@ngotrnghia1811/opencode-windsurf-auth 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 nghiango
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,105 @@
+# opencode-windsurf-auth
+
+OpenCode plugin providing a **Level-2 Connect-RPC provider** for Windsurf/Cascade
+models (Claude, GPT, Gemini, Grok, DeepSeek, and more) via the **Devin CLI**
+credentials flow.
+
+> **Warning:** This plugin comes with no guarantees. You might be banned for
+> breaking the Windsurf/Devin Terms of Service. Use at your own risk.
+
+## What This Plugin Does
+
+1. Reads the Windsurf JWT from `~/.local/share/devin/credentials.toml`
+   (stored by the Devin CLI after `devin /login`).
+2. Authenticates against Codeium's HTTP/2 Connect-RPC endpoint
+   (`server.codeium.com/exa.api_server_pb.ApiServerService/GetChatMessage`).
+3. Provides a full `LanguageModelV3` implementation (`createWindsurf`) so
+   opencode can use Windsurf models through its standard provider SDK.
+4. Registers ~130+ models (Claude Opus/Sonnet/Haiku, GPT-5.x, Gemini 3.x,
+   Grok, DeepSeek, Kimi, GLM, MiniMax, SWE, and Windsurf-native models).
+
+## Prerequisites
+
+- **[Devin CLI](https://devin.ai)** installed and authenticated:
+  ```bash
+  devin /login
+  ```
+- **[mitmproxy](https://mitmproxy.org/)** (specifically `mitmdump`) for
+  the thinking-proxy fallback path. Install via pip/brew:
+  ```bash
+  pip install mitmproxy
+  ```
+- **[Bun](https://bun.sh)** >= 1.3.14
+- **[OpenCode](https://github.com/anomalyco/opencode)** with plugin support
+
+## Configuration
+
+Add the plugin to your `opencode.json`:
+
+```json
+{
+  "plugin": ["file:///path/to/opencode-windsurf-auth/dist/index.js"]
+}
+```
+
+Or for npm (once published):
+
+```json
+{
+  "plugin": ["opencode-windsurf-auth"]
+}
+```
+
+## Provider Registration
+
+The provider SDK uses the `providerID` `windsurf-devin-provider`. The model
+entries in `models.ts` expose `api.npm` pointing to this package (via `file://`
+for local dev, or the package name for published use).
+
+The package exports both:
+- **`createWindsurf`** (named) — consumed by the provider SDK loader's
+  `create*` key scan.
+- **default export (V1 plugin)** — `{ id: "windsurf-auth", server: WindsurfPlugin }`
+  consumed by the plugin loader's `readV1Plugin` path.
+
+These two consumers look at different slots on the module namespace and do
+not conflict.
+
+## Architecture
+
+```
+src/
+├── index.ts              # Entry point: createWindsurf + V1 plugin default
+├── windsurf-provider.ts  # LanguageModelV3 impl (doGenerate / doStream)
+├── chat-client.ts        # HTTP/2 Connect-RPC streaming client
+├── chat-request.ts       # Protobuf GetChatMessageRequest encoder
+├── proto.ts              # Low-level varint/field/Connect-frame helpers
+├── credentials.ts        # JWT loader from Devin CLI credentials.toml
+├── models.ts             # ~130+ model definitions
+└── thinking-proxy.ts     # mitmproxy-based fallback for reasoning/thinking
+```
+
+### Transport
+
+- **Primary path**: Direct HTTP/2 to `server.codeium.com` via Bun's
+  built-in ALPN-aware `fetch()`.
+- **Fallback path** (thinking-aware): `thinking-proxy.ts` spawns
+  `mitmdump` + `devin -p` and tails a JSONLines sink.
+
+## Development
+
+```bash
+bun install
+bun typecheck       # type-check the source
+bun run build       # compile to dist/
+bun test            # run unit tests
+bun run dev         # build + symlink into .opencode/plugins/ + watch
+```
+
+The `bun run dev` script creates a symlink at
+`.opencode/plugins/windsurf-auth.js` → `dist/index.js` so opencode can
+load the plugin via `file://` while you iterate.
+
+## License
+
+MIT

package/dist/__tests__/models.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/__tests__/models.test.js

