@prometheus-ai/ai 0.5.3 → 0.5.8

package/src/{utils/oauth → registry}/huggingface.ts

@@ -1,29 +1,12 @@
-/**
- * Hugging Face Inference login flow.
- *
- * Hugging Face Inference Providers expose an OpenAI-compatible endpoint via
- * https://router.huggingface.co/v1.
- *
- * This is an API key flow:
- * 1. Open browser to Hugging Face token settings
- * 2. User creates/copies a token with Inference Providers permission
- * 3. User pastes the token into the CLI
- */
-
 import { validateOpenAICompatibleApiKey } from "./api-key-validation";
-import type { OAuthController } from "./types";
+import type { OAuthController, OAuthLoginCallbacks } from "./oauth/types";
+import type { ProviderDefinition } from "./types";
 
 const AUTH_URL =
 	"https://huggingface.co/settings/tokens/new?ownUserPermissions=inference.serverless.write&tokenType=fineGrained";
 const API_BASE_URL = "https://router.huggingface.co/v1";
 const VALIDATION_MODEL = "openai/gpt-oss-120b";
 
-/**
- * Login to Hugging Face Inference Providers.
- *
- * Opens browser to token settings, prompts user to paste their API key.
- * Returns the API key directly (not OAuthCredentials - this isn't OAuth).
- */
 export async function loginHuggingface(options: OAuthController): Promise<string> {
 	if (!options.onPrompt) {
 		throw new Error("Hugging Face login requires onPrompt callback");
@@ -60,3 +43,9 @@ export async function loginHuggingface(options: OAuthController): Promise<string
 
 	return trimmed;
 }
+
+export const huggingfaceProvider = {
+	id: "huggingface",
+	name: "Hugging Face Inference",
+	login: (cb: OAuthLoginCallbacks) => loginHuggingface(cb),
+} as const satisfies ProviderDefinition;

package/src/registry/index.ts

@@ -0,0 +1,4 @@
+export * from "./derived";
+export * from "./oauth";
+export * from "./registry";
+export * from "./types";

package/src/{utils/oauth → registry}/kagi.ts

@@ -1,14 +1,5 @@
-/**
- * Kagi login flow.
- *
- * Kagi web search uses an API key from the account settings page.
- * This is an API key flow:
- * 1. Open browser to Kagi API settings
- * 2. User copies API key
- * 3. User pastes key into CLI
- */
-
-import type { OAuthController } from "./types";
+import type { OAuthController, OAuthLoginCallbacks } from "./oauth/types";
+import type { ProviderDefinition } from "./types";
 
 const AUTH_URL = "https://kagi.com/settings/api";
 
@@ -45,3 +36,10 @@ export async function loginKagi(options: OAuthController): Promise<string> {
 
 	return trimmed;
 }
+
+export const kagiProvider = {
+	id: "kagi",
+	name: "Kagi",
+	envKeys: "KAGI_API_KEY",
+	login: (cb: OAuthLoginCallbacks) => loginKagi(cb),
+} as const satisfies ProviderDefinition;

package/src/{utils/oauth → registry}/kilo.ts

@@ -1,4 +1,5 @@
-import type { OAuthController, OAuthCredentials } from "./types";
+import type { OAuthController, OAuthCredentials } from "./oauth/types";
+import type { ProviderDefinition } from "./types";
 
 const KILO_DEVICE_AUTH_BASE_URL = "https://api.kilo.ai/api/device-auth";
 const POLL_INTERVAL_MS = 5000;
@@ -15,11 +16,9 @@ interface KiloDeviceAuthPollResponse {
 	token?: string;
 }
 
-/**
- * Login with Kilo Gateway OAuth (device code flow).
- */
 export async function loginKilo(callbacks: OAuthController): Promise<OAuthCredentials> {
-	const initiateResponse = await fetch(`${KILO_DEVICE_AUTH_BASE_URL}/codes`, {
+	const fetchImpl = callbacks.fetch ?? fetch;
+	const initiateResponse = await fetchImpl(`${KILO_DEVICE_AUTH_BASE_URL}/codes`, {
 		method: "POST",
 		headers: { "Content-Type": "application/json" },
 	});
@@ -50,7 +49,7 @@ export async function loginKilo(callbacks: OAuthController): Promise<OAuthCreden
 			throw new Error("Login cancelled");
 		}
 
