@redonvn/cli 0.1.0

package/dist/llm/oauth/callback-server.js

@@ -0,0 +1,78 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.waitForCallback = waitForCallback;
+const http_1 = __importDefault(require("http"));
+const url_1 = require("url");
+const CALLBACK_HTML = `<!doctype html>
+<html lang="en"><head><meta charset="utf-8"><title>RedAI CLI — Authentication</title>
+<style>body{font-family:system-ui,sans-serif;display:grid;place-items:center;height:100vh;margin:0;background:#0d1117;color:#c9d1d9}
+.card{background:#161b22;padding:32px 40px;border:1px solid #30363d;border-radius:12px;text-align:center;max-width:520px}
+h1{margin:0 0 8px;color:#3fb950}
+p{margin:0;color:#8b949e}</style></head>
+<body><div class="card"><h1>✓ Authentication successful</h1>
+<p>You can close this window and return to your terminal.</p></div></body></html>`;
+/**
+ * Khởi 1 HTTP server tạm thời lắng nghe redirect từ provider OAuth.
+ * Resolve khi nhận được `code`, reject nếu timeout / lỗi.
+ *
+ * Phải bind đúng port mà provider whitelist (vd Claude: 54545).
+ */
+function waitForCallback(opts) {
+    const pathname = opts.pathname ?? '/callback';
+    const timeoutMs = opts.timeoutMs ?? 5 * 60 * 1000;
+    let resolve;
+    let reject;
+    const promise = new Promise((res, rej) => {
+        resolve = res;
+        reject = rej;
+    });
+    const server = http_1.default.createServer((req, res) => {
+        try {
+            const url = new url_1.URL(req.url || '/', `http://localhost:${opts.port}`);
+            if (url.pathname !== pathname) {
+                res.writeHead(404).end('Not found');
+                return;
+            }
+            const code = url.searchParams.get('code');
+            const error = url.searchParams.get('error');
+            const state = url.searchParams.get('state');
+            if (error) {
+                res.writeHead(400, { 'Content-Type': 'text/plain; charset=utf-8' });
+                res.end(`OAuth error: ${error}`);
+                reject(new Error(`OAuth error: ${error}`));
+                return;
+            }
+            if (!code) {
+                res.writeHead(400, { 'Content-Type': 'text/plain; charset=utf-8' });
+                res.end('Missing code');
+                reject(new Error('Missing authorization code in callback'));
+                return;
+            }
+            res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+            res.end(CALLBACK_HTML);
+            resolve({ code, state });
+        }
+        catch (err) {
+            reject(err instanceof Error ? err : new Error(String(err)));
+        }
+        finally {
+            setTimeout(() => server.close(), 100);
+        }
+    });
+    const timer = setTimeout(() => {
+        server.close();
+        reject(new Error(`OAuth callback timeout after ${timeoutMs}ms`));
+    }, timeoutMs);
+    timer.unref?.();
+    server.on('error', (err) => reject(err));
+    server.listen(opts.port, '127.0.0.1');
+    const cancel = () => {
+        clearTimeout(timer);
+        server.close();
+    };
+    return { promise, cancel };
+}
+//# sourceMappingURL=callback-server.js.map

package/dist/llm/oauth/callback-server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"callback-server.js","sourceRoot":"","sources":["../../../src/llm/oauth/callback-server.ts"],"names":[],"mappings":";;;;;AAuBA,0CA8DC;AArFD,gDAAwB;AACxB,6BAA0B;AAE1B,MAAM,aAAa,GAAG;;;;;;;kFAO4D,CAAC;AAOnF;;;;;GAKG;AACH,SAAgB,eAAe,CAAC,IAI/B;IACC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,WAAW,CAAC;IAC9C,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;IAClD,IAAI,OAAqC,CAAC;IAC1C,IAAI,MAA2B,CAAC;IAChC,MAAM,OAAO,GAAG,IAAI,OAAO,CAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACvD,OAAO,GAAG,GAAG,CAAC;QACd,MAAM,GAAG,GAAG,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,cAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC5C,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,SAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,oBAAoB,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YACrE,IAAI,GAAG,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBAC9B,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACpC,OAAO;YACT,CAAC;YACD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAE5C,IAAI,KAAK,EAAE,CAAC;gBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,2BAA2B,EAAE,CAAC,CAAC;gBACpE,GAAG,CAAC,GAAG,CAAC,gBAAgB,KAAK,EAAE,CAAC,CAAC;gBACjC,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,EAAE,CAAC,CAAC,CAAC;gBAC3C,OAAO;YACT,CAAC;YACD,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,2BAA2B,EAAE,CAAC,CAAC;gBACpE,GAAG,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;gBACxB,MAAM,CAAC,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC,CAAC;gBAC5D,OAAO;YACT,CAAC;YACD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;YACnE,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YACvB,OAAO,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;QAC3B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QAC9D,CAAC;gBAAS,CAAC;YACT,UAAU,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,GAAG,CAAC,CAAC;QACxC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;QAC5B,MAAM,CAAC,KAAK,EAAE,CAAC;QACf,MAAM,CAAC,IAAI,KAAK,CAAC,gCAAgC,SAAS,IAAI,CAAC,CAAC,CAAC;IACnE,CAAC,EAAE,SAAS,CAAC,CAAC;IACd,KAAK,CAAC,KAAK,EAAE,EAAE,CAAC;IAEhB,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IACzC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;IAEtC,MAAM,MAAM,GAAG,GAAG,EAAE;QAClB,YAAY,CAAC,KAAK,CAAC,CAAC;QACpB,MAAM,CAAC,KAAK,EAAE,CAAC;IACjB,CAAC,CAAC;IAEF,OAAO,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;AAC7B,CAAC"}

