@redonvn/cli 0.1.0

package/dist/llm/oauth/iflow-oauth.js

@@ -0,0 +1,151 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IFLOW_DEFAULT_API_BASE = exports.IFLOW_DEFAULT_CALLBACK_PORT = exports.IFLOW_CLIENT_ID = exports.IFLOW_API_KEY_URL = exports.IFLOW_TOKEN_URL = exports.IFLOW_AUTH_URL = void 0;
+exports.startIFlowAuth = startIFlowAuth;
+exports.exchangeIFlowCodeForTokens = exchangeIFlowCodeForTokens;
+exports.refreshIFlowToken = refreshIFlowToken;
+exports.exchangeIFlowCookieForApiKey = exchangeIFlowCookieForApiKey;
+const undici_1 = require("undici");
+const pkce_1 = require("./pkce");
+/**
+ * iFlow OAuth — port từ `internal/auth/iflow/iflow_auth.go`.
+ * Có 2 path: OAuth PKCE thường + Cookie (BXAuth) flow.
+ */
+exports.IFLOW_AUTH_URL = 'https://iflow.cn/oauth';
+exports.IFLOW_TOKEN_URL = 'https://iflow.cn/oauth/token';
+exports.IFLOW_API_KEY_URL = 'https://platform.iflow.cn/api/openapi/apikey';
+exports.IFLOW_CLIENT_ID = '10009311001';
+exports.IFLOW_DEFAULT_CALLBACK_PORT = 11451;
+exports.IFLOW_DEFAULT_API_BASE = 'https://apis.iflow.cn/v1';
+function startIFlowAuth(callbackPort = exports.IFLOW_DEFAULT_CALLBACK_PORT) {
+    const pkce = (0, pkce_1.generatePKCECodes)();
+    const state = (0, pkce_1.generateRandomState)();
+    const redirectUri = `http://localhost:${callbackPort}/callback`;
+    const params = new URLSearchParams({
+        client_id: exports.IFLOW_CLIENT_ID,
+        redirect_uri: redirectUri,
+        response_type: 'code',
+        state,
+        code_challenge: pkce.codeChallenge,
+        code_challenge_method: 'S256',
+        scope: 'openid profile email',
+    });
+    return {
+        authUrl: `${exports.IFLOW_AUTH_URL}?${params.toString()}`,
+        state,
+        pkce,
+        redirectUri,
+    };
+}
+async function exchangeIFlowCodeForTokens(code, pkce, redirectUri, account = 'default') {
+    const data = new URLSearchParams({
+        grant_type: 'authorization_code',
+        client_id: exports.IFLOW_CLIENT_ID,
+        code,
+        redirect_uri: redirectUri,
+        code_verifier: pkce.codeVerifier,
+    });
+    const res = await (0, undici_1.request)(exports.IFLOW_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            Accept: 'application/json',
+        },
+        body: data.toString(),
+        headersTimeout: 15000,
+        bodyTimeout: 30000,
+    });
+    const text = await res.body.text();
+    if (res.statusCode !== 200) {
+        throw new Error(`iFlow token exchange failed (${res.statusCode}): ${text}`);
+    }
+    const parsed = JSON.parse(text);
+    const now = Date.now();
+    return {
+        type: 'iflow',
+        account,
+        accessToken: parsed.access_token,
+        refreshToken: parsed.refresh_token ?? '',
+        expiresAt: now + parsed.expires_in * 1000,
+        lastRefresh: now,
+    };
+}
+async function refreshIFlowToken(current) {
+    if (!current.refreshToken)
+        throw new Error('iFlow refresh token missing');
+    const data = new URLSearchParams({
+        grant_type: 'refresh_token',
+        client_id: exports.IFLOW_CLIENT_ID,
+        refresh_token: current.refreshToken,
+    });
+    const res = await (0, undici_1.request)(exports.IFLOW_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            Accept: 'application/json',
+        },
+        body: data.toString(),
+        headersTimeout: 15000,
+        bodyTimeout: 30000,
+    });
+    const text = await res.body.text();
+    if (res.statusCode !== 200) {
+        throw new Error(`iFlow refresh failed (${res.statusCode}): ${text}`);
+    }
+    const parsed = JSON.parse(text);
+    const now = Date.now();
+    return {
+        ...current,
+        accessToken: parsed.access_token,
+        refreshToken: parsed.refresh_token ?? current.refreshToken,
+        expiresAt: now + parsed.expires_in * 1000,
+        lastRefresh: now,
+    };
+}
+/**
+ * Cookie flow: user paste cookie BXAuth từ iflow.cn (đã đăng nhập browser).
+ * Gọi platform.iflow.cn/api/openapi/apikey để đổi cookie lấy API key.
+ */
+async function exchangeIFlowCookieForApiKey(cookie, account = 'default') {
+    if (!cookie.includes('BXAuth')) {
+        throw new Error('iFlow cookie phải chứa field BXAuth');
+    }
+    const res = await (0, undici_1.request)(exports.IFLOW_API_KEY_URL, {
+        method: 'GET',
+        headers: {
+            Cookie: cookie.trim(),
+            Accept: 'application/json',
+            Origin: 'https://platform.iflow.cn',
+            Referer: 'https://platform.iflow.cn/',
+        },
+        headersTimeout: 15000,
+        bodyTimeout: 30000,
+    });
+    const text = await res.body.text();
+    if (res.statusCode !== 200) {
+        throw new Error(`iFlow cookie exchange failed (${res.statusCode}): ${text}`);
+    }
+    // Response chứa apiKey trong field `data.apiKey` (xem source CLIProxyAPI)
+    let apiKey = '';
+    try {
+        const parsed = JSON.parse(text);
+        apiKey = parsed.data?.apiKey ?? parsed.apiKey ?? '';
+    }
+    catch {
+        // ignore
+    }
+    if (!apiKey) {
+        throw new Error('iFlow cookie response không có apiKey');
+    }
+    const now = Date.now();
+    return {
+        type: 'iflow',
+        account,
+        accessToken: apiKey,
+        refreshToken: '', // cookie flow không có refresh — sẽ phải re-paste khi expire
+        expiresAt: now + 30 * 24 * 3600 * 1000, // giả sử 30 ngày
+        lastRefresh: now,
+        metadata: { authMode: 'cookie' },
+    };
+}
+//# sourceMappingURL=iflow-oauth.js.map