-		const pollResponse = await fetch(`${KILO_DEVICE_AUTH_BASE_URL}/codes/${encodeURIComponent(userCode)}`);
+		const pollResponse = await fetchImpl(`${KILO_DEVICE_AUTH_BASE_URL}/codes/${encodeURIComponent(userCode)}`);
 		if (pollResponse.status === 202) {
 			await Bun.sleep(POLL_INTERVAL_MS);
 			continue;
@@ -85,3 +84,9 @@ export async function loginKilo(callbacks: OAuthController): Promise<OAuthCreden
 
 	throw new Error("Authentication timed out. Please try again.");
 }
+
+export const kiloProvider = {
+	id: "kilo",
+	name: "Kilo Gateway",
+	login: loginKilo,
+} as const satisfies ProviderDefinition;

package/src/registry/kimi-code.ts

@@ -0,0 +1,17 @@
+import type { OAuthCredentials, OAuthLoginCallbacks } from "./oauth/types";
+import type { ProviderDefinition } from "./types";
+
+export const kimiCodeProvider = {
+	id: "kimi-code",
+	name: "Kimi Code",
+	login: async (cb: OAuthLoginCallbacks) => {
+		// Lazy import: keep heavy OAuth flow modules out of the eager registry graph.
+		const { loginKimi } = await import("./oauth/kimi");
+		return loginKimi(cb);
+	},
+	refreshToken: async (credentials: OAuthCredentials) => {
+		// Lazy import: keep heavy OAuth flow modules out of the eager registry graph.
+		const { refreshKimiToken } = await import("./oauth/kimi");
+		return refreshKimiToken(credentials.refresh);
+	},
+} as const satisfies ProviderDefinition;

package/src/{utils/oauth → registry}/litellm.ts

@@ -1,15 +1,5 @@
-/**
- * LiteLLM login flow.
- *
- * LiteLLM is an OpenAI-compatible proxy that routes requests to many upstream providers.
- *
- * This is not OAuth - it's a simple API key flow:
- * 1. Open browser to LiteLLM docs/dashboard
- * 2. User copies their LiteLLM API key
- * 3. User pastes the API key into the CLI
- */
-
-import type { OAuthController } from "./types";
+import type { OAuthController, OAuthLoginCallbacks } from "./oauth/types";
+import type { ProviderDefinition } from "./types";
 
 const AUTH_URL = "https://docs.litellm.ai/docs/proxy/deploy";
 
@@ -45,3 +35,9 @@ export async function loginLiteLLM(options: OAuthController): Promise<string> {
 
 	return trimmed;
 }
+
+export const litellmProvider = {
+	id: "litellm",
+	name: "LiteLLM",
+	login: (cb: OAuthLoginCallbacks) => loginLiteLLM(cb),
+} as const satisfies ProviderDefinition;

package/src/{utils/oauth → registry}/lm-studio.ts

@@ -1,23 +1,9 @@
-/**
- * LM Studio login flow.
- *
- * LM Studio provides an OpenAI-compatible API at a local base URL.
- * It usually runs unauthenticated but can be configured to require a bearer token.
- *
- * This flow stores an API-key-style credential used by `/login` and auth storage.
- */
+import type { OAuthController, OAuthLoginCallbacks } from "./oauth/types";
+import type { ProviderDefinition } from "./types";
 
-import type { OAuthController, OAuthProvider } from "./types";
-
-const PROVIDER_ID: OAuthProvider = "lm-studio";
+const PROVIDER_ID = "lm-studio";
 export const DEFAULT_LOCAL_TOKEN = "lm-studio-local";
 
-/**
- * Login to LM Studio.
- *
- * Opens LM Studio API docs, prompts for an optional token,
- * and returns a stored key value.
- */
 export async function loginLmStudio(options: OAuthController): Promise<string> {
 	if (!options.onPrompt) {
 		throw new Error(`${PROVIDER_ID} login requires onPrompt callback`);
@@ -36,3 +22,9 @@ export async function loginLmStudio(options: OAuthController): Promise<string> {
 	const trimmed = apiKey.trim();
 	return trimmed || DEFAULT_LOCAL_TOKEN;
 }
+
+export const lmStudioProvider = {
+	id: "lm-studio",
+	name: "LM Studio (Local OpenAI-compatible)",
+	login: (cb: OAuthLoginCallbacks) => loginLmStudio(cb),
+} as const satisfies ProviderDefinition;

package/src/registry/minimax-code-cn.ts

@@ -0,0 +1,12 @@
+import type { OAuthLoginCallbacks } from "./oauth/types";
+import type { ProviderDefinition } from "./types";
+
+export const minimaxCodeCnProvider = {
+	id: "minimax-code-cn",
+	name: "MiniMax Token Plan (China)",
+	login: async (cb: OAuthLoginCallbacks) => {
+		// Lazy import: keep heavy OAuth flow modules out of the eager registry graph.
+		const { loginMiniMaxCodeCn } = await import("./oauth/minimax-code");
+		return loginMiniMaxCodeCn(cb);
+	},
+} as const satisfies ProviderDefinition;