package/dist/llm/oauth/claude-oauth.d.ts

@@ -0,0 +1,29 @@
+import { PKCECodes } from './pkce';
+import { OAuthTokenStorage } from './store';
+/**
+ * Claude OAuth flow — port từ CLIProxyAPI `internal/auth/claude/anthropic_auth.go`.
+ *
+ * Constants giống y nguyên Claude Code CLI để Anthropic nhận diện là Claude Code:
+ *   - ClientID: 9d1c250a-e61b-44d9-88ed-5944d1962f5e
+ *   - Scope:    user:profile user:inference user:sessions:claude_code
+ *               user:mcp_servers user:file_upload
+ *   - Redirect: http://localhost:54545/callback
+ */
+export declare const CLAUDE_AUTH_URL = "https://claude.ai/oauth/authorize";
+export declare const CLAUDE_TOKEN_URL = "https://api.anthropic.com/v1/oauth/token";
+export declare const CLAUDE_CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e";
+export declare const CLAUDE_REDIRECT_URI = "http://localhost:54545/callback";
+export declare const CLAUDE_SCOPE = "user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload";
+export interface ClaudeAuthSession {
+    authUrl: string;
+    state: string;
+    pkce: PKCECodes;
+}
+/** Khởi tạo OAuth session — trả URL để mở browser. */
+export declare function startClaudeAuth(): ClaudeAuthSession;
+/**
+ * Đổi authorization code lấy access + refresh token.
+ */
+export declare function exchangeCodeForTokens(authCode: string, pkce: PKCECodes, state: string, account?: string): Promise<OAuthTokenStorage>;
+/** Refresh access token bằng refresh_token (không cần PKCE). */
+export declare function refreshClaudeToken(current: OAuthTokenStorage): Promise<OAuthTokenStorage>;

package/dist/llm/oauth/claude-oauth.js

@@ -0,0 +1,115 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CLAUDE_SCOPE = exports.CLAUDE_REDIRECT_URI = exports.CLAUDE_CLIENT_ID = exports.CLAUDE_TOKEN_URL = exports.CLAUDE_AUTH_URL = void 0;
+exports.startClaudeAuth = startClaudeAuth;
+exports.exchangeCodeForTokens = exchangeCodeForTokens;
+exports.refreshClaudeToken = refreshClaudeToken;
+const undici_1 = require("undici");
+const pkce_1 = require("./pkce");
+/**
+ * Claude OAuth flow — port từ CLIProxyAPI `internal/auth/claude/anthropic_auth.go`.
+ *
+ * Constants giống y nguyên Claude Code CLI để Anthropic nhận diện là Claude Code:
+ *   - ClientID: 9d1c250a-e61b-44d9-88ed-5944d1962f5e
+ *   - Scope:    user:profile user:inference user:sessions:claude_code
+ *               user:mcp_servers user:file_upload
+ *   - Redirect: http://localhost:54545/callback
+ */
+exports.CLAUDE_AUTH_URL = 'https://claude.ai/oauth/authorize';
+exports.CLAUDE_TOKEN_URL = 'https://api.anthropic.com/v1/oauth/token';
+exports.CLAUDE_CLIENT_ID = '9d1c250a-e61b-44d9-88ed-5944d1962f5e';
+exports.CLAUDE_REDIRECT_URI = 'http://localhost:54545/callback';
+exports.CLAUDE_SCOPE = 'user:profile user:inference user:sessions:claude_code user:mcp_servers user:file_upload';
+/** Khởi tạo OAuth session — trả URL để mở browser. */
+function startClaudeAuth() {
+    const pkce = (0, pkce_1.generatePKCECodes)();
+    const state = (0, pkce_1.generateRandomState)();
+    const params = new URLSearchParams({
+        code: 'true',
+        client_id: exports.CLAUDE_CLIENT_ID,
+        response_type: 'code',
+        redirect_uri: exports.CLAUDE_REDIRECT_URI,
+        scope: exports.CLAUDE_SCOPE,
+        code_challenge: pkce.codeChallenge,
+        code_challenge_method: 'S256',
+        state,
+    });
+    return {
+        authUrl: `${exports.CLAUDE_AUTH_URL}?${params.toString()}`,
+        state,
+        pkce,
+    };
+}
+/**
+ * Anthropic callback có format đặc biệt: code có thể chứa `#<state>` fragment.
+ * Pattern này copy từ `parseCodeAndState()` trong upstream.
+ */
+function parseCodeAndState(code) {
+    const parts = code.split('#');
+    return { code: parts[0], stateInline: parts[1] };
+}
+/**
+ * Đổi authorization code lấy access + refresh token.
+ */
+async function exchangeCodeForTokens(authCode, pkce, state, account = 'default') {
+    const { code, stateInline } = parseCodeAndState(authCode);
+    const reqBody = {
+        code,
+        state: stateInline || state,
+        grant_type: 'authorization_code',
+        client_id: exports.CLAUDE_CLIENT_ID,
+        redirect_uri: exports.CLAUDE_REDIRECT_URI,
+        code_verifier: pkce.codeVerifier,
+    };
+    const res = await (0, undici_1.request)(exports.CLAUDE_TOKEN_URL, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+        body: JSON.stringify(reqBody),
+        bodyTimeout: 30000,
+        headersTimeout: 15000,
+    });
+    const bodyText = await res.body.text();
+    if (res.statusCode !== 200) {
+        throw new Error(`Token exchange failed (HTTP ${res.statusCode}): ${bodyText}`);
+    }
+    const parsed = JSON.parse(bodyText);
+    const now = Date.now();
+    return {
+        type: 'claude',
+        account,
+        accessToken: parsed.access_token,
+        refreshToken: parsed.refresh_token,
+        email: parsed.account?.email_address,
+        expiresAt: now + parsed.expires_in * 1000,
+        lastRefresh: now,
+    };
+}
+/** Refresh access token bằng refresh_token (không cần PKCE). */
+async function refreshClaudeToken(current) {
+    const res = await (0, undici_1.request)(exports.CLAUDE_TOKEN_URL, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Accept: 'application/json' },
+        body: JSON.stringify({
+            client_id: exports.CLAUDE_CLIENT_ID,
+            grant_type: 'refresh_token',
+            refresh_token: current.refreshToken,
+        }),
+        bodyTimeout: 30000,
+        headersTimeout: 15000,
+    });
+    const bodyText = await res.body.text();
+    if (res.statusCode !== 200) {
+        throw new Error(`Claude refresh failed (HTTP ${res.statusCode}): ${bodyText}`);
+    }
+    const parsed = JSON.parse(bodyText);
+    const now = Date.now();
+    return {
+        ...current,
+        accessToken: parsed.access_token,
+        refreshToken: parsed.refresh_token ?? current.refreshToken,
+        expiresAt: now + parsed.expires_in * 1000,
+        lastRefresh: now,
+        email: parsed.account?.email_address ?? current.email,
+    };
+}
+//# sourceMappingURL=claude-oauth.js.map

