@link-assistant/agent 0.1.4 → 0.2.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@link-assistant/agent",
-  "version": "0.1.4",
+  "version": "0.2.1",
   "description": "A minimal, public domain AI CLI agent compatible with OpenCode's JSON interface. Bun-only runtime.",
   "main": "src/index.js",
   "type": "module",

package/src/auth/plugins.ts

@@ -1,4 +1,6 @@
 import crypto from 'crypto';
+import * as http from 'node:http';
+import * as net from 'node:net';
 import { Auth } from './index';
 import { Log } from '../util/log';
 
@@ -832,6 +834,279 @@ const OpenAIPlugin: AuthPlugin = {
   },
 };
 
+/**
+ * Google OAuth Configuration
+ * Used for Google AI Pro/Ultra subscription authentication
+ *
+ * These credentials are from the official Gemini CLI (google-gemini/gemini-cli)
+ * and are public for installed applications as per Google OAuth documentation:
+ * https://developers.google.com/identity/protocols/oauth2#installed
+ */
+const GOOGLE_OAUTH_CLIENT_ID =
+  '681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com';
+const GOOGLE_OAUTH_CLIENT_SECRET = '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';
+const GOOGLE_OAUTH_SCOPES = [
+  'https://www.googleapis.com/auth/cloud-platform',
+  'https://www.googleapis.com/auth/userinfo.email',
+  'https://www.googleapis.com/auth/userinfo.profile',
+];
+
+// Google OAuth endpoints
+const GOOGLE_AUTH_URL = 'https://accounts.google.com/o/oauth2/v2/auth';
+const GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token';
+const GOOGLE_USERINFO_URL = 'https://www.googleapis.com/oauth2/v2/userinfo';
+
+/**
+ * Google OAuth Plugin
+ * Supports:
+ * - Google AI Pro/Ultra OAuth login
+ * - Manual API key entry
+ *
+ * Note: This plugin uses OAuth 2.0 with PKCE for Google AI subscription authentication.
+ * After authenticating, you can use Gemini models with subscription benefits.
+ */
+const GooglePlugin: AuthPlugin = {
+  provider: 'google',
+  methods: [
+    {
+      label: 'Google AI Pro/Ultra (OAuth)',
+      type: 'oauth',
+      async authorize() {
+        const pkce = await generatePKCE();
+        const state = generateRandomString(16);
+
+        // Start local server to handle OAuth redirect
+        const server = http.createServer();
+        let serverPort = 0;
+        let authCode: string | null = null;
+        let authState: string | null = null;
+
+        const authPromise = new Promise<{ code: string; state: string }>(
+          (resolve, reject) => {
+            server.on('request', (req, res) => {
+              const url = new URL(req.url!, `http://localhost:${serverPort}`);
+              const code = url.searchParams.get('code');
+              const receivedState = url.searchParams.get('state');
+              const error = url.searchParams.get('error');
+
+              if (error) {
+                res.writeHead(400, { 'Content-Type': 'text/html' });
+                res.end(`
+                <html>
+                  <body>
+                    <h1>Authentication Failed</h1>
+                    <p>Error: ${error}</p>
+                    <p>You can close this window.</p>
+                  </body>
+                </html>
+              `);
+                server.close();
+                reject(new Error(`OAuth error: ${error}`));
+                return;
+              }
+
+              if (code && receivedState) {
+                if (receivedState !== state) {
+                  res.writeHead(400, { 'Content-Type': 'text/html' });
+                  res.end('Invalid state parameter');
+                  server.close();
+                  reject(new Error('State mismatch - possible CSRF attack'));
+                  return;
+                }
+
+                res.writeHead(200, { 'Content-Type': 'text/html' });
+                res.end(`
+                <html>
+                  <body>
+                    <h1>Authentication Successful!</h1>
+                    <p>You can close this window and return to the terminal.</p>
+                    <script>window.close();</script>
+                  </body>
+                </html>
+              `);
+                server.close();
+                resolve({ code, state: receivedState });
+                return;
+              }
+
+              res.writeHead(400, { 'Content-Type': 'text/html' });
+              res.end('Missing code or state parameter');
+            });
+
+            server.listen(0, () => {
+              const address = server.address() as net.AddressInfo;
+              serverPort = address.port;
+            });
+
+            server.on('error', reject);
+
+            // Timeout after 5 minutes
+            setTimeout(
+              () => {
+                server.close();
+                reject(new Error('OAuth timeout'));
+              },
+              5 * 60 * 1000
+            );
+          }
+        );
+
+        // Build authorization URL with local redirect URI
+        const redirectUri = `http://localhost:${serverPort}/oauth/callback`;
+        const url = new URL(GOOGLE_AUTH_URL);
+        url.searchParams.set('client_id', GOOGLE_OAUTH_CLIENT_ID);
+        url.searchParams.set('redirect_uri', redirectUri);
+        url.searchParams.set('response_type', 'code');
+        url.searchParams.set('scope', GOOGLE_OAUTH_SCOPES.join(' '));