@@ -0,0 +1,38 @@
+import { describe, expect, test } from "bun:test";
+import { WINDSURF_MODELS } from "../models";
+describe("WINDSURF_MODELS", () => {
+    test("record is non-empty", () => {
+        const entries = Object.entries(WINDSURF_MODELS);
+        expect(entries.length).toBeGreaterThan(0);
+    });
+    test("every model has id starting with windsurf/", () => {
+        for (const model of Object.values(WINDSURF_MODELS)) {
+            expect(model.id.startsWith("windsurf/")).toBe(true);
+        }
+    });
+    test("every model has api.npm containing windsurf-auth", () => {
+        for (const [_, model] of Object.entries(WINDSURF_MODELS)) {
+            expect(model.api.npm).toBeString();
+            expect(model.api.npm.includes("windsurf-auth")).toBe(true);
+        }
+    });
+    test("every model has a non-empty api.id", () => {
+        for (const model of Object.values(WINDSURF_MODELS)) {
+            expect(model.api.id.length).toBeGreaterThan(0);
+        }
+    });
+    test("summary", () => {
+        const entries = Object.entries(WINDSURF_MODELS);
+        const counts = {};
+        for (const [, model] of entries) {
+            const prefix = model.id.split("/")[1]?.split("-")[0] ?? "unknown";
+            counts[prefix] = (counts[prefix] ?? 0) + 1;
+        }
+        console.log(`\nTotal models: ${entries.length}`);
+        console.log("By id prefix:");
+        for (const [prefix, count] of Object.entries(counts).sort(([, a], [, b]) => b - a)) {
+            console.log(`  ${prefix}: ${count}`);
+        }
+        expect(entries.length).toBeGreaterThan(100);
+    });
+});

package/dist/chat-client.d.ts

@@ -0,0 +1,23 @@
+export type ResponseEvent = {
+    type: "text";
+    delta: string;
+} | {
+    type: "reasoning";
+    delta: string;
+} | {
+    type: "tool-call-start";
+    id: string;
+    name: string;
+} | {
+    type: "tool-call-delta";
+    id: string;
+    argsChunk: string;
+} | {
+    type: "finish";
+    model?: string;
+    inputTokens?: number;
+    outputTokens?: number;
+    msgId?: string;
+    stopReason?: number;
+};
+export declare function streamGetChatMessage(requestBody: Uint8Array, signal?: AbortSignal): AsyncGenerator<ResponseEvent>;