package/dist/llm/oauth/claude-oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"claude-oauth.js","sourceRoot":"","sources":["../../../src/llm/oauth/claude-oauth.ts"],"names":[],"mappings":";;;AAuCA,0CAkBC;AAcD,sDAwCC;AAGD,gDA8BC;AAhJD,mCAAiC;AACjC,iCAA2E;AAG3E;;;;;;;;GAQG;AAEU,QAAA,eAAe,GAAG,mCAAmC,CAAC;AACtD,QAAA,gBAAgB,GAAG,0CAA0C,CAAC;AAC9D,QAAA,gBAAgB,GAAG,sCAAsC,CAAC;AAC1D,QAAA,mBAAmB,GAAG,iCAAiC,CAAC;AACxD,QAAA,YAAY,GACvB,yFAAyF,CAAC;AAmB5F,sDAAsD;AACtD,SAAgB,eAAe;IAC7B,MAAM,IAAI,GAAG,IAAA,wBAAiB,GAAE,CAAC;IACjC,MAAM,KAAK,GAAG,IAAA,0BAAmB,GAAE,CAAC;IACpC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,IAAI,EAAE,MAAM;QACZ,SAAS,EAAE,wBAAgB;QAC3B,aAAa,EAAE,MAAM;QACrB,YAAY,EAAE,2BAAmB;QACjC,KAAK,EAAE,oBAAY;QACnB,cAAc,EAAE,IAAI,CAAC,aAAa;QAClC,qBAAqB,EAAE,MAAM;QAC7B,KAAK;KACN,CAAC,CAAC;IACH,OAAO;QACL,OAAO,EAAE,GAAG,uBAAe,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE;QAClD,KAAK;QACL,IAAI;KACL,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,iBAAiB,CAAC,IAAY;IACrC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC9B,OAAO,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC;AACnD,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,qBAAqB,CACzC,QAAgB,EAChB,IAAe,EACf,KAAa,EACb,OAAO,GAAG,SAAS;IAEnB,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IAC1D,MAAM,OAAO,GAAG;QACd,IAAI;QACJ,KAAK,EAAE,WAAW,IAAI,KAAK;QAC3B,UAAU,EAAE,oBAAoB;QAChC,SAAS,EAAE,wBAAgB;QAC3B,YAAY,EAAE,2BAAmB;QACjC,aAAa,EAAE,IAAI,CAAC,YAAY;KACjC,CAAC;IAEF,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,wBAAgB,EAAE;QAC1C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,EAAE,kBAAkB,EAAE;QAC3E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;QAC7B,WAAW,EAAE,KAAM;QACnB,cAAc,EAAE,KAAM;KACvB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,CAAC,UAAU,MAAM,QAAQ,EAAE,CAAC,CAAC;IACjF,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAwB,CAAC;IAC3D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,OAAO;QACP,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa;QAClC,KAAK,EAAE,MAAM,CAAC,OAAO,EAAE,aAAa;QACpC,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;QACzC,WAAW,EAAE,GAAG;KACjB,CAAC;AACJ,CAAC;AAED,gEAAgE;AACzD,KAAK,UAAU,kBAAkB,CACtC,OAA0B;IAE1B,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,wBAAgB,EAAE;QAC1C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,EAAE,kBAAkB,EAAE;QAC3E,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,SAAS,EAAE,wBAAgB;YAC3B,UAAU,EAAE,eAAe;YAC3B,aAAa,EAAE,OAAO,CAAC,YAAY;SACpC,CAAC;QACF,WAAW,EAAE,KAAM;QACnB,cAAc,EAAE,KAAM;KACvB,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,CAAC,UAAU,MAAM,QAAQ,EAAE,CAAC,CAAC;IACjF,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAwB,CAAC;IAC3D,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO;QACL,GAAG,OAAO;QACV,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa,IAAI,OAAO,CAAC,YAAY;QAC1D,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;QACzC,WAAW,EAAE,GAAG;QAChB,KAAK,EAAE,MAAM,CAAC,OAAO,EAAE,aAAa,IAAI,OAAO,CAAC,KAAK;KACtD,CAAC;AACJ,CAAC"}