+        url.searchParams.set('access_type', 'offline');
+        url.searchParams.set('code_challenge', pkce.challenge);
+        url.searchParams.set('code_challenge_method', 'S256');
+        url.searchParams.set('state', state);
+        url.searchParams.set('prompt', 'consent');
+
+        return {
+          url: url.toString(),
+          instructions:
+            'Your browser will open for authentication. Complete the login and return to the terminal.',
+          method: 'auto' as const,
+          async callback(): Promise<AuthResult> {
+            try {
+              const { code } = await authPromise;
+
+              // Exchange authorization code for tokens
+              const tokenResult = await fetch(GOOGLE_TOKEN_URL, {
+                method: 'POST',
+                headers: {
+                  'Content-Type': 'application/x-www-form-urlencoded',
+                },
+                body: new URLSearchParams({
+                  code: code,
+                  client_id: GOOGLE_OAUTH_CLIENT_ID,
+                  client_secret: GOOGLE_OAUTH_CLIENT_SECRET,
+                  redirect_uri: redirectUri,
+                  grant_type: 'authorization_code',
+                  code_verifier: pkce.verifier,
+                }),
+              });
+
+              if (!tokenResult.ok) {
+                log.error('google oauth token exchange failed', {
+                  status: tokenResult.status,
+                });
+                return { type: 'failed' };
+              }
+
+              const json = await tokenResult.json();
+              if (
+                !json.access_token ||
+                !json.refresh_token ||
+                typeof json.expires_in !== 'number'
+              ) {
+                log.error('google oauth token response missing fields');
+                return { type: 'failed' };
+              }
+
+              return {
+                type: 'success',
+                refresh: json.refresh_token,
+                access: json.access_token,
+                expires: Date.now() + json.expires_in * 1000,
+              };
+            } catch (error) {
+              log.error('google oauth failed', { error });
+              return { type: 'failed' };
+            }
+          },
+        };
+      },
+    },
+    {
+      label: 'Manually enter API Key',
+      type: 'api',
+    },
+  ],
+  async loader(getAuth, provider) {
+    const auth = await getAuth();
+    if (!auth || auth.type !== 'oauth') return {};
+
+    // Zero out cost for subscription users
+    if (provider?.models) {
+      for (const model of Object.values(provider.models)) {
+        (model as any).cost = {
+          input: 0,
+          output: 0,
+          cache: {
+            read: 0,
+            write: 0,
+          },
+        };
+      }
+    }
+
+    return {
+      apiKey: 'oauth-token-used-via-custom-fetch',
+      async fetch(input: RequestInfo | URL, init?: RequestInit) {
+        let currentAuth = await getAuth();
+        if (!currentAuth || currentAuth.type !== 'oauth')
+          return fetch(input, init);
+
+        // Refresh token if expired (with 5 minute buffer)
+        const FIVE_MIN_MS = 5 * 60 * 1000;
+        if (
+          !currentAuth.access ||
+          currentAuth.expires < Date.now() + FIVE_MIN_MS
+        ) {
+          log.info('refreshing google oauth token');
+          const response = await fetch(GOOGLE_TOKEN_URL, {
+            method: 'POST',
+            headers: {
+              'Content-Type': 'application/x-www-form-urlencoded',
+            },
+            body: new URLSearchParams({
+              client_id: GOOGLE_OAUTH_CLIENT_ID,
+              client_secret: GOOGLE_OAUTH_CLIENT_SECRET,
+              refresh_token: currentAuth.refresh,
+              grant_type: 'refresh_token',
+            }),
+          });
+
+          if (!response.ok) {
+            throw new Error(`Token refresh failed: ${response.status}`);
+          }
+
+          const json = await response.json();
+          await Auth.set('google', {
+            type: 'oauth',
+            // Google doesn't return a new refresh token on refresh
+            refresh: currentAuth.refresh,
+            access: json.access_token,
+            expires: Date.now() + json.expires_in * 1000,
+          });
+          currentAuth = {
+            type: 'oauth',
+            refresh: currentAuth.refresh,
+            access: json.access_token,
+            expires: Date.now() + json.expires_in * 1000,
+          };
+        }
+
+        // Google API uses Bearer token authentication
+        const headers: Record<string, string> = {
+          ...(init?.headers as Record<string, string>),
+          Authorization: `Bearer ${currentAuth.access}`,
+        };
+        // Remove any API key header if present since we're using OAuth
+        delete headers['x-goog-api-key'];
+
+        return fetch(input, {
+          ...init,
+          headers,
+        });
+      },
+    };
+  },
+};
+
 /**
  * Registry of all auth plugins
  */
@@ -839,6 +1114,7 @@ const plugins: Record<string, AuthPlugin> = {
   anthropic: AnthropicPlugin,
   'github-copilot': GitHubCopilotPlugin,
   openai: OpenAIPlugin,
+  google: GooglePlugin,
 };
 
