npm - @oh-my-pi/pi-ai - Versions diffs - 6.7.670 → 6.8.1 - Mend

@oh-my-pi/pi-ai 6.7.670 → 6.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (17) hide show

package/README.md +31 -31
package/package.json +2 -1
package/src/cli.ts +126 -52
package/src/providers/google-gemini-cli.ts +4 -20
package/src/providers/openai-codex/response-handler.ts +4 -43
package/src/providers/openai-codex-responses.ts +3 -2
package/src/storage.ts +185 -0
package/src/utils/event-stream.ts +3 -3
package/src/utils/oauth/anthropic.ts +73 -97
package/src/utils/oauth/callback-server.ts +247 -0
package/src/utils/oauth/cursor.ts +7 -7
package/src/utils/oauth/github-copilot.ts +1 -23
package/src/utils/oauth/google-antigravity.ts +73 -263
package/src/utils/oauth/google-gemini-cli.ts +73 -281
package/src/utils/oauth/oauth.html +199 -0
package/src/utils/oauth/openai-codex.ts +108 -329
package/src/utils/oauth/types.ts +8 -0

package/src/utils/oauth/github-copilot.ts CHANGED Viewed

@@ -2,6 +2,7 @@
  * GitHub Copilot OAuth flow
  */
+import { abortableSleep } from "@oh-my-pi/pi-utils";
 import { getModels } from "../../models";
 import type { OAuthCredentials } from "./types";
@@ -136,29 +137,6 @@ async function startDeviceFlow(domain: string): Promise<DeviceCodeResponse> {
 	};
 }
-/**
- * Sleep that can be interrupted by an AbortSignal
- */
-function abortableSleep(ms: number, signal?: AbortSignal): Promise<void> {
-	return new Promise((resolve, reject) => {
-		if (signal?.aborted) {
-			reject(new Error("Login cancelled"));
-			return;
-		}
-		const timeout = setTimeout(resolve, ms);
-		signal?.addEventListener(
-			"abort",
-			() => {
-				clearTimeout(timeout);
-				reject(new Error("Login cancelled"));
-			},
-			{ once: true },
-		);
-	});
-}
 async function pollForGitHubAccessToken(
 	domain: string,
 	deviceCode: string,

package/src/utils/oauth/google-antigravity.ts CHANGED Viewed

@@ -1,24 +1,20 @@
 /**
  * Antigravity OAuth flow (Gemini 3, Claude, GPT-OSS via Google Cloud)
  * Uses different OAuth credentials than google-gemini-cli for access to additional models.
- *
- * NOTE: This module uses Node.js http.createServer for the OAuth callback.
- * It is only intended for CLI use, not browser environments.
  */
-import type { Server } from "http";
+import { OAuthCallbackFlow } from "./callback-server";
 import { generatePKCE } from "./pkce";
-import type { OAuthCredentials } from "./types";
+import type { OAuthController, OAuthCredentials } from "./types";
-// Antigravity OAuth credentials (different from Gemini CLI)
 const decode = (s: string) => atob(s);
 const CLIENT_ID = decode(
 	"MTA3MTAwNjA2MDU5MS10bWhzc2luMmgyMWxjcmUyMzV2dG9sb2poNGc0MDNlcC5hcHBzLmdvb2dsZXVzZXJjb250ZW50LmNvbQ==",
 );
 const CLIENT_SECRET = decode("R09DU1BYLUs1OEZXUjQ4NkxkTEoxbUxCOHNYQzR6NnFEQWY=");
-const REDIRECT_URI = "http://localhost:51121/oauth-callback";
+const CALLBACK_PORT = 51121;
+const CALLBACK_PATH = "/oauth-callback";
-// Antigravity requires additional scopes
 const SCOPES = [
 	"https://www.googleapis.com/auth/cloud-platform",
 	"https://www.googleapis.com/auth/userinfo.email",
@@ -29,110 +25,14 @@ const SCOPES = [
 const AUTH_URL = "https://accounts.google.com/o/oauth2/v2/auth";
 const TOKEN_URL = "https://oauth2.googleapis.com/token";
-// Fallback project ID when discovery fails
 const DEFAULT_PROJECT_ID = "rising-fact-p41fc";
-type CallbackServerInfo = {
-	server: Server;
-	cancelWait: () => void;
-	waitForCode: () => Promise<{ code: string; state: string } | null>;
-};
-/**
- * Start a local HTTP server to receive the OAuth callback
- */
-async function startCallbackServer(): Promise<CallbackServerInfo> {
-	const { createServer } = await import("http");
-	return new Promise((resolve, reject) => {
-		let result: { code: string; state: string } | null = null;
-		let cancelled = false;
