@oh-my-pi/pi-ai 6.8.0 → 6.8.1

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@oh-my-pi/pi-ai",
-	"version": "6.8.0",
+	"version": "6.8.1",
 	"description": "Unified LLM API with automatic model discovery and provider configuration",
 	"type": "module",
 	"main": "./src/index.ts",
@@ -17,7 +17,7 @@
 		"test": "bun test"
 	},
 	"dependencies": {
-		"@oh-my-pi/pi-utils": "6.8.0",
+		"@oh-my-pi/pi-utils": "6.8.1",
 		"@anthropic-ai/sdk": "0.71.2",
 		"@aws-sdk/client-bedrock-runtime": "^3.968.0",
 		"@bufbuild/protobuf": "^2.10.2",

package/src/cli.ts

@@ -3,6 +3,7 @@ import { createInterface } from "readline";
 import { CliAuthStorage } from "./storage";
 import "./utils/migrate-env";
 import { loginAnthropic } from "./utils/oauth/anthropic";
+import { loginCursor } from "./utils/oauth/cursor";
 import { loginGitHubCopilot } from "./utils/oauth/github-copilot";
 import { loginAntigravity } from "./utils/oauth/google-antigravity";
 import { loginGeminiCli } from "./utils/oauth/google-gemini-cli";
@@ -88,6 +89,17 @@ async function login(provider: OAuthProvider): Promise<void> {
 				});
 				break;
 
+			case "cursor":
+				credentials = await loginCursor(
+					(url) => {
+						console.log(`\nOpen this URL in your browser:\n${url}\n`);
+					},
+					() => {
+						console.log("Waiting for browser authentication...");
+					},
+				);
+				break;
+
 			default:
 				throw new Error(`Unknown provider: ${provider}`);
 		}

package/src/providers/openai-codex-responses.ts

@@ -1,4 +1,5 @@
 import os from "node:os";
+import { abortableSleep } from "@oh-my-pi/pi-utils";
 import type {
 	ResponseFunctionToolCall,
 	ResponseInput,
@@ -440,13 +441,13 @@ async function fetchWithRetry(url: string, init: RequestInit, signal?: AbortSign
 			}
 			if (signal?.aborted) return response;
 			const delay = getRetryDelayMs(response, attempt);
-			await Bun.sleep(delay);
+			await abortableSleep(delay, signal);
 		} catch (error) {
 			if (attempt >= CODEX_MAX_RETRIES || signal?.aborted) {
 				throw error;
 			}
 			const delay = CODEX_RETRY_DELAY_MS * (attempt + 1);
-			await Bun.sleep(delay);
+			await abortableSleep(delay, signal);
 		}
 		attempt += 1;
 	}

package/src/utils/oauth/anthropic.ts

@@ -63,7 +63,12 @@ class AnthropicOAuthFlow extends OAuthCallbackFlow {
 		});
 
 		if (!tokenResponse.ok) {
-			const error = await tokenResponse.text();
+			let error: string;
+			try {
+				error = await tokenResponse.text();
+			} catch {
+				error = `HTTP ${tokenResponse.status}`;
+			}
 			throw new Error(`Token exchange failed: ${error}`);
 		}
 

package/src/utils/oauth/callback-server.ts

@@ -158,12 +158,14 @@ export abstract class OAuthCallbackFlow {
 			resultState = { ok: true, code, state };
 		}
 
-		// Signal to waitForCallback
+		// Signal to waitForCallback - capture refs before they could be cleared
+		const resolve = this.callbackResolve;
+		const reject = this.callbackReject;
 		queueMicrotask(() => {
 			if (resultState.ok) {
-				this.callbackResolve?.({ code: resultState.code, state: resultState.state });
+				resolve?.({ code: resultState.code, state: resultState.state });
 			} else {
-				this.callbackReject?.(resultState.error ?? "Unknown error");
+				reject?.(resultState.error ?? "Unknown error");
 			}
 		});
 

package/src/utils/oauth/cursor.ts

@@ -126,12 +126,16 @@ export async function refreshCursorToken(apiKeyOrRefreshToken: string): Promise<
 
 function getTokenExpiry(token: string): number {
 	try {
-		const [, payload] = token.split(".");
+		const parts = token.split(".");
+		if (parts.length !== 3) {
+			return Date.now() + 3600 * 1000;
+		}
+		const payload = parts[1];
 		if (!payload) {
 			return Date.now() + 3600 * 1000;
 		}
 		const decoded = JSON.parse(atob(payload.replace(/-/g, "+").replace(/_/g, "/")));
-		if (decoded.exp) {
+		if (decoded && typeof decoded === "object" && typeof decoded.exp === "number") {
 			return decoded.exp * 1000 - 5 * 60 * 1000;
 		}
 	} catch {

package/src/utils/oauth/openai-codex.ts

@@ -40,11 +40,16 @@ function getAccountId(accessToken: string): string | null {
 	return typeof accountId === "string" && accountId.length > 0 ? accountId : null;
 }
 
-class OpenAICodexOAuthFlow extends OAuthCallbackFlow {
-	private verifier: string = "";
-	private challenge: string = "";
+interface PKCE {
+	verifier: string;
+	challenge: string;
+}
 
-	constructor(ctrl: OAuthController) {
+class OpenAICodexOAuthFlow extends OAuthCallbackFlow {
+	constructor(
+		ctrl: OAuthController,
+		private readonly pkce: PKCE,
+	) {
 		super(ctrl, CALLBACK_PORT, CALLBACK_PATH);
 	}
 