package/dist/chat-client.js

@@ -0,0 +1,329 @@
+// chat-client.ts — HTTP/2 Connect-RPC streaming client for Windsurf GetChatMessage
+//
+// Transport: Bun fetch with HTTPS (auto-negotiates HTTP/2 via ALPN).
+// Bun's fetch supports streaming response bodies via response.body.getReader().
+// This is the preferred approach over node:http2 because:
+//   1. Bun fetch negotiates HTTP/2 automatically for HTTPS URLs
+//   2. It provides a clean ReadableStream API for reading response bytes
+//   3. No manual ALPN / TLS configuration needed
+// Verified: earlier Python replay experiments used raw h2 connection and
+// confirmed the server accepts HTTP/2 with Connect-RPC content-type.
+//
+// Response field map from:
+//   opencode-windsurf-auth/research/connect_decode.py
+//   GetChatMessageResponse: f3=delta_text, f9=delta_thinking, f5=stop_reason,
+//     f10+f21=="anthropic"=signature frame, f7=stats sub-msg
+import { parseConnectFrames, CONNECT_FLAG_EOS } from "./proto";
+const ENDPOINT = "https://server.codeium.com/exa.api_server_pb.ApiServerService/GetChatMessage";
+// ---------------------------------------------------------------------------
+// Low-level protobuf field walking (mirrors connect_decode.py)
+// ---------------------------------------------------------------------------
+function parseVarint(buf, offset) {
+    let result = 0;
+    let shift = 0;
+    while (true) {
+        const byte = buf[offset];
+        offset++;
+        result |= (byte & 0x7f) << shift;
+        if (!(byte & 0x80))
+            break;
+        shift += 7;
+    }
+    return [result, offset];
+}
+function walkFields(body) {
+    const fields = [];
+    let i = 0;
+    while (i < body.byteLength) {
+        const [tag, newI] = parseVarint(body, i);
+        i = newI;
+        const field = tag >> 3;
+        const wire = tag & 7;
+        if (wire === 0) {
+            const [v, ni] = parseVarint(body, i);
+            i = ni;
+            fields.push({ field, wire, value: v });
+        }
+        else if (wire === 2) {
+            const [ln, ni] = parseVarint(body, i);
+            i = ni;
+            const val = body.slice(i, i + ln);
+            i += ln;
+            fields.push({ field, wire, value: val });
+        }
+        else if (wire === 1) {
+            i += 8;
+            fields.push({ field, wire, value: 0 });
+        }
+        else if (wire === 5) {
+            i += 4;
+            fields.push({ field, wire, value: 0 });
+        }
+        else {
+            break;
+        }
+    }
+    return fields;
+}
+function fieldDict(body) {
+    const m = new Map();
+    for (const f of walkFields(body)) {
+        m.set(f.field, f.value);
+    }
+    return m;
+}
+function extractString(body, fieldNum) {
+    for (const f of walkFields(body)) {
+        if (f.field !== fieldNum || f.wire !== 2)
+            continue;
+        const val = f.value;
+        if (!(val instanceof Uint8Array))
+            continue;
+        try {
+            return new TextDecoder("utf-8", { fatal: true }).decode(val);
+        }
+        catch {
+            // try nested
+            for (const sf of walkFields(val)) {
+                if (sf.wire !== 2 || !(sf.value instanceof Uint8Array))
+                    continue;
+                try {
+                    return new TextDecoder("utf-8", { fatal: true }).decode(sf.value);
+                }
+                catch { }
+            }
+        }
+    }
+    return null;
+}
+function isSignatureFrame(body) {
+    const fd = fieldDict(body);
+    const f21 = fd.get(21);
+    if (f21 instanceof Uint8Array) {
+        try {
+            if (new TextDecoder().decode(f21) === "anthropic")
+                return true;
+        }
+        catch { }
+    }
+    return false;
+}
+function getStopReason(body) {
+    const f5 = fieldDict(body).get(5);
+    if (typeof f5 === "number")