-		const server = createServer((req, res) => {
-			const url = new URL(req.url || "", `http://localhost:51121`);
-			if (url.pathname === "/oauth-callback") {
-				const code = url.searchParams.get("code");
-				const state = url.searchParams.get("state");
-				const error = url.searchParams.get("error");
-				if (error) {
-					res.writeHead(400, { "Content-Type": "text/html" });
-					res.end(
-						`<html><body><h1>Authentication Failed</h1><p>Error: ${error}</p><p>You can close this window.</p></body></html>`,
-					);
-					return;
-				}
-				if (code && state) {
-					res.writeHead(200, { "Content-Type": "text/html" });
-					res.end(
-						`<html><body><h1>Authentication Successful</h1><p>You can close this window and return to the terminal.</p></body></html>`,
-					);
-					result = { code, state };
-				} else {
-					res.writeHead(400, { "Content-Type": "text/html" });
-					res.end(
-						`<html><body><h1>Authentication Failed</h1><p>Missing code or state parameter.</p></body></html>`,
-					);
-				}
-			} else {
-				res.writeHead(404);
-				res.end();
-			}
-		});
-		server.on("error", (err) => {
-			reject(err);
-		});
-		server.listen(51121, "127.0.0.1", () => {
-			resolve({
-				server,
-				cancelWait: () => {
-					cancelled = true;
-				},
-				waitForCode: async () => {
-					const sleep = () => new Promise((r) => setTimeout(r, 100));
-					while (!result && !cancelled) {
-						await sleep();
-					}
-					return result;
-				},
-			});
-		});
-	});
-}
-/**
- * Parse redirect URL to extract code and state
- */
-function parseRedirectUrl(input: string): { code?: string; state?: string } {
-	const value = input.trim();
-	if (!value) return {};
-	try {
-		const url = new URL(value);
-		return {
-			code: url.searchParams.get("code") ?? undefined,
-			state: url.searchParams.get("state") ?? undefined,
-		};
-	} catch {
-		// Not a URL, return empty
-		return {};
-	}
-}
 interface LoadCodeAssistPayload {
 	cloudaicompanionProject?: string | { id?: string };
 	currentTier?: { id?: string };
 	allowedTiers?: Array<{ id?: string; isDefault?: boolean }>;
 }
-/**
- * Discover or provision a project for the user
- */
 async function discoverProject(accessToken: string, onProgress?: (message: string) => void): Promise<string> {
 	const headers = {
 		Authorization: `Bearer ${accessToken}`,
@@ -146,7 +46,6 @@ async function discoverProject(accessToken: string, onProgress?: (message: strin
 		}),
 	};
-	// Try endpoints in order: prod first, then sandbox
 	const endpoints = ["https://cloudcode-pa.googleapis.com", "https://daily-cloudcode-pa.sandbox.googleapis.com"];
 	onProgress?.("Checking for existing project...");
@@ -168,7 +67,6 @@ async function discoverProject(accessToken: string, onProgress?: (message: strin
 			if (loadResponse.ok) {
 				const data = (await loadResponse.json()) as LoadCodeAssistPayload;
-				// Handle both string and object formats
 				if (typeof data.cloudaicompanionProject === "string" && data.cloudaicompanionProject) {
 					return data.cloudaicompanionProject;
 				}
@@ -185,20 +83,14 @@ async function discoverProject(accessToken: string, onProgress?: (message: strin
 		}
 	}
-	// Use fallback project ID
 	onProgress?.("Using default project...");
 	return DEFAULT_PROJECT_ID;
 }
-/**
- * Get user email from the access token
- */
 async function getUserEmail(accessToken: string): Promise<string | undefined> {
 	try {
 		const response = await fetch("https://www.googleapis.com/oauth2/v1/userinfo?alt=json", {
-			headers: {
-				Authorization: `Bearer ${accessToken}`,
-			},
+			headers: { Authorization: `Bearer ${accessToken}` },
 		});
 		if (response.ok) {
@@ -211,165 +103,51 @@ async function getUserEmail(accessToken: string): Promise<string | undefined> {
 	return undefined;
 }
-/**
- * Refresh Antigravity token
- */