 /**

package/src/bun/index.ts

@@ -4,6 +4,7 @@ import { Log } from '../util/log';
 import path from 'path';
 import { NamedError } from '../util/error';
 import { readableStreamToText } from 'bun';
+import { Flag } from '../flag/flag';
 
 export namespace BunProc {
   const log = Log.create({ service: 'bun' });
@@ -43,7 +44,10 @@ export namespace BunProc {
       stderr,
     });
     if (code !== 0) {
-      throw new Error(`Command failed with exit code ${result.exitCode}`);
+      const parts = [`Command failed with exit code ${result.exitCode}`];
+      if (stderr) parts.push(`stderr: ${stderr}`);
+      if (stdout) parts.push(`stdout: ${stdout}`);
+      throw new Error(parts.join('\n'));
     }
     return result;
   }
@@ -57,6 +61,7 @@ export namespace BunProc {
     z.object({
       pkg: z.string(),
       version: z.string(),
+      details: z.string().optional(),
     })
   );
 
@@ -70,6 +75,20 @@ export namespace BunProc {
     });
     if (parsed.dependencies[pkg] === version) return mod;
 
+    // Check for dry-run mode
+    if (Flag.OPENCODE_DRY_RUN) {
+      log.info(
+        '[DRY RUN] Would install package (skipping actual installation)',
+        {
+          pkg,
+          version,
+          targetPath: mod,
+        }
+      );
+      // In dry-run mode, pretend the package is installed
+      return mod;
+    }
+
     // Build command arguments
     const args = [
       'add',
@@ -92,13 +111,20 @@ export namespace BunProc {
     await BunProc.run(args, {
       cwd: Global.Path.cache,
     }).catch((e) => {
+      log.error('package installation failed', {
+        pkg,
+        version,
+        error: e instanceof Error ? e.message : String(e),
+        stack: e instanceof Error ? e.stack : undefined,
+      });
       throw new InstallFailedError(
-        { pkg, version },
+        { pkg, version, details: e instanceof Error ? e.message : String(e) },
         {
           cause: e,
         }
       );
     });
+    log.info('package installed successfully', { pkg, version });
     parsed.dependencies[pkg] = version;
     await Bun.write(pkgjson.name!, JSON.stringify(parsed, null, 2));
     return mod;

package/src/flag/flag.ts

@@ -22,11 +22,19 @@ export namespace Flag {
   // Verbose mode - enables detailed logging of API requests
   export let OPENCODE_VERBOSE = truthy('OPENCODE_VERBOSE');
 
+  // Dry run mode - simulate operations without making actual API calls or changes
+  export let OPENCODE_DRY_RUN = truthy('OPENCODE_DRY_RUN');
+
   // Allow setting verbose mode programmatically (e.g., from CLI --verbose flag)
   export function setVerbose(value: boolean) {
     OPENCODE_VERBOSE = value;
   }
 