@@ -52,16 +57,12 @@ class OpenAICodexOAuthFlow extends OAuthCallbackFlow {
 		state: string,
 		redirectUri: string,
 	): Promise<{ url: string; instructions?: string }> {
-		const pkce = await generatePKCE();
-		this.verifier = pkce.verifier;
-		this.challenge = pkce.challenge;
-
 		const searchParams = new URLSearchParams({
 			response_type: "code",
 			client_id: CLIENT_ID,
 			redirect_uri: redirectUri,
 			scope: SCOPE,
-			code_challenge: this.challenge,
+			code_challenge: this.pkce.challenge,
 			code_challenge_method: "S256",
 			state,
 			id_token_add_organizations: "true",
@@ -74,56 +75,61 @@ class OpenAICodexOAuthFlow extends OAuthCallbackFlow {
 	}
 
 	protected async exchangeToken(code: string, _state: string, redirectUri: string): Promise<OAuthCredentials> {
-		const tokenResponse = await fetch(TOKEN_URL, {
-			method: "POST",
-			headers: { "Content-Type": "application/x-www-form-urlencoded" },
-			body: new URLSearchParams({
-				grant_type: "authorization_code",
-				client_id: CLIENT_ID,
-				code,
-				code_verifier: this.verifier,
-				redirect_uri: redirectUri,
-			}),
-		});
+		return exchangeCodeForToken(code, this.pkce.verifier, redirectUri);
+	}
+}
 
-		if (!tokenResponse.ok) {
-			throw new Error(`Token exchange failed: ${tokenResponse.status}`);
-		}
+async function exchangeCodeForToken(code: string, verifier: string, redirectUri: string): Promise<OAuthCredentials> {
+	const tokenResponse = await fetch(TOKEN_URL, {
+		method: "POST",
+		headers: { "Content-Type": "application/x-www-form-urlencoded" },
+		body: new URLSearchParams({
+			grant_type: "authorization_code",
+			client_id: CLIENT_ID,
+			code,
+			code_verifier: verifier,
+			redirect_uri: redirectUri,
+		}),
+	});
 
-		const tokenData = (await tokenResponse.json()) as {
-			access_token?: string;
-			refresh_token?: string;
-			expires_in?: number;
-		};
+	if (!tokenResponse.ok) {
+		throw new Error(`Token exchange failed: ${tokenResponse.status}`);
+	}
 
-		if (!tokenData.access_token || !tokenData.refresh_token || typeof tokenData.expires_in !== "number") {
-			throw new Error("Token response missing required fields");
-		}
+	const tokenData = (await tokenResponse.json()) as {
+		access_token?: string;
+		refresh_token?: string;
+		expires_in?: number;
+	};
 
-		const accountId = getAccountId(tokenData.access_token);
-		if (!accountId) {
-			throw new Error("Failed to extract accountId from token");
-		}
+	if (!tokenData.access_token || !tokenData.refresh_token || typeof tokenData.expires_in !== "number") {
+		throw new Error("Token response missing required fields");
+	}
 
-		return {
-			access: tokenData.access_token,
-			refresh: tokenData.refresh_token,
-			expires: Date.now() + tokenData.expires_in * 1000,
-			accountId,
-		};
+	const accountId = getAccountId(tokenData.access_token);
+	if (!accountId) {
+		throw new Error("Failed to extract accountId from token");
 	}
+
+	return {
+		access: tokenData.access_token,
+		refresh: tokenData.refresh_token,
+		expires: Date.now() + tokenData.expires_in * 1000,
+		accountId,
+	};
 }
 
 /**
  * Login with OpenAI Codex OAuth
  */
 export async function loginOpenAICodex(ctrl: OAuthController): Promise<OAuthCredentials> {
-	const flow = new OpenAICodexOAuthFlow(ctrl);
+	const pkce = await generatePKCE();
+	const flow = new OpenAICodexOAuthFlow(ctrl, pkce);
+	const redirectUri = `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`;
 
 	try {
 		return await flow.login();
 	} catch (error) {
-		// Callback failed - fall back to onPrompt if available
 		if (!ctrl.onPrompt) {
 			throw error;
 		}
@@ -139,47 +145,7 @@ export async function loginOpenAICodex(ctrl: OAuthController): Promise<OAuthCred
 			throw new Error("No authorization code found in input");
 		}
 
-		const redirectUri = `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`;
-
-		// Manual token exchange
-		const pkce = await generatePKCE();
-		const tokenResponse = await fetch(TOKEN_URL, {
-			method: "POST",
-			headers: { "Content-Type": "application/x-www-form-urlencoded" },
-			body: new URLSearchParams({
-				grant_type: "authorization_code",
-				client_id: CLIENT_ID,
-				code: parsed.code,
-				code_verifier: pkce.verifier,
-				redirect_uri: redirectUri,
-			}),
-		});
-
-		if (!tokenResponse.ok) {
-			throw new Error(`Token exchange failed: ${tokenResponse.status}`);
-		}
-
-		const tokenData = (await tokenResponse.json()) as {
-			access_token?: string;
-			refresh_token?: string;
-			expires_in?: number;
-		};
-
-		if (!tokenData.access_token || !tokenData.refresh_token || typeof tokenData.expires_in !== "number") {
-			throw new Error("Token response missing required fields");
-		}
-
-		const accountId = getAccountId(tokenData.access_token);
-		if (!accountId) {
-			throw new Error("Failed to extract accountId from token");
-		}
-
-		return {
-			access: tokenData.access_token,
-			refresh: tokenData.refresh_token,
-			expires: Date.now() + tokenData.expires_in * 1000,
-			accountId,
-		};
+		return exchangeCodeForToken(parsed.code, pkce.verifier, redirectUri);
 	}
 }