-export async function refreshAntigravityToken(refreshToken: string, projectId: string): Promise<OAuthCredentials> {
-	const response = await fetch(TOKEN_URL, {
-		method: "POST",
-		headers: { "Content-Type": "application/x-www-form-urlencoded" },
-		body: new URLSearchParams({
-			client_id: CLIENT_ID,
-			client_secret: CLIENT_SECRET,
-			refresh_token: refreshToken,
-			grant_type: "refresh_token",
-		}),
-	});
+class AntigravityOAuthFlow extends OAuthCallbackFlow {
+	private verifier: string = "";
+	private challenge: string = "";
-	if (!response.ok) {
-		const error = await response.text();
-		throw new Error(`Antigravity token refresh failed: ${error}`);
+	constructor(ctrl: OAuthController) {
+		super(ctrl, CALLBACK_PORT, CALLBACK_PATH);
 	}
-	const data = (await response.json()) as {
-		access_token: string;
-		expires_in: number;
-		refresh_token?: string;
-	};
-	return {
-		refresh: data.refresh_token || refreshToken,
-		access: data.access_token,
-		expires: Date.now() + data.expires_in * 1000 - 5 * 60 * 1000,
-		projectId,
-	};
-}
+	protected async generateAuthUrl(
+		state: string,
+		redirectUri: string,
+	): Promise<{ url: string; instructions?: string }> {
+		const pkce = await generatePKCE();
+		this.verifier = pkce.verifier;
+		this.challenge = pkce.challenge;
-/**
- * Login with Antigravity OAuth
- *
- * @param onAuth - Callback with URL and optional instructions
- * @param onProgress - Optional progress callback
- * @param onManualCodeInput - Optional promise that resolves with user-pasted redirect URL.
- *                            Races with browser callback - whichever completes first wins.
- */
-export async function loginAntigravity(
-	onAuth: (info: { url: string; instructions?: string }) => void,
-	onProgress?: (message: string) => void,
-	onManualCodeInput?: () => Promise<string>,
-): Promise<OAuthCredentials> {
-	const { verifier, challenge } = await generatePKCE();
-	// Start local server for callback
-	onProgress?.("Starting local server for OAuth callback...");
-	const server = await startCallbackServer();
-	let code: string | undefined;
-	try {
-		// Build authorization URL
 		const authParams = new URLSearchParams({
 			client_id: CLIENT_ID,
 			response_type: "code",
-			redirect_uri: REDIRECT_URI,
+			redirect_uri: redirectUri,
 			scope: SCOPES.join(" "),
-			code_challenge: challenge,
+			code_challenge: this.challenge,
 			code_challenge_method: "S256",
-			state: verifier,
+			state,
 			access_type: "offline",
 			prompt: "consent",
 		});
-		const authUrl = `${AUTH_URL}?${authParams.toString()}`;
-		// Notify caller with URL to open
-		onAuth({
-			url: authUrl,
-			instructions: "Complete the sign-in in your browser.",
-		});
-		// Wait for the callback, racing with manual input if provided
-		onProgress?.("Waiting for OAuth callback...");
-		if (onManualCodeInput) {
-			// Race between browser callback and manual input
-			let manualInput: string | undefined;
-			let manualError: Error | undefined;
-			const manualPromise = onManualCodeInput()
-				.then((input) => {
-					manualInput = input;
-					server.cancelWait();
-				})
-				.catch((err) => {
-					manualError = err instanceof Error ? err : new Error(String(err));
-					server.cancelWait();
-				});
-			const result = await server.waitForCode();
-			// If manual input was cancelled, throw that error
-			if (manualError) {
-				throw manualError;
-			}
-			if (result?.code) {
-				// Browser callback won - verify state
-				if (result.state !== verifier) {
-					throw new Error("OAuth state mismatch - possible CSRF attack");
-				}
-				code = result.code;
-			} else if (manualInput) {
-				// Manual input won
-				const parsed = parseRedirectUrl(manualInput);
-				if (parsed.state && parsed.state !== verifier) {
-					throw new Error("OAuth state mismatch - possible CSRF attack");