package/dist/llm/oauth/iflow-oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"iflow-oauth.js","sourceRoot":"","sources":["../../../src/llm/oauth/iflow-oauth.ts"],"names":[],"mappings":";;;AA4BA,wCAqBC;AAED,gEAqCC;AAED,8CAgCC;AAMD,oEA2CC;AA3KD,mCAAiC;AACjC,iCAA2E;AAG3E;;;GAGG;AACU,QAAA,cAAc,GAAG,wBAAwB,CAAC;AAC1C,QAAA,eAAe,GAAG,8BAA8B,CAAC;AACjD,QAAA,iBAAiB,GAAG,8CAA8C,CAAC;AACnE,QAAA,eAAe,GAAG,aAAa,CAAC;AAChC,QAAA,2BAA2B,GAAG,KAAK,CAAC;AACpC,QAAA,sBAAsB,GAAG,0BAA0B,CAAC;AAejE,SAAgB,cAAc,CAC5B,YAAY,GAAG,mCAA2B;IAE1C,MAAM,IAAI,GAAG,IAAA,wBAAiB,GAAE,CAAC;IACjC,MAAM,KAAK,GAAG,IAAA,0BAAmB,GAAE,CAAC;IACpC,MAAM,WAAW,GAAG,oBAAoB,YAAY,WAAW,CAAC;IAChE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,SAAS,EAAE,uBAAe;QAC1B,YAAY,EAAE,WAAW;QACzB,aAAa,EAAE,MAAM;QACrB,KAAK;QACL,cAAc,EAAE,IAAI,CAAC,aAAa;QAClC,qBAAqB,EAAE,MAAM;QAC7B,KAAK,EAAE,sBAAsB;KAC9B,CAAC,CAAC;IACH,OAAO;QACL,OAAO,EAAE,GAAG,sBAAc,IAAI,MAAM,CAAC,QAAQ,EAAE,EAAE;QACjD,KAAK;QACL,IAAI;QACJ,WAAW;KACZ,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,0BAA0B,CAC9C,IAAY,EACZ,IAAe,EACf,WAAmB,EACnB,OAAO,GAAG,SAAS;IAEnB,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,oBAAoB;QAChC,SAAS,EAAE,uBAAe;QAC1B,IAAI;QACJ,YAAY,EAAE,WAAW;QACzB,aAAa,EAAE,IAAI,CAAC,YAAY;KACjC,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,uBAAe,EAAE;QACzC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;QACrB,cAAc,EAAE,KAAM;QACtB,WAAW,EAAE,KAAM;KACpB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,gCAAgC,GAAG,CAAC,UAAU,MAAM,IAAI,EAAE,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAc,CAAC;IAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO;QACL,IAAI,EAAE,OAAO;QACb,OAAO;QACP,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa,IAAI,EAAE;QACxC,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;QACzC,WAAW,EAAE,GAAG;KACjB,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,iBAAiB,CACrC,OAA0B;IAE1B,IAAI,CAAC,OAAO,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IAC1E,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,eAAe;QAC3B,SAAS,EAAE,uBAAe;QAC1B,aAAa,EAAE,OAAO,CAAC,YAAY;KACpC,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,uBAAe,EAAE;QACzC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;QACrB,cAAc,EAAE,KAAM;QACtB,WAAW,EAAE,KAAM;KACpB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,UAAU,MAAM,IAAI,EAAE,CAAC,CAAC;IACvE,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAc,CAAC;IAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO;QACL,GAAG,OAAO;QACV,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa,IAAI,OAAO,CAAC,YAAY;QAC1D,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;QACzC,WAAW,EAAE,GAAG;KACjB,CAAC;AACJ,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,4BAA4B,CAChD,MAAc,EACd,OAAO,GAAG,SAAS;IAEnB,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,yBAAiB,EAAE;QAC3C,MAAM,EAAE,KAAK;QACb,OAAO,EAAE;YACP,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE;YACrB,MAAM,EAAE,kBAAkB;YAC1B,MAAM,EAAE,2BAA2B;YACnC,OAAO,EAAE,4BAA4B;SACtC;QACD,cAAc,EAAE,KAAM;QACtB,WAAW,EAAE,KAAM;KACpB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,iCAAiC,GAAG,CAAC,UAAU,MAAM,IAAI,EAAE,CAAC,CAAC;IAC/E,CAAC;IACD,0EAA0E;IAC1E,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAoD,CAAC;QACnF,MAAM,GAAG,MAAM,CAAC,IAAI,EAAE,MAAM,IAAI,MAAM,CAAC,MAAM,IAAI,EAAE,CAAC;IACtD,CAAC;IAAC,MAAM,CAAC;QACP,SAAS;IACX,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO;QACL,IAAI,EAAE,OAAO;QACb,OAAO;QACP,WAAW,EAAE,MAAM;QACnB,YAAY,EAAE,EAAE,EAAE,6DAA6D;QAC/E,SAAS,EAAE,GAAG,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,iBAAiB;QACzD,WAAW,EAAE,GAAG;QAChB,QAAQ,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE;KACjC,CAAC;AACJ,CAAC"}