package/src/registry/minimax-code.ts

@@ -0,0 +1,12 @@
+import type { OAuthLoginCallbacks } from "./oauth/types";
+import type { ProviderDefinition } from "./types";
+
+export const minimaxCodeProvider = {
+	id: "minimax-code",
+	name: "MiniMax Token Plan (International)",
+	login: async (cb: OAuthLoginCallbacks) => {
+		// Lazy import: keep heavy OAuth flow modules out of the eager registry graph.
+		const { loginMiniMaxCode } = await import("./oauth/minimax-code");
+		return loginMiniMaxCode(cb);
+	},
+} as const satisfies ProviderDefinition;

package/src/registry/minimax.ts

@@ -0,0 +1,6 @@
+import type { ProviderDefinition } from "./types";
+
+export const minimaxProvider = {
+	id: "minimax",
+	name: "MiniMax",
+} as const satisfies ProviderDefinition;

package/src/registry/mistral.ts

@@ -0,0 +1,6 @@
+import type { ProviderDefinition } from "./types";
+
+export const mistralProvider = {
+	id: "mistral",
+	name: "Mistral",
+} as const satisfies ProviderDefinition;

package/src/{utils/oauth → registry}/moonshot.ts

@@ -1,13 +1,6 @@
-/**
- * Moonshot login flow (API key paste against https://api.moonshot.ai/v1).
- *
- * Validation hits `GET /v1/models` rather than a chat completion. Moonshot's
- * thinking models (e.g. kimi-k2.5/k2.6) reject the `temperature: 0` probe used
- * by the chat-completions validator with `invalid temperature: only 1 is
- * allowed for this model`, so a hello-world chat call cannot authenticate the
- * key reliably across the Moonshot catalog.
- */
 import { createApiKeyLogin } from "./api-key-login";
+import type { OAuthLoginCallbacks } from "./oauth/types";
+import type { ProviderDefinition } from "./types";
 
 export const loginMoonshot = createApiKeyLogin({
 	providerLabel: "Moonshot",
@@ -21,3 +14,9 @@ export const loginMoonshot = createApiKeyLogin({
 		modelsUrl: "https://api.moonshot.ai/v1/models",
 	},
 });
+
+export const moonshotProvider = {
+	id: "moonshot",
+	name: "Moonshot (Kimi API)",
+	login: (cb: OAuthLoginCallbacks) => loginMoonshot(cb),
+} as const satisfies ProviderDefinition;

package/src/{utils/oauth → registry}/nanogpt.ts

@@ -1,5 +1,6 @@
-/** NanoGPT login flow (API key paste, validated via /models). */
 import { createApiKeyLogin } from "./api-key-login";
+import type { OAuthLoginCallbacks } from "./oauth/types";
+import type { ProviderDefinition } from "./types";
 
 export const loginNanoGPT = createApiKeyLogin({
 	providerLabel: "NanoGPT",
@@ -13,3 +14,9 @@ export const loginNanoGPT = createApiKeyLogin({
 		modelsUrl: "https://nano-gpt.com/api/v1/models",
 	},
 });
+
+export const nanogptProvider = {
+	id: "nanogpt",
+	name: "NanoGPT",
+	login: (cb: OAuthLoginCallbacks) => loginNanoGPT(cb),
+} as const satisfies ProviderDefinition;

package/src/{utils/oauth → registry}/nvidia.ts

@@ -1,28 +1,12 @@
-/**
- * NVIDIA login flow.
- *
- * NVIDIA provides OpenAI-compatible models via https://integrate.api.nvidia.com/v1.
- *
- * This is not OAuth - it's a simple API key flow:
- * 1. Open browser to NVIDIA NGC catalog
- * 2. User copies their API key
- * 3. User pastes the API key into the CLI
- */
-
 import { validateOpenAICompatibleApiKey } from "./api-key-validation";
-import type { OAuthController } from "./types";
+import type { OAuthController, OAuthLoginCallbacks } from "./oauth/types";
+import type { ProviderDefinition } from "./types";
 
 const AUTH_URL = "https://org.ngc.nvidia.com/setup/personal-keys";
 const API_BASE_URL = "https://integrate.api.nvidia.com/v1";
 const VALIDATION_MODEL = "nvidia/llama-3.1-nemotron-70b-instruct";
 const PROVIDER_ID = "nvidia";
 