package/dist/llm/oauth/codex-oauth.d.ts

@@ -0,0 +1,21 @@
+import { PKCECodes } from './pkce';
+import { OAuthTokenStorage } from './store';
+/**
+ * Codex (Sign in with ChatGPT) OAuth flow — port từ CLIProxyAPI
+ * `internal/auth/codex/openai_auth.go`.
+ *
+ * Constants giống Codex CLI để OpenAI nhận diện là Codex CLI.
+ */
+export declare const CODEX_AUTH_URL = "https://auth.openai.com/oauth/authorize";
+export declare const CODEX_TOKEN_URL = "https://auth.openai.com/oauth/token";
+export declare const CODEX_CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
+export declare const CODEX_REDIRECT_URI = "http://localhost:1455/auth/callback";
+export declare const CODEX_SCOPE = "openid email profile offline_access";
+export interface CodexAuthSession {
+    authUrl: string;
+    state: string;
+    pkce: PKCECodes;
+}
+export declare function startCodexAuth(): CodexAuthSession;
+export declare function exchangeCodexCodeForTokens(code: string, pkce: PKCECodes, account?: string): Promise<OAuthTokenStorage>;
+export declare function refreshCodexToken(current: OAuthTokenStorage): Promise<OAuthTokenStorage>;

package/dist/llm/oauth/codex-oauth.js

@@ -0,0 +1,137 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CODEX_SCOPE = exports.CODEX_REDIRECT_URI = exports.CODEX_CLIENT_ID = exports.CODEX_TOKEN_URL = exports.CODEX_AUTH_URL = void 0;
+exports.startCodexAuth = startCodexAuth;
+exports.exchangeCodexCodeForTokens = exchangeCodexCodeForTokens;
+exports.refreshCodexToken = refreshCodexToken;
+const undici_1 = require("undici");
+const pkce_1 = require("./pkce");
+/**
+ * Codex (Sign in with ChatGPT) OAuth flow — port từ CLIProxyAPI
+ * `internal/auth/codex/openai_auth.go`.
+ *
+ * Constants giống Codex CLI để OpenAI nhận diện là Codex CLI.
+ */
+exports.CODEX_AUTH_URL = 'https://auth.openai.com/oauth/authorize';
+exports.CODEX_TOKEN_URL = 'https://auth.openai.com/oauth/token';
+exports.CODEX_CLIENT_ID = 'app_EMoamEEZ73f0CkXaXp7hrann';
+exports.CODEX_REDIRECT_URI = 'http://localhost:1455/auth/callback';
+exports.CODEX_SCOPE = 'openid email profile offline_access';
+function startCodexAuth() {
+    const pkce = (0, pkce_1.generatePKCECodes)();
+    const state = (0, pkce_1.generateRandomState)();
+    const params = new URLSearchParams({
+        client_id: exports.CODEX_CLIENT_ID,
+        response_type: 'code',
+        redirect_uri: exports.CODEX_REDIRECT_URI,
+        scope: exports.CODEX_SCOPE,
+        state,
+        code_challenge: pkce.codeChallenge,
+        code_challenge_method: 'S256',
+        prompt: 'login',
+        id_token_add_organizations: 'true',
+        codex_cli_simplified_flow: 'true',
+    });
+    return {
+        authUrl: `${exports.CODEX_AUTH_URL}?${params.toString()}`,
+        state,
+        pkce,
+    };
+}
+/**
+ * Decode JWT payload (id_token) — không verify signature, chỉ extract claims
+ * như account_id và email để lưu metadata.
+ */
+function decodeJwtPayload(jwt) {
+    try {
+        const parts = jwt.split('.');
+        if (parts.length < 2)
+            return null;
+        const padded = parts[1].replace(/-/g, '+').replace(/_/g, '/');
+        const json = Buffer.from(padded, 'base64').toString('utf8');
+        return JSON.parse(json);
+    }
+    catch {
+        return null;
+    }
+}
+async function exchangeCodexCodeForTokens(code, pkce, account = 'default') {
+    // Codex dùng x-www-form-urlencoded (khác Claude dùng JSON)
+    const data = new URLSearchParams({
+        grant_type: 'authorization_code',
+        client_id: exports.CODEX_CLIENT_ID,
+        code,
+        redirect_uri: exports.CODEX_REDIRECT_URI,
+        code_verifier: pkce.codeVerifier,
+    });
+    const res = await (0, undici_1.request)(exports.CODEX_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            Accept: 'application/json',
+        },
+        body: data.toString(),
+        headersTimeout: 15000,
+        bodyTimeout: 30000,
+    });
+    const text = await res.body.text();
+    if (res.statusCode !== 200) {
+        throw new Error(`Codex token exchange failed (HTTP ${res.statusCode}): ${text}`);
+    }
+    const parsed = JSON.parse(text);
+    const claims = decodeJwtPayload(parsed.id_token);
+    // ChatGPT account ID nằm trong claims.https://api.openai.com/auth.chatgpt_account_id
+    // hoặc claims.https://api.openai.com/auth.user_id (tuỳ flow)
+    const authClaims = claims?.['https://api.openai.com/auth'] ?? {};
+    const accountId = typeof authClaims.chatgpt_account_id === 'string'
+        ? authClaims.chatgpt_account_id
+        : typeof authClaims.user_id === 'string'
+            ? authClaims.user_id
+            : undefined;
+    const email = typeof claims?.email === 'string' ? claims.email : undefined;
+    const now = Date.now();
+    return {
+        type: 'codex',
+        account,
+        accessToken: parsed.access_token,
+        refreshToken: parsed.refresh_token,
+        idToken: parsed.id_token,
+        email,
+        expiresAt: now + parsed.expires_in * 1000,
+        lastRefresh: now,
+        metadata: accountId ? { accountId } : undefined,
+    };
+}
+async function refreshCodexToken(current) {
+    const data = new URLSearchParams({
+        client_id: exports.CODEX_CLIENT_ID,
+        grant_type: 'refresh_token',
+        refresh_token: current.refreshToken,
+        scope: 'openid profile email',
+    });
+    const res = await (0, undici_1.request)(exports.CODEX_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            Accept: 'application/json',
+        },
+        body: data.toString(),
+        headersTimeout: 15000,
+        bodyTimeout: 30000,
+    });
+    const text = await res.body.text();
+    if (res.statusCode !== 200) {
+        throw new Error(`Codex refresh failed (HTTP ${res.statusCode}): ${text}`);
+    }
+    const parsed = JSON.parse(text);
+    const now = Date.now();
+    return {
+        ...current,
+        accessToken: parsed.access_token,
+        refreshToken: parsed.refresh_token ?? current.refreshToken,
+        idToken: parsed.id_token ?? current.idToken,
+        expiresAt: now + parsed.expires_in * 1000,
+        lastRefresh: now,
+    };
+}
+//# sourceMappingURL=codex-oauth.js.map