package/dist/llm/oauth/kimi-oauth.d.ts

@@ -0,0 +1,16 @@
+import { OAuthTokenStorage } from './store';
+export declare const KIMI_DEVICE_CODE_URL = "https://auth.kimi.com/api/oauth/device_authorization";
+export declare const KIMI_TOKEN_URL = "https://auth.kimi.com/api/oauth/token";
+export declare const KIMI_CLIENT_ID = "17e5f671-d194-4dfb-9706-5516cb48c098";
+export declare const KIMI_API_BASE_URL = "https://api.kimi.com/coding";
+export interface KimiDeviceAuth {
+    deviceCode: string;
+    userCode: string;
+    verificationUri: string;
+    verificationUriComplete?: string;
+    expiresIn: number;
+    intervalSec: number;
+}
+export declare function requestKimiDeviceCode(): Promise<KimiDeviceAuth>;
+export declare function pollKimiToken(device: KimiDeviceAuth, account?: string): Promise<OAuthTokenStorage>;
+export declare function refreshKimiToken(current: OAuthTokenStorage): Promise<OAuthTokenStorage>;

package/dist/llm/oauth/kimi-oauth.js

@@ -0,0 +1,126 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.KIMI_API_BASE_URL = exports.KIMI_CLIENT_ID = exports.KIMI_TOKEN_URL = exports.KIMI_DEVICE_CODE_URL = void 0;
+exports.requestKimiDeviceCode = requestKimiDeviceCode;
+exports.pollKimiToken = pollKimiToken;
+exports.refreshKimiToken = refreshKimiToken;
+const undici_1 = require("undici");
+/**
+ * Kimi Device Flow OAuth — port từ `internal/auth/kimi/kimi.go`.
+ * Constants: kimiClientID + kimiOAuthHost = auth.kimi.com
+ */
+const KIMI_OAUTH_HOST = 'https://auth.kimi.com';
+exports.KIMI_DEVICE_CODE_URL = `${KIMI_OAUTH_HOST}/api/oauth/device_authorization`;
+exports.KIMI_TOKEN_URL = `${KIMI_OAUTH_HOST}/api/oauth/token`;
+exports.KIMI_CLIENT_ID = '17e5f671-d194-4dfb-9706-5516cb48c098';
+exports.KIMI_API_BASE_URL = 'https://api.kimi.com/coding';
+async function requestKimiDeviceCode() {
+    const data = new URLSearchParams({
+        client_id: exports.KIMI_CLIENT_ID,
+        scope: 'openid profile email',
+    });
+    const res = await (0, undici_1.request)(exports.KIMI_DEVICE_CODE_URL, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: data.toString(),
+        headersTimeout: 15000,
+        bodyTimeout: 30000,
+    });
+    const text = await res.body.text();
+    if (res.statusCode !== 200) {
+        throw new Error(`Kimi device code failed (${res.statusCode}): ${text}`);
+    }
+    const parsed = JSON.parse(text);
+    return {
+        deviceCode: parsed.device_code,
+        userCode: parsed.user_code,
+        verificationUri: parsed.verification_uri,
+        verificationUriComplete: parsed.verification_uri_complete,
+        expiresIn: parsed.expires_in,
+        intervalSec: parsed.interval ?? 5,
+    };
+}
+async function pollKimiToken(device, account = 'default') {
+    const deadline = Date.now() + device.expiresIn * 1000;
+    let interval = Math.max(device.intervalSec * 1000, 3000);
+    while (Date.now() < deadline) {
+        await new Promise((r) => setTimeout(r, interval));
+        const data = new URLSearchParams({
+            grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+            client_id: exports.KIMI_CLIENT_ID,
+            device_code: device.deviceCode,
+        });
+        const res = await (0, undici_1.request)(exports.KIMI_TOKEN_URL, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+                Accept: 'application/json',
+            },
+            body: data.toString(),
+            headersTimeout: 15000,
+            bodyTimeout: 30000,
+        });
+        const text = await res.body.text();
+        if (res.statusCode === 200) {
+            const parsed = JSON.parse(text);
+            const now = Date.now();
+            return {
+                type: 'kimi',
+                account,
+                accessToken: parsed.access_token,
+                refreshToken: parsed.refresh_token ?? '',
+                expiresAt: now + parsed.expires_in * 1000,
+                lastRefresh: now,
+            };
+        }
+        try {
+            const err = JSON.parse(text);
+            if (err.error === 'authorization_pending')
+                continue;
+            if (err.error === 'slow_down') {
+                interval += 5000;
+                continue;
+            }
+            throw new Error(`Kimi device flow error: ${err.error ?? text}`);
+        }
+        catch (e) {
+            if (e instanceof SyntaxError)
+                throw new Error(`Kimi polling failed: ${text}`);
+            throw e;
+        }
+    }
+    throw new Error('Kimi device flow expired');
+}
+async function refreshKimiToken(current) {
+    if (!current.refreshToken)
+        throw new Error('Kimi refresh token missing');
+    const data = new URLSearchParams({
+        grant_type: 'refresh_token',
+        client_id: exports.KIMI_CLIENT_ID,
+        refresh_token: current.refreshToken,
+    });
+    const res = await (0, undici_1.request)(exports.KIMI_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            Accept: 'application/json',
+        },
+        body: data.toString(),
+        headersTimeout: 15000,
+        bodyTimeout: 30000,
+    });
+    const text = await res.body.text();
+    if (res.statusCode !== 200) {
+        throw new Error(`Kimi refresh failed (${res.statusCode}): ${text}`);
+    }
+    const parsed = JSON.parse(text);
+    const now = Date.now();
+    return {
+        ...current,
+        accessToken: parsed.access_token,
+        refreshToken: parsed.refresh_token ?? current.refreshToken,
+        expiresAt: now + parsed.expires_in * 1000,
+        lastRefresh: now,
+    };
+}
+//# sourceMappingURL=kimi-oauth.js.map