-/**
- * Login to NVIDIA.
- *
- * Opens browser to NVIDIA dashboard, prompts user to paste their API key.
- * Returns the API key directly (not OAuthCredentials - this isn't OAuth).
- */
 export async function loginNvidia(options: OAuthController): Promise<string> {
 	if (!options.onPrompt) {
 		throw new Error("NVIDIA login requires onPrompt callback");
@@ -68,3 +52,9 @@ export async function loginNvidia(options: OAuthController): Promise<string> {
 
 	return trimmed;
 }
+
+export const nvidiaProvider = {
+	id: "nvidia",
+	name: "NVIDIA",
+	login: (cb: OAuthLoginCallbacks) => loginNvidia(cb),
+} as const satisfies ProviderDefinition;

package/src/{utils → registry}/oauth/__tests__/xai-oauth.test.ts

@@ -1,10 +1,7 @@
 import { afterEach, describe, expect, it, vi } from "bun:test";
 import { isXAIAccessTokenExpiring, refreshXAIOAuthToken, validateXAIEndpoint, XAIOAuthFlow } from "../xai-oauth";
 
-const originalFetch = global.fetch;
-
 afterEach(() => {
-	global.fetch = originalFetch;
 	vi.restoreAllMocks();
 });
 
@@ -58,9 +55,10 @@ describe("refreshXAIOAuthToken", () => {
 		const fetchMock = vi.fn(async () => {
 			throw new Error("fetch should not be called when refresh_token is empty");
 		});
-		global.fetch = fetchMock as unknown as typeof fetch;
 
-		await expect(refreshXAIOAuthToken("")).rejects.toThrow(/missing refresh_token/);
+		await expect(refreshXAIOAuthToken("", fetchMock as unknown as typeof fetch)).rejects.toThrow(
+			/missing refresh_token/,
+		);
 		expect(fetchMock).not.toHaveBeenCalled();
 	});
 });
@@ -95,9 +93,8 @@ describe("XAIOAuthFlow.exchangeToken", () => {
 				headers: { "Content-Type": "application/json" },
 			});
 		});
-		global.fetch = fetchMock as unknown as typeof fetch;
 
-		const flow = new XAIOAuthFlow({});
+		const flow = new XAIOAuthFlow({ fetch: fetchMock as unknown as typeof fetch });
 		await flow.generateAuthUrl("state-abc", "http://127.0.0.1:56121/callback");
 
 		await expect(flow.exchangeToken("code-xyz", "state-abc", "http://127.0.0.1:56121/callback")).rejects.toThrow(

package/src/{utils → registry}/oauth/anthropic.ts

@@ -1,6 +1,9 @@
 /**
  * Anthropic OAuth flow (Claude Pro/Max)
  */
+
+import { claudeCodeVersion } from "../../providers/anthropic";
+import type { FetchImpl } from "../../types";
 import { OAuthCallbackFlow } from "./callback-server";
 import { generatePKCE } from "./pkce";
 import type { OAuthController, OAuthCredentials } from "./types";
@@ -11,7 +14,7 @@ const AUTHORIZE_URL = "https://claude.ai/oauth/authorize";
 const TOKEN_URL = "https://api.anthropic.com/v1/oauth/token";
 const BOOTSTRAP_URL = "https://api.anthropic.com/api/claude_cli/bootstrap";
 const CLAUDE_CODE_BOOTSTRAP_MODEL = "claude-opus-4-8";
-const CLAUDE_CODE_BOOTSTRAP_USER_AGENT = "claude-code/2.1.160";
+const CLAUDE_CODE_BOOTSTRAP_USER_AGENT = `claude-code/${claudeCodeVersion}`;
 const CALLBACK_PORT = 54545;
 const CALLBACK_PATH = "/callback";
 // Scopes required for direct OAuth-token inference (user:inference) plus account/session management.
@@ -40,9 +43,10 @@ function formatErrorDetails(error: unknown): string {
 async function postJson(
 	url: string,
 	body: Record<string, string | number>,
+	fetchImpl: FetchImpl,
 	extraHeaders?: Record<string, string>,
 ): Promise<string> {
-	const response = await fetch(url, {
+	const response = await fetchImpl(url, {
 		method: "POST",
 		headers: {
 			// No Accept header: CC omits it on OAuth token requests.
@@ -109,9 +113,12 @@ function extractAccountFromTokenResponse(data: AnthropicTokenResponse): {
 	};
 }
 