-				}
-				code = parsed.code;
-			}
-			// If still no code, wait for manual promise and try that
-			if (!code) {
-				await manualPromise;
-				if (manualError) {
-					throw manualError;
-				}
-				if (manualInput) {
-					const parsed = parseRedirectUrl(manualInput);
-					if (parsed.state && parsed.state !== verifier) {
-						throw new Error("OAuth state mismatch - possible CSRF attack");
-					}
-					code = parsed.code;
-				}
-			}
-		} else {
-			// Original flow: just wait for callback
-			const result = await server.waitForCode();
-			if (result?.code) {
-				if (result.state !== verifier) {
-					throw new Error("OAuth state mismatch - possible CSRF attack");
-				}
-				code = result.code;
-			}
-		}
+		const url = `${AUTH_URL}?${authParams.toString()}`;
+		return { url, instructions: "Complete the sign-in in your browser." };
+	}
-		if (!code) {
-			throw new Error("No authorization code received");
-		}
+	protected async exchangeToken(code: string, _state: string, redirectUri: string): Promise<OAuthCredentials> {
+		this.ctrl.onProgress?.("Exchanging authorization code for tokens...");
-		// Exchange code for tokens
-		onProgress?.("Exchanging authorization code for tokens...");
 		const tokenResponse = await fetch(TOKEN_URL, {
 			method: "POST",
-			headers: {
-				"Content-Type": "application/x-www-form-urlencoded",
-			},
+			headers: { "Content-Type": "application/x-www-form-urlencoded" },
 			body: new URLSearchParams({
 				client_id: CLIENT_ID,
 				client_secret: CLIENT_SECRET,
 				code,
 				grant_type: "authorization_code",
-				redirect_uri: REDIRECT_URI,
-				code_verifier: verifier,
+				redirect_uri: redirectUri,
+				code_verifier: this.verifier,
 			}),
 		});
@@ -388,26 +166,58 @@ export async function loginAntigravity(
 			throw new Error("No refresh token received. Please try again.");
 		}
-		// Get user email
-		onProgress?.("Getting user info...");
+		this.ctrl.onProgress?.("Getting user info...");
 		const email = await getUserEmail(tokenData.access_token);
+		const projectId = await discoverProject(tokenData.access_token, this.ctrl.onProgress);
-		// Discover project
-		const projectId = await discoverProject(tokenData.access_token, onProgress);
-		// Calculate expiry time (current time + expires_in seconds - 5 min buffer)
-		const expiresAt = Date.now() + tokenData.expires_in * 1000 - 5 * 60 * 1000;
-		const credentials: OAuthCredentials = {
+		return {
 			refresh: tokenData.refresh_token,
 			access: tokenData.access_token,
-			expires: expiresAt,
+			expires: Date.now() + tokenData.expires_in * 1000 - 5 * 60 * 1000,
 			projectId,
 			email,
 		};
+	}
+}
+/**
+ * Login with Antigravity OAuth
+ */
+export async function loginAntigravity(ctrl: OAuthController): Promise<OAuthCredentials> {
+	const flow = new AntigravityOAuthFlow(ctrl);
+	return flow.login();
+}
+/**
+ * Refresh Antigravity token
+ */
+export async function refreshAntigravityToken(refreshToken: string, projectId: string): Promise<OAuthCredentials> {
+	const response = await fetch(TOKEN_URL, {
+		method: "POST",
+		headers: { "Content-Type": "application/x-www-form-urlencoded" },
+		body: new URLSearchParams({
+			client_id: CLIENT_ID,
+			client_secret: CLIENT_SECRET,
+			refresh_token: refreshToken,
+			grant_type: "refresh_token",
+		}),
+	});
-		return credentials;
-	} finally {
-		server.server.close();
+	if (!response.ok) {
+		const error = await response.text();
+		throw new Error(`Antigravity token refresh failed: ${error}`);
 	}
+	const data = (await response.json()) as {
+		access_token: string;
+		expires_in: number;
+		refresh_token?: string;
+	};
+	return {
+		refresh: data.refresh_token || refreshToken,
+		access: data.access_token,
+		expires: Date.now() + data.expires_in * 1000 - 5 * 60 * 1000,
+		projectId,
+	};
 }