package/dist/llm/oauth/kimi-oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"kimi-oauth.js","sourceRoot":"","sources":["../../../src/llm/oauth/kimi-oauth.ts"],"names":[],"mappings":";;;AAqCA,sDAyBC;AAED,sCAkDC;AAED,4CAgCC;AApJD,mCAAiC;AAGjC;;;GAGG;AACH,MAAM,eAAe,GAAG,uBAAuB,CAAC;AACnC,QAAA,oBAAoB,GAAG,GAAG,eAAe,iCAAiC,CAAC;AAC3E,QAAA,cAAc,GAAG,GAAG,eAAe,kBAAkB,CAAC;AACtD,QAAA,cAAc,GAAG,sCAAsC,CAAC;AACxD,QAAA,iBAAiB,GAAG,6BAA6B,CAAC;AA0BxD,KAAK,UAAU,qBAAqB;IACzC,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,SAAS,EAAE,sBAAc;QACzB,KAAK,EAAE,sBAAsB;KAC9B,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,4BAAoB,EAAE;QAC9C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;QACrB,cAAc,EAAE,KAAM;QACtB,WAAW,EAAE,KAAM;KACpB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,CAAC,UAAU,MAAM,IAAI,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB,CAAC;IAClD,OAAO;QACL,UAAU,EAAE,MAAM,CAAC,WAAW;QAC9B,QAAQ,EAAE,MAAM,CAAC,SAAS;QAC1B,eAAe,EAAE,MAAM,CAAC,gBAAgB;QACxC,uBAAuB,EAAE,MAAM,CAAC,yBAAyB;QACzD,SAAS,EAAE,MAAM,CAAC,UAAU;QAC5B,WAAW,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC;KAClC,CAAC;AACJ,CAAC;AAEM,KAAK,UAAU,aAAa,CACjC,MAAsB,EACtB,OAAO,GAAG,SAAS;IAEnB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC;IACtD,IAAI,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,EAAE,IAAI,CAAC,CAAC;IACzD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;QAClD,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;YAC/B,UAAU,EAAE,8CAA8C;YAC1D,SAAS,EAAE,sBAAc;YACzB,WAAW,EAAE,MAAM,CAAC,UAAU;SAC/B,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,sBAAc,EAAE;YACxC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;gBACnD,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;YACrB,cAAc,EAAE,KAAM;YACtB,WAAW,EAAE,KAAM;SACpB,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QACnC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAc,CAAC;YAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,OAAO;gBACP,WAAW,EAAE,MAAM,CAAC,YAAY;gBAChC,YAAY,EAAE,MAAM,CAAC,aAAa,IAAI,EAAE;gBACxC,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;gBACzC,WAAW,EAAE,GAAG;aACjB,CAAC;QACJ,CAAC;QACD,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAuB,CAAC;YACnD,IAAI,GAAG,CAAC,KAAK,KAAK,uBAAuB;gBAAE,SAAS;YACpD,IAAI,GAAG,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;gBAC9B,QAAQ,IAAI,IAAI,CAAC;gBACjB,SAAS;YACX,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC,CAAC;QAClE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,YAAY,WAAW;gBAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC;YAC9E,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;AAC9C,CAAC;AAEM,KAAK,UAAU,gBAAgB,CACpC,OAA0B;IAE1B,IAAI,CAAC,OAAO,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IACzE,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,eAAe;QAC3B,SAAS,EAAE,sBAAc;QACzB,aAAa,EAAE,OAAO,CAAC,YAAY;KACpC,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,sBAAc,EAAE;QACxC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;QACrB,cAAc,EAAE,KAAM;QACtB,WAAW,EAAE,KAAM;KACpB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,CAAC,UAAU,MAAM,IAAI,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAc,CAAC;IAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO;QACL,GAAG,OAAO;QACV,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa,IAAI,OAAO,CAAC,YAAY;QAC1D,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;QACzC,WAAW,EAAE,GAAG;KACjB,CAAC;AACJ,CAAC"}