package/dist/llm/oauth/codex-oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"codex-oauth.js","sourceRoot":"","sources":["../../../src/llm/oauth/codex-oauth.ts"],"names":[],"mappings":";;;AA8BA,wCAoBC;AAkBD,gEAwDC;AAED,8CAoCC;AAlKD,mCAAiC;AACjC,iCAA2E;AAG3E;;;;;GAKG;AACU,QAAA,cAAc,GAAG,yCAAyC,CAAC;AAC3D,QAAA,eAAe,GAAG,qCAAqC,CAAC;AACxD,QAAA,eAAe,GAAG,8BAA8B,CAAC;AACjD,QAAA,kBAAkB,GAAG,qCAAqC,CAAC;AAC3D,QAAA,WAAW,GAAG,qCAAqC,CAAC;AAgBjE,SAAgB,cAAc;IAC5B,MAAM,IAAI,GAAG,IAAA,wBAAiB,GAAE,CAAC;IACjC,MAAM,KAAK,GAAG,IAAA,0BAAmB,GAAE,CAAC;IACpC,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,SAAS,EAAE,uBAAe;QAC1B,aAAa,EAAE,MAAM;QACrB,YAAY,EAAE,0BAAkB;QAChC,KAAK,EAAE,mBAAW;QAClB,KAAK;QACL,cAAc,EAAE,IAAI,CAAC,aAAa;QAClC,qBAAqB,EAAE,MAAM;QAC7B,MAAM,EAAE,OAAO;QACf,0BAA0B,EAAE,MAAM;QAClC,yBAAyB,EAAE,MAAM;KAClC,CAAC,CAAC;IACH,OAAO;QACL,OAAO,EAAE,GAAG,sBAAc,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE;QACjD,KAAK;QACL,IAAI;KACL,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB,CAAC,GAAW;IACnC,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC7B,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;YAAE,OAAO,IAAI,CAAC;QAClC,MAAM,MAAM,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QAC9D,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QAC5D,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;IACrD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAEM,KAAK,UAAU,0BAA0B,CAC9C,IAAY,EACZ,IAAe,EACf,OAAO,GAAG,SAAS;IAEnB,2DAA2D;IAC3D,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,oBAAoB;QAChC,SAAS,EAAE,uBAAe;QAC1B,IAAI;QACJ,YAAY,EAAE,0BAAkB;QAChC,aAAa,EAAE,IAAI,CAAC,YAAY;KACjC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,uBAAe,EAAE;QACzC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;QACrB,cAAc,EAAE,KAAM;QACtB,WAAW,EAAE,KAAM;KACpB,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,qCAAqC,GAAG,CAAC,UAAU,MAAM,IAAI,EAAE,CAAC,CAAC;IACnF,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAuB,CAAC;IACtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACjD,qFAAqF;IACrF,6DAA6D;IAC7D,MAAM,UAAU,GACb,MAAM,EAAE,CAAC,6BAA6B,CAAyC,IAAI,EAAE,CAAC;IACzF,MAAM,SAAS,GACb,OAAO,UAAU,CAAC,kBAAkB,KAAK,QAAQ;QAC/C,CAAC,CAAC,UAAU,CAAC,kBAAkB;QAC/B,CAAC,CAAC,OAAO,UAAU,CAAC,OAAO,KAAK,QAAQ;YACtC,CAAC,CAAC,UAAU,CAAC,OAAO;YACpB,CAAC,CAAC,SAAS,CAAC;IAClB,MAAM,KAAK,GAAG,OAAO,MAAM,EAAE,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;IAE3E,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO;QACL,IAAI,EAAE,OAAO;QACb,OAAO;QACP,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa;QAClC,OAAO,EAAE,MAAM,CAAC,QAAQ;QACxB,KAAK;QACL,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;QACzC,WAAW,EAAE,GAAG;QAChB,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,SAAS;KAChD,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,OAA0B;IAE1B,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,SAAS,EAAE,uBAAe;QAC1B,UAAU,EAAE,eAAe;QAC3B,aAAa,EAAE,OAAO,CAAC,YAAY;QACnC,KAAK,EAAE,sBAAsB;KAC9B,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,uBAAe,EAAE;QACzC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;QACrB,cAAc,EAAE,KAAM;QACtB,WAAW,EAAE,KAAM;KACpB,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,8BAA8B,GAAG,CAAC,UAAU,MAAM,IAAI,EAAE,CAAC,CAAC;IAC5E,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAuB,CAAC;IACtD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO;QACL,GAAG,OAAO;QACV,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa,IAAI,OAAO,CAAC,YAAY;QAC1D,OAAO,EAAE,MAAM,CAAC,QAAQ,IAAI,OAAO,CAAC,OAAO;QAC3C,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;QACzC,WAAW,EAAE,GAAG;KACjB,CAAC;AACJ,CAAC"}