+        return f5;
+    return null;
+}
+function extractToolCall(body) {
+    const f6 = fieldDict(body).get(6);
+    if (!(f6 instanceof Uint8Array))
+        return null;
+    const sf = fieldDict(f6);
+    const result = {};
+    const f1 = sf.get(1);
+    if (f1 instanceof Uint8Array) {
+        try {
+            result.id = new TextDecoder().decode(f1);
+        }
+        catch { }
+    }
+    const f2 = sf.get(2);
+    if (f2 instanceof Uint8Array) {
+        try {
+            result.name = new TextDecoder().decode(f2);
+        }
+        catch { }
+    }
+    const f3 = sf.get(3);
+    if (f3 instanceof Uint8Array) {
+        try {
+            result.argsChunk = new TextDecoder().decode(f3);
+        }
+        catch { }
+    }
+    if (result.id || result.name || result.argsChunk)
+        return result;
+    return null;
+}
+function extractStats(body) {
+    const fd = fieldDict(body);
+    const f7 = fd.get(7);
+    if (!(f7 instanceof Uint8Array))
+        return null;
+    const sf = fieldDict(f7);
+    const result = {};
+    const modelBytes = sf.get(9);
+    if (modelBytes instanceof Uint8Array) {
+        try {
+            result.model = new TextDecoder().decode(modelBytes);
+        }
+        catch { }
+    }
+    const inputF4 = sf.get(4);
+    const inputF3 = sf.get(3);
+    if (typeof inputF4 === "number") {
+        result.inputTokens = inputF4;
+        if (typeof inputF3 === "number")
+            result.cacheCreationInputTokens = inputF3;
+    }
+    else if (typeof inputF3 === "number") {
+        result.inputTokens = inputF3;
+    }
+    const outputTokens = sf.get(5);
+    if (typeof outputTokens === "number")
+        result.outputTokens = outputTokens;
+    const msgIdBytes = sf.get(7);
+    if (msgIdBytes instanceof Uint8Array) {
+        try {
+            result.msgId = new TextDecoder().decode(msgIdBytes);
+        }
+        catch { }
+    }
+    return Object.keys(result).length > 0 ? result : null;
+}
+function freshDecodeState() {
+    return { currentToolCallId: null, emittedFinish: false };
+}
+function mergeStats(state, stats) {
+    if (!stats)
+        return state;
+    const result = { ...state };
+    if (stats.model !== undefined)
+        result.model = stats.model;
+    if (stats.inputTokens !== undefined)
+        result.inputTokens = stats.inputTokens;
+    if (stats.outputTokens !== undefined)
+        result.outputTokens = stats.outputTokens;
+    if (stats.msgId !== undefined)
+        result.msgId = stats.msgId;
+    return result;
+}
+function buildFinishEvent(state, stopReason) {
+    return {
+        type: "finish",
+        model: state.model,
+        inputTokens: state.inputTokens,
+        outputTokens: state.outputTokens,
+        msgId: state.msgId,
+        stopReason,
+    };
+}
+function decodeFrame(body, state) {
+    // signature frame: skip (redacted thinking → answer boundary)
+    if (isSignatureFrame(body))
+        return { event: null, state };
+    // tool call sub-message f6
+    const toolCall = extractToolCall(body);
+    if (toolCall) {
+        // frame with f6.f1+f2 (id+name): start of a new tool call
+        if (toolCall.id) {
+            const newState = { ...state, currentToolCallId: toolCall.id };
+            if (toolCall.name) {
+                return { event: { type: "tool-call-start", id: toolCall.id, name: toolCall.name }, state: newState };
+            }
+            // id-only f6 frame: update tracking id, check for args chunk too
+            if (toolCall.argsChunk) {
+                return { event: { type: "tool-call-delta", id: toolCall.id, argsChunk: toolCall.argsChunk }, state: newState };
+            }
+            return { event: null, state: newState };
+        }
+        // frame with f6.f3 only (args delta): use the tracked current tool call id
+        if (toolCall.argsChunk) {
+            const id = state.currentToolCallId ?? "0";