package/dist/llm/oauth/open-browser.d.ts

@@ -0,0 +1,5 @@
+/**
+ * Mở URL trong browser mặc định của OS.
+ * Không depend `open` package để giữ deps gọn.
+ */
+export declare function openBrowser(url: string): void;

package/dist/llm/oauth/open-browser.js

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.openBrowser = openBrowser;
+const child_process_1 = require("child_process");
+/**
+ * Mở URL trong browser mặc định của OS.
+ * Không depend `open` package để giữ deps gọn.
+ */
+function openBrowser(url) {
+    const platform = process.platform;
+    let cmd;
+    let args;
+    if (platform === 'win32') {
+        cmd = 'cmd';
+        args = ['/c', 'start', '""', url.replace(/&/g, '^&')];
+    }
+    else if (platform === 'darwin') {
+        cmd = 'open';
+        args = [url];
+    }
+    else {
+        cmd = 'xdg-open';
+        args = [url];
+    }
+    const child = (0, child_process_1.spawn)(cmd, args, {
+        detached: true,
+        stdio: 'ignore',
+        windowsHide: true,
+    });
+    child.unref();
+}
+//# sourceMappingURL=open-browser.js.map

package/dist/llm/oauth/open-browser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"open-browser.js","sourceRoot":"","sources":["../../../src/llm/oauth/open-browser.ts"],"names":[],"mappings":";;AAMA,kCAsBC;AA5BD,iDAAsC;AAEtC;;;GAGG;AACH,SAAgB,WAAW,CAAC,GAAW;IACrC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,GAAW,CAAC;IAChB,IAAI,IAAc,CAAC;IAEnB,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QACzB,GAAG,GAAG,KAAK,CAAC;QACZ,IAAI,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;IACxD,CAAC;SAAM,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACjC,GAAG,GAAG,MAAM,CAAC;QACb,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACf,CAAC;SAAM,CAAC;QACN,GAAG,GAAG,UAAU,CAAC;QACjB,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACf,CAAC;IAED,MAAM,KAAK,GAAG,IAAA,qBAAK,EAAC,GAAG,EAAE,IAAI,EAAE;QAC7B,QAAQ,EAAE,IAAI;QACd,KAAK,EAAE,QAAQ;QACf,WAAW,EAAE,IAAI;KAClB,CAAC,CAAC;IACH,KAAK,CAAC,KAAK,EAAE,CAAC;AAChB,CAAC"}

package/dist/llm/oauth/pkce.d.ts

@@ -0,0 +1,12 @@
+export interface PKCECodes {
+    codeVerifier: string;
+    codeChallenge: string;
+}
+/**
+ * Generate PKCE codes theo RFC 7636 cho OAuth 2.0.
+ * Port từ CLIProxyAPI `internal/auth/claude/pkce.go`:
+ *  - 96 random bytes → 128 ký tự base64url (no padding) làm verifier
+ *  - SHA256 verifier → base64url (no padding) làm challenge
+ */
+export declare function generatePKCECodes(): PKCECodes;
+export declare function generateRandomState(): string;

package/dist/llm/oauth/pkce.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generatePKCECodes = generatePKCECodes;
+exports.generateRandomState = generateRandomState;
+const crypto_1 = require("crypto");
+/**
+ * Generate PKCE codes theo RFC 7636 cho OAuth 2.0.
+ * Port từ CLIProxyAPI `internal/auth/claude/pkce.go`:
+ *  - 96 random bytes → 128 ký tự base64url (no padding) làm verifier
+ *  - SHA256 verifier → base64url (no padding) làm challenge
+ */
+function generatePKCECodes() {
+    const codeVerifier = base64UrlEncode((0, crypto_1.randomBytes)(96));
+    const codeChallenge = base64UrlEncode((0, crypto_1.createHash)('sha256').update(codeVerifier).digest());
+    return { codeVerifier, codeChallenge };
+}
+function base64UrlEncode(buf) {
+    return buf
+        .toString('base64')
+        .replace(/\+/g, '-')
+        .replace(/\//g, '_')
+        .replace(/=+$/, '');
+}
+function generateRandomState() {
+    return base64UrlEncode((0, crypto_1.randomBytes)(24));
+}
+//# sourceMappingURL=pkce.js.map