package/dist/llm/oauth/gemini-oauth.d.ts

@@ -0,0 +1,26 @@
+import { OAuthTokenStorage } from './store';
+/**
+ * Gemini (Code Assist) OAuth flow — port từ CLIProxyAPI
+ * `internal/auth/gemini/gemini_auth.go`.
+ *
+ * Khác Claude/Codex: dùng Google OAuth 2.0 chuẩn với client_id + client_secret
+ * (PUBLIC client của Gemini CLI), KHÔNG dùng PKCE.
+ *
+ * Hai constants này là PUBLIC client của Gemini CLI — đã được Google công bố
+ * (xem gemini-cli source code) và CLIProxyAPI hardcode tương tự.
+ */
+export declare const GEMINI_AUTH_URL = "https://accounts.google.com/o/oauth2/auth";
+export declare const GEMINI_TOKEN_URL = "https://oauth2.googleapis.com/token";
+export declare const GEMINI_USERINFO_URL = "https://www.googleapis.com/oauth2/v1/userinfo?alt=json";
+export declare const GEMINI_CLIENT_ID = "681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com";
+export declare const GEMINI_CLIENT_SECRET = "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";
+export declare const GEMINI_DEFAULT_CALLBACK_PORT = 8085;
+export declare const GEMINI_SCOPES: string[];
+export interface GeminiAuthSession {
+    authUrl: string;
+    state: string;
+    redirectUri: string;
+}
+export declare function startGeminiAuth(callbackPort?: number): GeminiAuthSession;
+export declare function exchangeGeminiCodeForTokens(code: string, redirectUri: string, account?: string): Promise<OAuthTokenStorage>;
+export declare function refreshGeminiToken(current: OAuthTokenStorage): Promise<OAuthTokenStorage>;