+  // Allow setting dry run mode programmatically (e.g., from CLI --dry-run flag)
+  export function setDryRun(value: boolean) {
+    OPENCODE_DRY_RUN = value;
+  }
+
   function truthy(key: string) {
     const value = process.env[key]?.toLowerCase();
     return value === 'true' || value === '1';

package/src/global/index.ts

@@ -24,6 +24,7 @@ export namespace Global {
 
 await Promise.all([
   fs.mkdir(Global.Path.data, { recursive: true }),
+  fs.mkdir(Global.Path.cache, { recursive: true }),
   fs.mkdir(Global.Path.config, { recursive: true }),
   fs.mkdir(Global.Path.state, { recursive: true }),
   fs.mkdir(Global.Path.log, { recursive: true }),

package/src/index.js

@@ -110,6 +110,13 @@ async function runAgentMode(argv) {
     console.error(`Script path: ${import.meta.path}`);
   }
 
+  // Log dry-run mode if enabled
+  if (Flag.OPENCODE_DRY_RUN) {
+    console.error(
+      `[DRY RUN MODE] No actual API calls or package installations will be made`
+    );
+  }
+
   // Parse model argument (handle model IDs with slashes like groq/qwen/qwen3-32b)
   const modelParts = argv.model.split('/');
   let providerID = modelParts[0] || 'opencode';
@@ -574,6 +581,12 @@ async function main() {
           'Enable verbose mode to debug API requests (shows system prompt, token counts, etc.)',
         default: false,
       })
+      .option('dry-run', {
+        type: 'boolean',
+        description:
+          'Simulate operations without making actual API calls or package installations (useful for testing)',
+        default: false,
+      })
       .option('use-existing-claude-oauth', {
         type: 'boolean',
         description:
@@ -588,6 +601,11 @@ async function main() {
           Flag.setVerbose(true);
         }
 
+        // Set dry-run flag if requested
+        if (argv['dry-run']) {
+          Flag.setDryRun(true);
+        }
+
         // Initialize logging system
         // - If verbose: print logs to stderr for debugging
         // - Otherwise: write logs to file to keep CLI output clean

package/src/provider/provider.ts

@@ -319,6 +319,33 @@ export namespace Provider {
         options: {},
       };
     },
+    /**
+     * Google OAuth provider for Gemini subscription users
+     * Uses OAuth credentials from agent auth login (Google AI Pro/Ultra)
+     *
+     * To authenticate, run: agent auth google
+     */
+    google: async (input) => {
+      const auth = await Auth.get('google');
+      if (auth?.type === 'oauth') {
+        log.info('using google oauth credentials');
+        const loaderFn = await AuthPlugins.getLoader('google');
+        if (loaderFn) {
+          const result = await loaderFn(() => Auth.get('google'), input);
+          if (result.fetch) {
+            return {
+              autoload: true,
+              options: {
+                apiKey: result.apiKey || '',
+                fetch: result.fetch,
+              },
+            };
+          }
+        }
+      }
+      // Default: API key auth (no OAuth credentials found)
+      return { autoload: false };
+    },
     /**
      * GitHub Copilot OAuth provider
      * Uses OAuth credentials from agent auth login
@@ -694,7 +721,17 @@ export namespace Provider {
 
       let installedPath: string;
       if (!pkg.startsWith('file://')) {
+        log.info('installing provider package', {
+          providerID: provider.id,
+          pkg,
+          version: 'latest',
+        });
         installedPath = await BunProc.install(pkg, 'latest');
+        log.info('provider package installed successfully', {
+          providerID: provider.id,
+          pkg,
+          installedPath,
+        });
       } else {
         log.info('loading local provider', { pkg });
         installedPath = pkg;
@@ -742,6 +779,13 @@ export namespace Provider {
       s.sdk.set(key, loaded);
       return loaded as SDK;
     })().catch((e) => {
+      log.error('provider initialization failed', {
+        providerID: provider.id,
+        pkg: model.provider?.npm ?? provider.npm ?? provider.id,
+        error: e instanceof Error ? e.message : String(e),
+        stack: e instanceof Error ? e.stack : undefined,
+        cause: e instanceof Error && e.cause ? String(e.cause) : undefined,
+      });
       throw new InitError({ providerID: provider.id }, { cause: e });
     });
   }