package/dist/llm/oauth/pkce.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"pkce.js","sourceRoot":"","sources":["../../../src/llm/oauth/pkce.ts"],"names":[],"mappings":";;AAaA,8CAIC;AAUD,kDAEC;AA7BD,mCAAiD;AAOjD;;;;;GAKG;AACH,SAAgB,iBAAiB;IAC/B,MAAM,YAAY,GAAG,eAAe,CAAC,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,CAAC;IACtD,MAAM,aAAa,GAAG,eAAe,CAAC,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IAC1F,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,CAAC;AACzC,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,OAAO,GAAG;SACP,QAAQ,CAAC,QAAQ,CAAC;SAClB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;AACxB,CAAC;AAED,SAAgB,mBAAmB;IACjC,OAAO,eAAe,CAAC,IAAA,oBAAW,EAAC,EAAE,CAAC,CAAC,CAAC;AAC1C,CAAC"}

package/dist/llm/oauth/qwen-oauth.d.ts

@@ -0,0 +1,27 @@
+import { PKCECodes } from './pkce';
+import { OAuthTokenStorage } from './store';
+/**
+ * Qwen Device Flow OAuth — port từ `internal/auth/qwen/qwen_auth.go`.
+ *
+ * RFC 8628 Device Authorization Grant: app yêu cầu device_code + user_code,
+ * hiển thị user_code để user nhập trên browser, poll token định kỳ.
+ */
+export declare const QWEN_DEVICE_CODE_URL = "https://chat.qwen.ai/api/v1/oauth2/device/code";
+export declare const QWEN_TOKEN_URL = "https://chat.qwen.ai/api/v1/oauth2/token";
+export declare const QWEN_CLIENT_ID = "f0304373b74a44d2b584a3fb70ca9e56";
+export interface QwenDeviceAuth {
+    deviceCode: string;
+    userCode: string;
+    verificationUri: string;
+    verificationUriComplete?: string;
+    expiresIn: number;
+    intervalSec: number;
+    pkce: PKCECodes;
+}
+export declare function requestQwenDeviceCode(): Promise<QwenDeviceAuth>;
+/**
+ * Poll token endpoint cho đến khi user đã authorize hoặc hết hạn / lỗi.
+ * Throw Error nếu user huỷ / expired.
+ */
+export declare function pollQwenToken(device: QwenDeviceAuth, account?: string): Promise<OAuthTokenStorage>;
+export declare function refreshQwenToken(current: OAuthTokenStorage): Promise<OAuthTokenStorage>;

