

@@ -1,18 +1,18 @@
-import { Config } from "../config/config"
-import z from "zod"
-import { Provider } from "../provider/provider"
-import { generateObject, type ModelMessage } from "ai"
-import PROMPT_GENERATE from "./generate.txt"
-import { SystemPrompt } from "../session/system"
-import { Instance } from "../project/instance"
-import { mergeDeep } from "remeda"
+import { Config } from '../config/config';
+import z from 'zod';
+import { Provider } from '../provider/provider';
+import { generateObject, type ModelMessage } from 'ai';
+import PROMPT_GENERATE from './generate.txt';
+import { SystemPrompt } from '../session/system';
+import { Instance } from '../project/instance';
+import { mergeDeep } from 'remeda';
 
 export namespace Agent {
   export const Info = z
     .object({
       name: z.string(),
       description: z.string().optional(),
-      mode: z.enum(["subagent", "primary", "all"]),
+      mode: z.enum(['subagent', 'primary', 'all']),
       builtIn: z.boolean(),
       topP: z.number().optional(),
       temperature: z.number().optional(),
@@ -28,112 +28,126 @@ export namespace Agent {
       options: z.record(z.string(), z.any()),
     })
     .meta({
-      ref: "Agent",
-    })
-  export type Info = z.infer<typeof Info>
+      ref: 'Agent',
+    });
+  export type Info = z.infer<typeof Info>;
 
   const state = Instance.state(async () => {
-    const cfg = await Config.get()
-    const defaultTools = cfg.tools ?? {}
+    const cfg = await Config.get();
+    const defaultTools = cfg.tools ?? {};
 
     const result: Record<string, Info> = {
       general: {
-        name: "general",
+        name: 'general',
         description:
-          "General-purpose agent for researching complex questions, searching for code, and executing multi-step tasks. When you are searching for a keyword or file and are not confident that you will find the right match in the first few tries use this agent to perform the search for you.",
+          'General-purpose agent for researching complex questions, searching for code, and executing multi-step tasks. When you are searching for a keyword or file and are not confident that you will find the right match in the first few tries use this agent to perform the search for you.',
         tools: {
           todoread: false,
           todowrite: false,
           ...defaultTools,
         },
         options: {},
-        mode: "subagent",
+        mode: 'subagent',
         builtIn: true,
       },
       build: {
-        name: "build",
+        name: 'build',
         tools: { ...defaultTools },
         options: {},
-        mode: "primary",
+        mode: 'primary',
         builtIn: true,
       },
       plan: {
-        name: "plan",
+        name: 'plan',
         options: {},
         tools: {
           ...defaultTools,
         },
-        mode: "primary",
+        mode: 'primary',
         builtIn: true,
       },
-    }
+    };
     for (const [key, value] of Object.entries(cfg.agent ?? {})) {
       if (value.disable) {
-        delete result[key]
-        continue
+        delete result[key];
+        continue;
       }
-      let item = result[key]
+      let item = result[key];
       if (!item)
         item = result[key] = {
           name: key,
-          mode: "all",
+          mode: 'all',
           options: {},
           tools: {},
           builtIn: false,
-        }
-      const { name, model, prompt, tools, description, temperature, top_p, mode, color, ...extra } = value
+        };
+      const {
+        name,
+        model,
+        prompt,
+        tools,
+        description,
+        temperature,
+        top_p,
+        mode,
+        color,
+        ...extra
+      } = value;
       item.options = {
         ...item.options,
         ...extra,
-      }
-      if (model) item.model = Provider.parseModel(model)
-      if (prompt) item.prompt = prompt
+      };
+      if (model) item.model = Provider.parseModel(model);
+      if (prompt) item.prompt = prompt;
       if (tools)
         item.tools = {
           ...item.tools,
           ...tools,
-        }
+        };
       item.tools = {
         ...defaultTools,
         ...item.tools,
-      }
-      if (description) item.description = description
-      if (temperature != undefined) item.temperature = temperature
-      if (top_p != undefined) item.topP = top_p
-      if (mode) item.mode = mode
-      if (color) item.color = color
+      };
+      if (description) item.description = description;
+      if (temperature != undefined) item.temperature = temperature;
+      if (top_p != undefined) item.topP = top_p;
+      if (mode) item.mode = mode;
+      if (color) item.color = color;
       // just here for consistency & to prevent it from being added as an option
-      if (name) item.name = name
+      if (name) item.name = name;
     }
-    return result
-  })
+    return result;
+  });
 
   export async function get(agent: string) {
-    return state().then((x) => x[agent])
+    return state().then((x) => x[agent]);
   }
 
   export async function list() {
-    return state().then((x) => Object.values(x))
+    return state().then((x) => Object.values(x));
   }
 