package/dist/llm/oauth/gemini-oauth.js

@@ -0,0 +1,132 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GEMINI_SCOPES = exports.GEMINI_DEFAULT_CALLBACK_PORT = exports.GEMINI_CLIENT_SECRET = exports.GEMINI_CLIENT_ID = exports.GEMINI_USERINFO_URL = exports.GEMINI_TOKEN_URL = exports.GEMINI_AUTH_URL = void 0;
+exports.startGeminiAuth = startGeminiAuth;
+exports.exchangeGeminiCodeForTokens = exchangeGeminiCodeForTokens;
+exports.refreshGeminiToken = refreshGeminiToken;
+const undici_1 = require("undici");
+const pkce_1 = require("./pkce");
+/**
+ * Gemini (Code Assist) OAuth flow — port từ CLIProxyAPI
+ * `internal/auth/gemini/gemini_auth.go`.
+ *
+ * Khác Claude/Codex: dùng Google OAuth 2.0 chuẩn với client_id + client_secret
+ * (PUBLIC client của Gemini CLI), KHÔNG dùng PKCE.
+ *
+ * Hai constants này là PUBLIC client của Gemini CLI — đã được Google công bố
+ * (xem gemini-cli source code) và CLIProxyAPI hardcode tương tự.
+ */
+exports.GEMINI_AUTH_URL = 'https://accounts.google.com/o/oauth2/auth';
+exports.GEMINI_TOKEN_URL = 'https://oauth2.googleapis.com/token';
+exports.GEMINI_USERINFO_URL = 'https://www.googleapis.com/oauth2/v1/userinfo?alt=json';
+exports.GEMINI_CLIENT_ID = '681255809395-oo8ft2oprdrnp9e3aqf6av3hmdib135j.apps.googleusercontent.com';
+exports.GEMINI_CLIENT_SECRET = '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';
+exports.GEMINI_DEFAULT_CALLBACK_PORT = 8085;
+exports.GEMINI_SCOPES = [
+    'https://www.googleapis.com/auth/cloud-platform',
+    'https://www.googleapis.com/auth/userinfo.email',
+    'https://www.googleapis.com/auth/userinfo.profile',
+];
+function startGeminiAuth(callbackPort = exports.GEMINI_DEFAULT_CALLBACK_PORT) {
+    const state = (0, pkce_1.generateRandomState)();
+    const redirectUri = `http://localhost:${callbackPort}/oauth2callback`;
+    const params = new URLSearchParams({
+        client_id: exports.GEMINI_CLIENT_ID,
+        redirect_uri: redirectUri,
+        response_type: 'code',
+        scope: exports.GEMINI_SCOPES.join(' '),
+        state,
+        access_type: 'offline',
+        prompt: 'consent',
+    });
+    return {
+        authUrl: `${exports.GEMINI_AUTH_URL}?${params.toString()}`,
+        state,
+        redirectUri,
+    };
+}
+async function exchangeGeminiCodeForTokens(code, redirectUri, account = 'default') {
+    const data = new URLSearchParams({
+        code,
+        client_id: exports.GEMINI_CLIENT_ID,
+        client_secret: exports.GEMINI_CLIENT_SECRET,
+        redirect_uri: redirectUri,
+        grant_type: 'authorization_code',
+    });
+    const res = await (0, undici_1.request)(exports.GEMINI_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            Accept: 'application/json',
+        },
+        body: data.toString(),
+        headersTimeout: 15000,
+        bodyTimeout: 30000,
+    });
+    const text = await res.body.text();
+    if (res.statusCode !== 200) {
+        throw new Error(`Gemini token exchange failed (HTTP ${res.statusCode}): ${text}`);
+    }
+    const parsed = JSON.parse(text);
+    // Fetch userinfo để lưu email
+    const email = await fetchGeminiUserInfo(parsed.access_token).catch(() => undefined);
+    const now = Date.now();
+    return {
+        type: 'gemini',
+        account,
+        accessToken: parsed.access_token,
+        refreshToken: parsed.refresh_token ?? '',
+        idToken: parsed.id_token,
+        email,
+        expiresAt: now + parsed.expires_in * 1000,
+        lastRefresh: now,
+    };
+}
+async function fetchGeminiUserInfo(accessToken) {
+    const res = await (0, undici_1.request)(exports.GEMINI_USERINFO_URL, {
+        method: 'GET',
+        headers: { Authorization: `Bearer ${accessToken}` },
+        headersTimeout: 10000,
+        bodyTimeout: 10000,
+    });
+    if (res.statusCode !== 200)
+        return undefined;
+    const info = JSON.parse(await res.body.text());
+    return info.email;
+}
+async function refreshGeminiToken(current) {
+    if (!current.refreshToken) {
+        throw new Error('Gemini refresh token missing — please re-login');
+    }
+    const data = new URLSearchParams({
+        client_id: exports.GEMINI_CLIENT_ID,
+        client_secret: exports.GEMINI_CLIENT_SECRET,
+        grant_type: 'refresh_token',
+        refresh_token: current.refreshToken,
+    });
+    const res = await (0, undici_1.request)(exports.GEMINI_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            Accept: 'application/json',
+        },
+        body: data.toString(),
+        headersTimeout: 15000,
+        bodyTimeout: 30000,
+    });
+    const text = await res.body.text();
+    if (res.statusCode !== 200) {
+        throw new Error(`Gemini refresh failed (HTTP ${res.statusCode}): ${text}`);
+    }
+    const parsed = JSON.parse(text);
+    const now = Date.now();
+    return {
+        ...current,
+        accessToken: parsed.access_token,
+        refreshToken: parsed.refresh_token ?? current.refreshToken,
+        idToken: parsed.id_token ?? current.idToken,
+        expiresAt: now + parsed.expires_in * 1000,
+        lastRefresh: now,
+    };
+}
+//# sourceMappingURL=gemini-oauth.js.map