package/dist/llm/oauth/qwen-oauth.js

@@ -0,0 +1,138 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.QWEN_CLIENT_ID = exports.QWEN_TOKEN_URL = exports.QWEN_DEVICE_CODE_URL = void 0;
+exports.requestQwenDeviceCode = requestQwenDeviceCode;
+exports.pollQwenToken = pollQwenToken;
+exports.refreshQwenToken = refreshQwenToken;
+const undici_1 = require("undici");
+const pkce_1 = require("./pkce");
+/**
+ * Qwen Device Flow OAuth — port từ `internal/auth/qwen/qwen_auth.go`.
+ *
+ * RFC 8628 Device Authorization Grant: app yêu cầu device_code + user_code,
+ * hiển thị user_code để user nhập trên browser, poll token định kỳ.
+ */
+exports.QWEN_DEVICE_CODE_URL = 'https://chat.qwen.ai/api/v1/oauth2/device/code';
+exports.QWEN_TOKEN_URL = 'https://chat.qwen.ai/api/v1/oauth2/token';
+exports.QWEN_CLIENT_ID = 'f0304373b74a44d2b584a3fb70ca9e56';
+async function requestQwenDeviceCode() {
+    const pkce = (0, pkce_1.generatePKCECodes)();
+    const data = new URLSearchParams({
+        client_id: exports.QWEN_CLIENT_ID,
+        scope: 'openid profile email model.completion',
+        code_challenge: pkce.codeChallenge,
+        code_challenge_method: 'S256',
+    });
+    const res = await (0, undici_1.request)(exports.QWEN_DEVICE_CODE_URL, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: data.toString(),
+        headersTimeout: 15000,
+        bodyTimeout: 30000,
+    });
+    const text = await res.body.text();
+    if (res.statusCode !== 200) {
+        throw new Error(`Qwen device code request failed (${res.statusCode}): ${text}`);
+    }
+    const parsed = JSON.parse(text);
+    return {
+        deviceCode: parsed.device_code,
+        userCode: parsed.user_code,
+        verificationUri: parsed.verification_uri,
+        verificationUriComplete: parsed.verification_uri_complete,
+        expiresIn: parsed.expires_in,
+        intervalSec: parsed.interval ?? 5,
+        pkce,
+    };
+}
+/**
+ * Poll token endpoint cho đến khi user đã authorize hoặc hết hạn / lỗi.
+ * Throw Error nếu user huỷ / expired.
+ */
+async function pollQwenToken(device, account = 'default') {
+    const deadline = Date.now() + device.expiresIn * 1000;
+    let interval = Math.max(device.intervalSec * 1000, 3000);
+    while (Date.now() < deadline) {
+        await new Promise((r) => setTimeout(r, interval));
+        const data = new URLSearchParams({
+            grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+            client_id: exports.QWEN_CLIENT_ID,
+            device_code: device.deviceCode,
+            code_verifier: device.pkce.codeVerifier,
+        });
+        const res = await (0, undici_1.request)(exports.QWEN_TOKEN_URL, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+                Accept: 'application/json',
+            },
+            body: data.toString(),
+            headersTimeout: 15000,
+            bodyTimeout: 30000,
+        });
+        const text = await res.body.text();
+        if (res.statusCode === 200) {
+            const parsed = JSON.parse(text);
+            const now = Date.now();
+            return {
+                type: 'qwen',
+                account,
+                accessToken: parsed.access_token,
+                refreshToken: parsed.refresh_token ?? '',
+                expiresAt: now + parsed.expires_in * 1000,
+                lastRefresh: now,
+            };
+        }
+        // RFC 8628 errors: authorization_pending → tiếp tục, slow_down → +5s,
+        // còn lại = abort
+        try {
+            const err = JSON.parse(text);
+            if (err.error === 'authorization_pending')
+                continue;
+            if (err.error === 'slow_down') {
+                interval += 5000;
+                continue;
+            }
+            throw new Error(`Qwen device flow error: ${err.error ?? text}`);
+        }
+        catch (e) {
+            if (e instanceof SyntaxError)
+                throw new Error(`Qwen polling failed: ${text}`);
+            throw e;
+        }
+    }
+    throw new Error('Qwen device flow expired');
+}
+async function refreshQwenToken(current) {
+    if (!current.refreshToken)
+        throw new Error('Qwen refresh token missing');
+    const data = new URLSearchParams({
+        grant_type: 'refresh_token',
+        client_id: exports.QWEN_CLIENT_ID,
+        refresh_token: current.refreshToken,
+    });
+    const res = await (0, undici_1.request)(exports.QWEN_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+            Accept: 'application/json',
+        },
+        body: data.toString(),
+        headersTimeout: 15000,
+        bodyTimeout: 30000,
+    });
+    const text = await res.body.text();
+    if (res.statusCode !== 200) {
+        throw new Error(`Qwen refresh failed (${res.statusCode}): ${text}`);
+    }
+    const parsed = JSON.parse(text);
+    const now = Date.now();
+    return {
+        ...current,
+        accessToken: parsed.access_token,
+        refreshToken: parsed.refresh_token ?? current.refreshToken,
+        expiresAt: now + parsed.expires_in * 1000,
+        lastRefresh: now,
+    };
+}
+//# sourceMappingURL=qwen-oauth.js.map