   export async function generate(input: { description: string }) {
-    const defaultModel = await Provider.defaultModel()
-    const model = await Provider.getModel(defaultModel.providerID, defaultModel.modelID)
-    const system = SystemPrompt.header(defaultModel.providerID)
-    system.push(PROMPT_GENERATE)
-    const existing = await list()
+    const defaultModel = await Provider.defaultModel();
+    const model = await Provider.getModel(
+      defaultModel.providerID,
+      defaultModel.modelID
+    );
+    const system = SystemPrompt.header(defaultModel.providerID);
+    system.push(PROMPT_GENERATE);
+    const existing = await list();
     const result = await generateObject({
       temperature: 0.3,
       prompt: [
         ...system.map(
           (item): ModelMessage => ({
-            role: "system",
+            role: 'system',
             content: item,
-          }),
+          })
         ),
         {
-          role: "user",
-          content: `Create an agent configuration based on this request: \"${input.description}\".\n\nIMPORTANT: The following identifiers already exist and must NOT be used: ${existing.map((i) => i.name).join(", ")}\n  Return ONLY the JSON object, no other text, do not wrap in backticks`,
+          role: 'user',
+          content: `Create an agent configuration based on this request: \"${input.description}\".\n\nIMPORTANT: The following identifiers already exist and must NOT be used: ${existing.map((i) => i.name).join(', ')}\n  Return ONLY the JSON object, no other text, do not wrap in backticks`,
         },
       ],
       model: model.language,
@@ -142,8 +156,8 @@ export namespace Agent {
         whenToUse: z.string(),
         systemPrompt: z.string(),
       }),
-    })
-    return result.object
+    });
+    return result.object;
   }
 }
 