+            return { event: { type: "tool-call-delta", id, argsChunk: toolCall.argsChunk }, state };
+        }
+        return { event: null, state };
+    }
+    // stop frame: any stop_reason from f5 (4=end_turn, 10=tool_use)
+    const stopReason = getStopReason(body);
+    if (stopReason !== null) {
+        // accumulate any stats in this frame too, then emit the single terminal finish
+        const stats = extractStats(body);
+        const finalState = mergeStats(mergeStats(state, stats), null);
+        return {
+            event: buildFinishEvent(finalState, stopReason),
+            state: { ...finalState, emittedFinish: true },
+        };
+    }
+    // text / reasoning / stats-only frames — accumulate stats silently, never emit finish
+    let newState = state;
+    const stats = extractStats(body);
+    if (stats)
+        newState = mergeStats(newState, stats);
+    const deltaThinking = extractString(body, 9);
+    if (deltaThinking !== null) {
+        return { event: { type: "reasoning", delta: deltaThinking }, state: newState };
+    }
+    const deltaText = extractString(body, 3);
+    if (deltaText !== null) {
+        return { event: { type: "text", delta: deltaText }, state: newState };
+    }
+    // stats-only frame (no delta, no stop, no tool-call) — already accumulated above
+    return { event: null, state: newState };
+}
+// ---------------------------------------------------------------------------
+// Main streaming client
+// ---------------------------------------------------------------------------
+export async function* streamGetChatMessage(requestBody, signal) {
+    const resp = await fetch(ENDPOINT, {
+        method: "POST",
+        headers: {
+            "content-type": "application/connect+proto",
+            "connect-protocol-version": "1",
+        },
+        body: Buffer.from(requestBody),
+        signal,
+    });
+    if (!resp.ok) {
+        const errText = await resp.text().catch(() => "");
+        throw new Error(`GetChatMessage HTTP ${resp.status}: ${errText.slice(0, 500)}`);
+    }
+    const reader = resp.body?.getReader();
+    if (!reader)
+        throw new Error("Response body is not readable");
+    let buffer = new Uint8Array(0);
+    let decodeState = freshDecodeState();
+    try {
+        while (true) {
+            if (signal?.aborted)
+                break;
+            const { done, value } = await reader.read();
+            if (done)
+                break;
+            // Append to buffer
+            if (value) {
+                const newBuf = new Uint8Array(buffer.byteLength + value.byteLength);
+                newBuf.set(buffer);
+                newBuf.set(value, buffer.byteLength);
+                buffer = newBuf;
+            }
+            // Parse all complete frames from buffer
+            let remaining = buffer;
+            const frames = parseConnectFrames(remaining);
+            if (frames.length === 0)
+                continue;
+            // Calculate consumed bytes
+            let consumed = 0;
+            for (const frame of frames) {
+                consumed += 5 + frame.body.byteLength;
+            }
+            buffer = buffer.slice(consumed);
+            for (const frame of frames) {
+                if (frame.flag & CONNECT_FLAG_EOS)
+                    continue; // skip EOS/trailer frame
+                const { event, state: newState } = decodeFrame(frame.body, decodeState);
+                decodeState = newState;
+                if (event)
+                    yield event;
+            }
+        }
+    }
+    finally {
+        reader.releaseLock();
+    }
+    // Terminal — if the stream ended (EOS) without an explicit stop_reason frame,
+    // emit exactly one finish with accumulated stats.
+    if (!decodeState.emittedFinish) {
+        yield buildFinishEvent(decodeState);
+    }
+}