-async function fetchBootstrapIdentity(accessToken: string): Promise<{ accountId?: string; email?: string }> {
+async function fetchBootstrapIdentity(
+	accessToken: string,
+	fetchImpl: FetchImpl,
+): Promise<{ accountId?: string; email?: string }> {
 	const url = `${BOOTSTRAP_URL}?entrypoint=cli&model=${encodeURIComponent(CLAUDE_CODE_BOOTSTRAP_MODEL)}`;
-	const response = await fetch(url, {
+	const response = await fetchImpl(url, {
 		method: "GET",
 		headers: {
 			Accept: "application/json, text/plain, */*",
@@ -142,11 +149,14 @@ async function fetchBootstrapIdentity(accessToken: string): Promise<{ accountId?
 	};
 }
 
-async function resolveAccountIdentity(data: AnthropicTokenResponse): Promise<{ accountId?: string; email?: string }> {
+async function resolveAccountIdentity(
+	data: AnthropicTokenResponse,
+	fetchImpl: FetchImpl,
+): Promise<{ accountId?: string; email?: string }> {
 	const identity = extractAccountFromTokenResponse(data);
 	if (identity.accountId && identity.email) return identity;
 	try {
-		const bootstrap = await fetchBootstrapIdentity(data.access_token);
+		const bootstrap = await fetchBootstrapIdentity(data.access_token, fetchImpl);
 		return {
 			accountId: identity.accountId ?? bootstrap.accountId,
 			email: identity.email ?? bootstrap.email,
@@ -159,9 +169,11 @@ async function resolveAccountIdentity(data: AnthropicTokenResponse): Promise<{ a
 export class AnthropicOAuthFlow extends OAuthCallbackFlow {
 	#verifier: string = "";
 	#challenge: string = "";
+	#fetch: FetchImpl;
 
 	constructor(ctrl: OAuthController) {
 		super(ctrl, CALLBACK_PORT, CALLBACK_PATH);
+		this.#fetch = ctrl.fetch ?? fetch;
 	}
 
 	async generateAuthUrl(state: string, redirectUri: string): Promise<{ url: string; instructions?: string }> {
@@ -202,14 +214,18 @@ export class AnthropicOAuthFlow extends OAuthCallbackFlow {
 
 		let responseBody: string;
 		try {
-			responseBody = await postJson(TOKEN_URL, {
-				grant_type: "authorization_code",
-				client_id: CLIENT_ID,
-				code: exchangeCode,
-				state: exchangeState,
-				redirect_uri: redirectUri,
-				code_verifier: this.#verifier,
-			});
+			responseBody = await postJson(
+				TOKEN_URL,
+				{
+					grant_type: "authorization_code",
+					client_id: CLIENT_ID,
+					code: exchangeCode,
+					state: exchangeState,
+					redirect_uri: redirectUri,
+					code_verifier: this.#verifier,
+				},
+				this.#fetch,
+			);
 		} catch (error) {
 			throw new Error(
 				`Token exchange request failed. url=${TOKEN_URL}; redirect_uri=${redirectUri}; response_type=authorization_code; details=${formatErrorDetails(error)}`,
@@ -217,7 +233,7 @@ export class AnthropicOAuthFlow extends OAuthCallbackFlow {
 		}
 
 		const tokenData = parseOAuthTokenResponse(responseBody, "token exchange");
-		const { accountId, email } = await resolveAccountIdentity(tokenData);
+		const { accountId, email } = await resolveAccountIdentity(tokenData, this.#fetch);
 
 		return {
 			refresh: tokenData.refresh_token,
@@ -240,7 +256,11 @@ export async function loginAnthropic(ctrl: OAuthController): Promise<OAuthCreden
 /**
  * Refresh Anthropic OAuth token
  */
-export async function refreshAnthropicToken(refreshToken: string): Promise<OAuthCredentials> {
+export async function refreshAnthropicToken(
+	refreshToken: string,
+	fetchOverride?: FetchImpl,
+): Promise<OAuthCredentials> {
+	const fetchImpl = fetchOverride ?? fetch;
 	let responseBody: string;
 	try {
 		responseBody = await postJson(
@@ -250,6 +270,7 @@ export async function refreshAnthropicToken(refreshToken: string): Promise<OAuth
 				client_id: CLIENT_ID,
 				refresh_token: refreshToken,
 			},
+			fetchImpl,
 			{
 				// CC sends these on refresh but not on the initial code exchange
 				"anthropic-beta": "oauth-2025-04-20",
@@ -261,7 +282,7 @@ export async function refreshAnthropicToken(refreshToken: string): Promise<OAuth
 	}
 
 	const data = parseOAuthTokenResponse(responseBody, "token refresh");
-	const { accountId, email } = await resolveAccountIdentity(data);
+	const { accountId, email } = await resolveAccountIdentity(data, fetchImpl);
 
 	return {
 		refresh: data.refresh_token || refreshToken,