package/src/auth/claude-oauth.ts

@@ -0,0 +1,426 @@
+import crypto from 'crypto';
+import path from 'path';
+import { Global } from '../global';
+import { Log } from '../util/log';
+import z from 'zod';
+
+/**
+ * Claude OAuth Module
+ *
+ * Implements OAuth 2.0 with PKCE for Claude authentication.
+ * This allows using Claude Pro/Max subscription for API access.
+ *
+ * OAuth Flow:
+ * 1. Generate PKCE code verifier and challenge
+ * 2. Open browser to authorization URL
+ * 3. User authenticates and authorizes
+ * 4. Receive authorization code via redirect
+ * 5. Exchange code for tokens
+ * 6. Store tokens in ~/.claude/.credentials.json
+ *
+ * References:
+ * - Claude Code CLI uses the same OAuth flow
+ * - https://github.com/grll/claude-code-login for implementation details
+ */
+export namespace ClaudeOAuth {
+  const log = Log.create({ service: 'claude-oauth' });
+
+  /**
+   * OAuth Configuration
+   * These values are from the Claude Code CLI OAuth implementation
+   */
+  export const Config = {
+    // OAuth endpoints
+    authorizationUrl: 'https://claude.ai/oauth/authorize',
+    tokenUrl: 'https://console.anthropic.com/v1/oauth/token',
+    redirectUri: 'https://console.anthropic.com/oauth/code/callback',
+
+    // OAuth client - this is the same client ID used by Claude Code CLI
+    clientId: '9d1c250a-e61b-44d9-88ed-5944d1962f5e',
+
+    // Requested scopes for API access
+    scopes: ['org:create_api_key', 'user:profile', 'user:inference'],
+
+    // API beta header for OAuth authentication
+    betaHeader: 'oauth-2025-04-20',
+  } as const;
+
+  /**
+   * Schema for OAuth credentials stored in ~/.claude/.credentials.json
+   */
+  export const Credentials = z.object({
+    claudeAiOauth: z
+      .object({
+        accessToken: z.string(),
+        refreshToken: z.string(),
+        expiresAt: z.number(),
+        scopes: z.array(z.string()).optional(),
+        subscriptionType: z.string().optional(),
+        rateLimitTier: z.string().optional(),
+      })
+      .optional(),
+  });
+
+  export type Credentials = z.infer<typeof Credentials>;
+
+  /**
+   * Schema for OAuth state file (temporary, during auth flow)
+   */
+  export const OAuthState = z.object({
+    state: z.string(),
+    codeVerifier: z.string(),
+    expiresAt: z.number(),
+  });
+
+  export type OAuthState = z.infer<typeof OAuthState>;
+
+  /**
+   * Schema for token response from OAuth server
+   */
+  export const TokenResponse = z.object({
+    access_token: z.string(),
+    refresh_token: z.string(),
+    expires_in: z.number(),
+    token_type: z.string(),
+    scope: z.string().optional(),
+  });
+
+  export type TokenResponse = z.infer<typeof TokenResponse>;
+
+  /**
+   * Paths for credential and state storage
+   */
+  const claudeDir = path.join(Global.Path.home, '.claude');
+  const credentialsPath = path.join(claudeDir, '.credentials.json');
+  const statePath = path.join(claudeDir, '.oauth_state.json');
+
+  /**
+   * Generate a cryptographically secure random string
+   */
+  function generateRandomString(length: number): string {
+    return crypto.randomBytes(length).toString('base64url');
+  }
+
+  /**
+   * Generate PKCE code challenge from code verifier
+   */
+  function generateCodeChallenge(verifier: string): string {
+    return crypto.createHash('sha256').update(verifier).digest('base64url');
+  }
+
+  /**
+   * Generate authorization URL with PKCE parameters
+   *
+   * @returns Object containing the authorization URL and state data to save
+   */
+  export function generateAuthUrl(): { url: string; state: OAuthState } {
+    // Generate PKCE values
+    const codeVerifier = generateRandomString(32);
+    const codeChallenge = generateCodeChallenge(codeVerifier);
+    const state = generateRandomString(32);
+
+    // Build authorization URL
+    const params = new URLSearchParams({
+      client_id: Config.clientId,
+      redirect_uri: Config.redirectUri,
+      response_type: 'code',
+      scope: Config.scopes.join(' '),
+      state,
+      code_challenge: codeChallenge,
+      code_challenge_method: 'S256',
+    });
+
+    const url = `${Config.authorizationUrl}?${params.toString()}`;
+
+    // State expires in 10 minutes
+    const oauthState: OAuthState = {
+      state,
+      codeVerifier,
+      expiresAt: Date.now() + 10 * 60 * 1000,
+    };
+
+    return { url, state: oauthState };
+  }
+
+  /**
+   * Save OAuth state for later code exchange
+   */
+  export async function saveState(state: OAuthState): Promise<void> {
+    await Bun.write(statePath, JSON.stringify(state, null, 2));
+    log.info('saved oauth state', {
+      expiresAt: new Date(state.expiresAt).toISOString(),
+    });
+  }
+
+  /**
+   * Load saved OAuth state
+   */
+  export async function loadState(): Promise<OAuthState | undefined> {
+    try {
+      const file = Bun.file(statePath);
+      if (!(await file.exists())) {
+        return undefined;
+      }
+      const content = await file.json();
+      const parsed = OAuthState.parse(content);
+
+      if (parsed.expiresAt < Date.now()) {
+        log.warn('oauth state expired');
+        await clearState();
+        return undefined;
+      }
+
+      return parsed;
+    } catch (error) {
+      log.error('failed to load oauth state', { error });
+      return undefined;
+    }
+  }
+
+  /**
+   * Clear saved OAuth state
+   */
+  export async function clearState(): Promise<void> {
+    try {
+      const file = Bun.file(statePath);
+      if (await file.exists()) {
+        await Bun.write(statePath, '');
+        // Delete the file
+        const fs = await import('fs/promises');
+        await fs.unlink(statePath).catch(() => {});
+      }
+    } catch (error) {
+      log.error('failed to clear oauth state', { error });
+    }
+  }
+
+  /**
+   * Exchange authorization code for tokens
+   *
+   * @param code - Authorization code from OAuth callback
+   * @param codeVerifier - PKCE code verifier
+   * @returns Token response from OAuth server
+   */
+  export async function exchangeCode(
+    code: string,
+    codeVerifier: string
+  ): Promise<TokenResponse> {
+    const body = new URLSearchParams({
+      grant_type: 'authorization_code',
+      client_id: Config.clientId,
+      redirect_uri: Config.redirectUri,
+      code,
+      code_verifier: codeVerifier,