package/dist/llm/oauth/qwen-oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"qwen-oauth.js","sourceRoot":"","sources":["../../../src/llm/oauth/qwen-oauth.ts"],"names":[],"mappings":";;;AAwCA,sDA6BC;AAMD,sCAwDC;AAED,4CAgCC;AArKD,mCAAiC;AACjC,iCAAsD;AAGtD;;;;;GAKG;AACU,QAAA,oBAAoB,GAAG,gDAAgD,CAAC;AACxE,QAAA,cAAc,GAAG,0CAA0C,CAAC;AAC5D,QAAA,cAAc,GAAG,kCAAkC,CAAC;AA4B1D,KAAK,UAAU,qBAAqB;IACzC,MAAM,IAAI,GAAG,IAAA,wBAAiB,GAAE,CAAC;IACjC,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,SAAS,EAAE,sBAAc;QACzB,KAAK,EAAE,uCAAuC;QAC9C,cAAc,EAAE,IAAI,CAAC,aAAa;QAClC,qBAAqB,EAAE,MAAM;KAC9B,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,4BAAoB,EAAE;QAC9C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;QACrB,cAAc,EAAE,KAAM;QACtB,WAAW,EAAE,KAAM;KACpB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,oCAAoC,GAAG,CAAC,UAAU,MAAM,IAAI,EAAE,CAAC,CAAC;IAClF,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAmB,CAAC;IAClD,OAAO;QACL,UAAU,EAAE,MAAM,CAAC,WAAW;QAC9B,QAAQ,EAAE,MAAM,CAAC,SAAS;QAC1B,eAAe,EAAE,MAAM,CAAC,gBAAgB;QACxC,uBAAuB,EAAE,MAAM,CAAC,yBAAyB;QACzD,SAAS,EAAE,MAAM,CAAC,UAAU;QAC5B,WAAW,EAAE,MAAM,CAAC,QAAQ,IAAI,CAAC;QACjC,IAAI;KACL,CAAC;AACJ,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,aAAa,CACjC,MAAsB,EACtB,OAAO,GAAG,SAAS;IAEnB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC;IACtD,IAAI,QAAQ,GAAG,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,GAAG,IAAI,EAAE,IAAI,CAAC,CAAC;IAEzD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,MAAM,IAAI,OAAO,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,UAAU,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,CAAC;QAClD,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;YAC/B,UAAU,EAAE,8CAA8C;YAC1D,SAAS,EAAE,sBAAc;YACzB,WAAW,EAAE,MAAM,CAAC,UAAU;YAC9B,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,YAAY;SACxC,CAAC,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,sBAAc,EAAE;YACxC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;gBACnD,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;YACrB,cAAc,EAAE,KAAM;YACtB,WAAW,EAAE,KAAM;SACpB,CAAC,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;QAEnC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;YAC3B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAc,CAAC;YAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,OAAO;gBACP,WAAW,EAAE,MAAM,CAAC,YAAY;gBAChC,YAAY,EAAE,MAAM,CAAC,aAAa,IAAI,EAAE;gBACxC,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;gBACzC,WAAW,EAAE,GAAG;aACjB,CAAC;QACJ,CAAC;QAED,sEAAsE;QACtE,kBAAkB;QAClB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAuB,CAAC;YACnD,IAAI,GAAG,CAAC,KAAK,KAAK,uBAAuB;gBAAE,SAAS;YACpD,IAAI,GAAG,CAAC,KAAK,KAAK,WAAW,EAAE,CAAC;gBAC9B,QAAQ,IAAI,IAAI,CAAC;gBACjB,SAAS;YACX,CAAC;YACD,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,CAAC,KAAK,IAAI,IAAI,EAAE,CAAC,CAAC;QAClE,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,IAAI,CAAC,YAAY,WAAW;gBAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,IAAI,EAAE,CAAC,CAAC;YAC9E,MAAM,CAAC,CAAC;QACV,CAAC;IACH,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;AAC9C,CAAC;AAEM,KAAK,UAAU,gBAAgB,CACpC,OAA0B;IAE1B,IAAI,CAAC,OAAO,CAAC,YAAY;QAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IACzE,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,eAAe;QAC3B,SAAS,EAAE,sBAAc;QACzB,aAAa,EAAE,OAAO,CAAC,YAAY;KACpC,CAAC,CAAC;IACH,MAAM,GAAG,GAAG,MAAM,IAAA,gBAAO,EAAC,sBAAc,EAAE;QACxC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE;QACrB,cAAc,EAAE,KAAM;QACtB,WAAW,EAAE,KAAM;KACpB,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;IACnC,IAAI,GAAG,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,CAAC,UAAU,MAAM,IAAI,EAAE,CAAC,CAAC;IACtE,CAAC;IACD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAc,CAAC;IAC7C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,OAAO;QACL,GAAG,OAAO;QACV,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa,IAAI,OAAO,CAAC,YAAY;QAC1D,SAAS,EAAE,GAAG,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI;QACzC,WAAW,EAAE,GAAG;KACjB,CAAC;AACJ,CAAC"}

package/dist/llm/oauth/store.d.ts

@@ -0,0 +1,34 @@
+/**
+ * Token storage cho 1 OAuth account.
+ *
+ * Lưu vào `~/.redai/oauth/<provider>/<account>.json` (chmod 600).
+ * Đa số provider (Claude/Codex/Gemini) chỉ có 1 account → file `default.json`.
+ * Multi-account (M4) thêm folder con + tên account.
+ */
+export interface OAuthTokenStorage {
+    /** Provider type: claude | codex | gemini | ... */
+    type: string;
+    /** Account identifier mặc định 'default'. */
+    account: string;
+    /** OAuth access_token. */
+    accessToken: string;
+    /** OAuth refresh_token (long-lived). */
+    refreshToken: string;
+    /** Optional JWT id_token (Anthropic không trả nhưng Google CLI có). */
+    idToken?: string;
+    /** Email account (informational, hiển thị trong status). */
+    email?: string;
+    /** Unix ms khi access_token hết hạn. */
+    expiresAt: number;
+    /** Unix ms lần cuối refresh. */
+    lastRefresh: number;
+    /** Free-form metadata (provider-specific). */
+    metadata?: Record<string, unknown>;
+}
+export declare function oauthDir(provider: string): string;
+export declare function oauthFilePath(provider: string, account?: string): string;
+export declare function saveToken(provider: string, token: OAuthTokenStorage): void;
+export declare function loadToken(provider: string, account?: string): OAuthTokenStorage | null;
+export declare function listAccounts(provider: string): string[];
+export declare function deleteToken(provider: string, account?: string): void;
+export declare function listProvidersWithLogin(): string[];