package/dist/chat-request.d.ts

@@ -0,0 +1,24 @@
+export interface GetChatMessageInput {
+    jwt: string;
+    systemPrompt: string;
+    messages: Array<{
+        role: number;
+        content?: string;
+        toolCall?: {
+            id: string;
+            name: string;
+            argumentsJson: string;
+        };
+        toolResult?: {
+            toolCallId: string;
+        };
+    }>;
+    tools: Array<{
+        name: string;
+        description: string;
+        parametersJsonSchema: string;
+    }>;
+    modelId: string;
+    sessionId?: string;
+}
+export declare function encodeGetChatMessageRequest(input: GetChatMessageInput): Uint8Array;

package/dist/chat-request.js

@@ -0,0 +1,118 @@
+// chat-request.ts — encode GetChatMessageRequest protobuf + Connect framing
+//
+// Field map from:
+//   opencode-windsurf-auth/research/GETCHATMESSAGE_REQUEST_PROTO.md
+//   opencode-windsurf-auth/research/decode_request.py
+//
+// Validation: the output of encodeGetChatMessageRequest can be round-trip
+// decoded with decode_request.py to verify field counts and structure.
+import { encodeConnectFrame, encodeFixed64Field, encodeMessageField, encodeStringField, encodeVarintField, } from "./proto";
+function uuid() {
+    return crypto.randomUUID();
+}
+function concat(...arrays) {
+    const total = arrays.reduce((s, a) => s + a.byteLength, 0);
+    const result = new Uint8Array(total);
+    let offset = 0;
+    for (const a of arrays) {
+        result.set(a, offset);
+        offset += a.byteLength;
+    }
+    return result;
+}
+// ---------------------------------------------------------------------------
+// Sub-message builders
+// ---------------------------------------------------------------------------
+/** Build the client_info sub-message (f1). */
+function encodeClientInfo(jwt) {
+    return concat(encodeStringField(1, "chisel"), // f1: client_name
+    encodeStringField(2, "2026.5.26-2"), // f2: client_version
+    encodeStringField(3, `devin-session-token$${jwt}`), // f3: jwt_token
+    encodeStringField(4, "en"), // f4: locale
+    encodeStringField(5, "mac"), // f5: platform
+    encodeStringField(7, "2026.5.26-2"), // f7: client_version_2
+    encodeStringField(12, "chisel"));
+}
+/** Build the ChatToolCall sub-message used in f6 of role=2 messages and on the response side.
+ *  Fields: f1=tool_call_id, f2=tool_name, f3=arguments_json. */
+function encodeChatToolCall(tc) {
+    return concat(encodeStringField(1, tc.id), encodeStringField(2, tc.name), encodeStringField(3, tc.argumentsJson));
+}
+/** Build one message entry (f3 repeated).
+ *  Role 1 (user):         f1=msg_id, f2=1, f3=content_text
+ *  Role 2 (assistant):    f1=msg_id, f2=2, [f3=content_text if non-empty,] f6=ChatToolCall
+ *  Role 4 (tool_result):  f1=msg_id, f2=4, f3=content_text, f7=tool_call_id
+ *  Default (role||1):     same as role=1 for backward compatibility. */
+function encodeMessage(m) {
+    const msgId = uuid();
+    const role = m.role || 1;
+    if (role === 2) {
+        const parts = [
+            encodeStringField(1, msgId),
+            encodeVarintField(2, 2),
+        ];
+        if (m.content)
+            parts.push(encodeStringField(3, m.content));
+        if (m.toolCall)
+            parts.push(encodeMessageField(6, encodeChatToolCall(m.toolCall)));
+        return concat(...parts);
+    }
+    if (role === 4) {
+        return concat(encodeStringField(1, msgId), encodeVarintField(2, 4), encodeStringField(3, m.content ?? ""), encodeStringField(7, m.toolResult?.toolCallId ?? ""));
+    }
+    // role=1 (user) — default path
+    return concat(encodeStringField(1, msgId), encodeVarintField(2, role), encodeStringField(3, m.content ?? ""));
+}
+/** Build one tool entry (f10 repeated). */
+function encodeTool(name, description, parametersJsonSchema) {
+    return concat(encodeStringField(1, name), encodeStringField(2, description), encodeStringField(3, parametersJsonSchema));
+}
+/** Build the model_params sub-message (f8). */
+function encodeModelParams() {
+    return concat(encodeVarintField(1, 1), // f1: unk1 (=1)
+    encodeVarintField(2, 128000), // f2: max_context_tokens
+    encodeVarintField(3, 400), // f3: max_output_tokens
+    encodeFixed64Field(5, 1.0), // f5: temperature
+    encodeVarintField(7, 40), // f7: top_k
+    encodeFixed64Field(8, 0.95));
+}
+/** Build the unk15 sub-message (f15).
+ *
+ * Matches the known-good title-gen capture shape: {f1:uuid, f2:1, f3:4}.
+ * The main-chat captures additionally carry f4 (a think-budget value) but the
+ * minimal title-gen request — proven to be accepted by the server — omits it.
+ * We mirror the minimal known-good shape to maximise acceptance. */
+function encodeUnk15() {
+    return concat(encodeStringField(1, uuid()), // f1: uuid (per-request)
+    encodeVarintField(2, 1), // f2: unk2
+    encodeVarintField(3, 4));
+}
+// ---------------------------------------------------------------------------
+// Main encoder
+// ---------------------------------------------------------------------------
+export function encodeGetChatMessageRequest(input) {
+    const sessionId = input.sessionId ?? uuid();
+    const body = concat(
+    // f1: client_info
+    encodeMessageField(1, encodeClientInfo(input.jwt)), 
+    // f2: system_prompt
+    encodeStringField(2, input.systemPrompt), 
+    // f3: messages[] (repeated). Role 1=user, 2=assistant (with optional
+    // ChatToolCall in f6), 4=tool_result (with tool_call_id in f7).
+    ...input.messages.map((m) => encodeMessageField(3, encodeMessage(m))), 
+    // f7: unk7 = 5
+    encodeVarintField(7, 5), 
+    // f8: model_params
+    encodeMessageField(8, encodeModelParams()), 
+    // f10: tools[] (repeated)
+    ...input.tools.map((t) => encodeMessageField(10, encodeTool(t.name, t.description, t.parametersJsonSchema))), 
+    // f15: unk15
+    encodeMessageField(15, encodeUnk15()), 
+    // f16: session_id
+    encodeStringField(16, sessionId), 
+    // f20: unk20 = 1
+    encodeVarintField(20, 1), 
+    // f21: model_id
+    encodeStringField(21, input.modelId));
+    return encodeConnectFrame(body);
+}

package/dist/credentials.d.ts

@@ -0,0 +1 @@
+export declare function loadWindsurfJwt(): Promise<string | null>;