+    });
+
+    log.info('exchanging authorization code for tokens');
+
+    const response = await fetch(Config.tokenUrl, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+      },
+      body: body.toString(),
+    });
+
+    if (!response.ok) {
+      const error = await response.text();
+      log.error('token exchange failed', { status: response.status, error });
+      throw new Error(`Token exchange failed: ${response.status} ${error}`);
+    }
+
+    const data = await response.json();
+    return TokenResponse.parse(data);
+  }
+
+  /**
+   * Save credentials to ~/.claude/.credentials.json
+   *
+   * @param tokens - Token response from OAuth server
+   */
+  export async function saveCredentials(tokens: TokenResponse): Promise<void> {
+    // Ensure .claude directory exists
+    const fs = await import('fs/promises');
+    await fs.mkdir(claudeDir, { recursive: true });
+
+    // Load existing credentials if any
+    let existing: Credentials = {};
+    try {
+      const file = Bun.file(credentialsPath);
+      if (await file.exists()) {
+        existing = await file.json();
+      }
+    } catch {
+      // Ignore errors reading existing credentials
+    }
+
+    // Update with new OAuth credentials
+    const credentials: Credentials = {
+      ...existing,
+      claudeAiOauth: {
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        expiresAt: Date.now() + tokens.expires_in * 1000,
+        scopes: tokens.scope?.split(' '),
+        subscriptionType: 'unknown', // Will be populated from API response
+      },
+    };
+
+    await Bun.write(credentialsPath, JSON.stringify(credentials, null, 2));
+    log.info('saved credentials', {
+      expiresAt: new Date(credentials.claudeAiOauth!.expiresAt).toISOString(),
+    });
+  }
+
+  /**
+   * Get stored OAuth credentials
+   *
+   * @returns OAuth credentials if available, undefined otherwise
+   */
+  export async function getCredentials(): Promise<
+    Credentials['claudeAiOauth'] | undefined
+  > {
+    try {
+      const file = Bun.file(credentialsPath);
+      if (!(await file.exists())) {
+        log.info('credentials file not found', { path: credentialsPath });
+        return undefined;
+      }
+
+      const content = await file.json();
+      const parsed = Credentials.parse(content);
+
+      if (!parsed.claudeAiOauth) {
+        log.info('no claudeAiOauth credentials found');
+        return undefined;
+      }
+
+      // Check if token is expired
+      if (parsed.claudeAiOauth.expiresAt < Date.now()) {
+        log.warn('token expired', {
+          expiresAt: new Date(parsed.claudeAiOauth.expiresAt).toISOString(),
+        });
+        // TODO: Implement token refresh using refreshToken
+        // For now, user needs to re-authenticate
+      }
+
+      log.info('loaded oauth credentials', {
+        subscriptionType: parsed.claudeAiOauth.subscriptionType,
+        scopes: parsed.claudeAiOauth.scopes,
+      });
+
+      return parsed.claudeAiOauth;
+    } catch (error) {
+      log.error('failed to read credentials', { error });
+      return undefined;
+    }
+  }
+
+  /**
+   * Get access token for API requests
+   */
+  export async function getAccessToken(): Promise<string | undefined> {
+    const creds = await getCredentials();
+    return creds?.accessToken;
+  }
+
+  /**
+   * Check if OAuth credentials are available and valid
+   */
+  export async function isAuthenticated(): Promise<boolean> {
+    const creds = await getCredentials();
+    if (!creds?.accessToken) return false;
+
+    // Check if not expired (with 5 minute buffer)
+    return creds.expiresAt > Date.now() + 5 * 60 * 1000;
+  }
+
+  /**
+   * Complete the OAuth flow by exchanging the authorization code
+   *
+   * @param code - Authorization code from OAuth callback
+   * @returns Success status
+   */
+  export async function completeAuth(code: string): Promise<boolean> {
+    const state = await loadState();
+    if (!state) {
+      log.error('no oauth state found - please start login flow first');
+      return false;
+    }
+
+    try {
+      const tokens = await exchangeCode(code, state.codeVerifier);
+      await saveCredentials(tokens);
+      await clearState();
+      log.info('authentication completed successfully');
+      return true;
+    } catch (error) {
+      log.error('failed to complete authentication', { error });
+      await clearState();
+      return false;
+    }
+  }
+
+  /**
+   * Refresh the access token using the refresh token
+   */
+  export async function refreshToken(): Promise<boolean> {
+    const creds = await getCredentials();
+    if (!creds?.refreshToken) {
+      log.error('no refresh token available');
+      return false;
+    }
+
+    const body = new URLSearchParams({
+      grant_type: 'refresh_token',
+      client_id: Config.clientId,
+      refresh_token: creds.refreshToken,
+    });
+
+    log.info('refreshing access token');
+
+    try {
+      const response = await fetch(Config.tokenUrl, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: body.toString(),
+      });
+
+      if (!response.ok) {
+        const error = await response.text();
+        log.error('token refresh failed', { status: response.status, error });
+        return false;
+      }
+
+      const tokens = TokenResponse.parse(await response.json());
+      await saveCredentials(tokens);
+      log.info('token refreshed successfully');
+      return true;
+    } catch (error) {
+      log.error('failed to refresh token', { error });
+      return false;
+    }
+  }
+
+  /**
+   * Create a custom fetch function that uses OAuth Bearer token authentication
+   */
+  export function createAuthenticatedFetch(accessToken: string): typeof fetch {
+    return async (url, init) => {
+      const headers = new Headers(init?.headers);
+      // Remove x-api-key if present and add Authorization Bearer
+      headers.delete('x-api-key');
+      headers.set('Authorization', `Bearer ${accessToken}`);
+      // Add OAuth beta header
+      const existingBeta = headers.get('anthropic-beta');
+      if (existingBeta) {
+        headers.set('anthropic-beta', `${Config.betaHeader},${existingBeta}`);
+      } else {
+        headers.set('anthropic-beta', Config.betaHeader);
+      }
+      return fetch(url, { ...init, headers });
+    };
+  }
+}