package/dist/llm/oauth/gemini-oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"gemini-oauth.js","sourceRoot":"","sources":["../../../src/llm/oauth/gemini-oauth.ts"],"names":[],"mappings":";;;AAmDA,0CAiBC;AAED,kEA4CC;AAcD,gDAsCC;AAtKD,mCAAiC;AACjC,iCAA6C;AAG7C;;;;;;;;;GASG;AACU,QAAA,eAAe,GAAG,2CAA2C,CAAC;AAC9D,QAAA,gBAAgB,GAAG,qCAAqC,CAAC;AACzD,QAAA,mBAAmB,GAC9B,wDAAwD,CAAC;AAE9C,QAAA,gBAAgB,GAC3B,0EAA0E,CAAC;AAChE,QAAA,oBAAoB,GAAG,qCAAqC,CAAC;AAC7D,QAAA,4BAA4B,GAAG,IAAI,CAAC;AACpC,QAAA,aAAa,GAAG;IAC3B,gDAAgD;IAChD,gDAAgD;IAChD,kDAAkD;CACnD,CAAC;AAwBF,SAAgB,eAAe,CAAC,eAAuB,oCAA4B;IACjF,MAAM,KAAK,GAAG,IAAA,0BAAmB,GAAE,CAAC;IACpC,MAAM,WAAW,GAAG,oBAAoB,YAAY,iBAAiB,CAAC;IACtE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,SAAS,EAAE,wBAAgB;QAC3B,YAAY,EAAE,WAAW;QACzB,aAAa,EAAE,MAAM;QACrB,KAAK,EAAE,qBAAa,CAAC,IAAI,CAAC,GAAG,CAAC;QAC9B,KAAK;QACL,WAAW,EAAE,SAAS;QACtB,MAAM,EAAE,SAAS;KAClB,CAAC,CAAC;IACH,OAAO;QACL,OAAO,EAAE,GAAG,uBAAe,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE;QAClD,KAAK;QACL,WAAW;KACZ,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,2BAA2B,CAC/C,IAAY,EACZ,WAAmB,EACnB,OAAO,GAAG,SAAS;IAEnB,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,IAAI;QACJ,SAAS,EAAE,wBAAgB;QAC3B,aAAa,EAAE,4BAAoB;QACnC,YAAY,EAAE,WAAW;QACzB,UAAU,EAAE,oBAAoB;KACjC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,wBAAgB,EAAE;QAC1C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;QACrB,cAAc,EAAE,KAAM;QACtB,WAAW,EAAE,KAAM;KACpB,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,sCAAsC,GAAG,CAAC,UAAU,MAAM,IAAI,EAAE,CAAC,CAAC;IACpF,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAwB,CAAC;IAEvD,8BAA8B;IAC9B,MAAM,KAAK,GAAG,MAAM,mBAAmB,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,CAAC;IAEpF,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO;QACL,IAAI,EAAE,QAAQ;QACd,OAAO;QACP,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa,IAAI,EAAE;QACxC,OAAO,EAAE,MAAM,CAAC,QAAQ;QACxB,KAAK;QACL,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;QACzC,WAAW,EAAE,GAAG;KACjB,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,mBAAmB,CAAC,WAAmB;IACpD,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,2BAAmB,EAAE;QAC7C,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;QACnD,cAAc,EAAE,KAAM;QACtB,WAAW,EAAE,KAAM;KACpB,CAAC,CAAC;IACH,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG;QAAE,OAAO,SAAS,CAAC;IAC7C,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAmB,CAAC;IACjE,OAAO,IAAI,CAAC,KAAK,CAAC;AACpB,CAAC;AAEM,KAAK,UAAU,kBAAkB,CACtC,OAA0B;IAE1B,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,CAAC;QAC1B,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;IACpE,CAAC;IACD,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,SAAS,EAAE,wBAAgB;QAC3B,aAAa,EAAE,4BAAoB;QACnC,UAAU,EAAE,eAAe;QAC3B,aAAa,EAAE,OAAO,CAAC,YAAY;KACpC,CAAC,CAAC;IAEH,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,wBAAgB,EAAE;QAC1C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;QACrB,cAAc,EAAE,KAAM;QACtB,WAAW,EAAE,KAAM;KACpB,CAAC,CAAC;IAEH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,+BAA+B,GAAG,CAAC,UAAU,MAAM,IAAI,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAwB,CAAC;IACvD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO;QACL,GAAG,OAAO;QACV,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa,IAAI,OAAO,CAAC,YAAY;QAC1D,OAAO,EAAE,MAAM,CAAC,QAAQ,IAAI,OAAO,CAAC,OAAO;QAC3C,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;QACzC,WAAW,EAAE,GAAG;KACjB,CAAC;AACJ,CAAC"}

package/dist/llm/oauth/iflow-oauth.d.ts

@@ -0,0 +1,26 @@
+import { PKCECodes } from './pkce';
+import { OAuthTokenStorage } from './store';
+/**
+ * iFlow OAuth — port từ `internal/auth/iflow/iflow_auth.go`.
+ * Có 2 path: OAuth PKCE thường + Cookie (BXAuth) flow.
+ */
+export declare const IFLOW_AUTH_URL = "https://iflow.cn/oauth";
+export declare const IFLOW_TOKEN_URL = "https://iflow.cn/oauth/token";
+export declare const IFLOW_API_KEY_URL = "https://platform.iflow.cn/api/openapi/apikey";
+export declare const IFLOW_CLIENT_ID = "10009311001";
+export declare const IFLOW_DEFAULT_CALLBACK_PORT = 11451;
+export declare const IFLOW_DEFAULT_API_BASE = "https://apis.iflow.cn/v1";
+export interface IFlowAuthSession {
+    authUrl: string;
+    state: string;
+    pkce: PKCECodes;
+    redirectUri: string;
+}
+export declare function startIFlowAuth(callbackPort?: number): IFlowAuthSession;
+export declare function exchangeIFlowCodeForTokens(code: string, pkce: PKCECodes, redirectUri: string, account?: string): Promise<OAuthTokenStorage>;
+export declare function refreshIFlowToken(current: OAuthTokenStorage): Promise<OAuthTokenStorage>;
+/**
+ * Cookie flow: user paste cookie BXAuth từ iflow.cn (đã đăng nhập browser).
+ * Gọi platform.iflow.cn/api/openapi/apikey để đổi cookie lấy API key.
+ */
+export declare function exchangeIFlowCookieForApiKey(cookie: string, account?: string): Promise<OAuthTokenStorage>;