npm - @witqq/agent-sdk - Versions diffs - 0.3.1 → 0.4.0 - Mend

@witqq/agent-sdk 0.3.1 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/README.md +103 -1
package/dist/auth/index.cjs +359 -0
package/dist/auth/index.cjs.map +1 -0
package/dist/auth/index.d.cts +271 -0
package/dist/auth/index.d.ts +271 -0
package/dist/auth/index.js +352 -0
package/dist/auth/index.js.map +1 -0
package/dist/backends/claude.cjs +81 -13
package/dist/backends/claude.cjs.map +1 -1
package/dist/backends/claude.d.cts +6 -1
package/dist/backends/claude.d.ts +6 -1
package/dist/backends/claude.js +81 -13
package/dist/backends/claude.js.map +1 -1
package/dist/backends/copilot.cjs +75 -12
package/dist/backends/copilot.cjs.map +1 -1
package/dist/backends/copilot.d.cts +1 -1
package/dist/backends/copilot.d.ts +1 -1
package/dist/backends/copilot.js +75 -12
package/dist/backends/copilot.js.map +1 -1
package/dist/backends/vercel-ai.cjs +20 -1
package/dist/backends/vercel-ai.cjs.map +1 -1
package/dist/backends/vercel-ai.d.cts +1 -1
package/dist/backends/vercel-ai.d.ts +1 -1
package/dist/backends/vercel-ai.js +20 -1
package/dist/backends/vercel-ai.js.map +1 -1
package/dist/index.cjs +4 -0
package/dist/index.cjs.map +1 -1
package/dist/index.d.cts +12 -0
package/dist/index.d.ts +12 -0
package/dist/index.js +4 -0
package/dist/index.js.map +1 -1
package/dist/{types-ChCH6zvp.d.cts → types-CYtx9gvQ.d.cts} +10 -0
package/dist/{types-ChCH6zvp.d.ts → types-CYtx9gvQ.d.ts} +10 -0
package/package.json +11 -1

package/dist/auth/index.js ADDED Viewed

@@ -0,0 +1,352 @@
+import { createHash, randomBytes } from 'crypto';
+// src/auth/types.ts
+var AuthError = class extends Error {
+  constructor(message, options) {
+    super(message, options);
+    this.name = "AuthError";
+  }
+};
+var DeviceCodeExpiredError = class extends AuthError {
+  constructor() {
+    super("Device code expired. Please restart the auth flow.");
+    this.name = "DeviceCodeExpiredError";
+  }
+};
+var AccessDeniedError = class extends AuthError {
+  constructor() {
+    super("Access was denied by the user.");
+    this.name = "AccessDeniedError";
+  }
+};
+var TokenExchangeError = class extends AuthError {
+  constructor(message, options) {
+    super(message, options);
+    this.name = "TokenExchangeError";
+  }
+};
+// src/auth/copilot-auth.ts
+var CLIENT_ID = "Ov23ctDVkRmgkPke0Mmm";
+var DEVICE_CODE_URL = "https://github.com/login/device/code";
+var ACCESS_TOKEN_URL = "https://github.com/login/oauth/access_token";
+var USER_API_URL = "https://api.github.com/user";
+var DEFAULT_SCOPES = "read:user,read:org,repo,gist";
+var GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";
+var CopilotAuth = class {
+  fetchFn;
+  /** @param options - Optional configuration with custom fetch for testing */
+  constructor(options) {
+    this.fetchFn = options?.fetch ?? globalThis.fetch;
+  }
+  /**
+   * Start the GitHub Device Flow.
+   * Returns a device code result with user code, verification URL,
+   * and a `waitForToken()` function that polls until the user authorizes.
+   *
+   * @param options - Optional scopes and abort signal
+   * @returns Device flow result with user code, verification URL, and waitForToken poller
+   * @throws {AuthError} If the device code request fails
+   * @throws {DeviceCodeExpiredError} If the device code expires before user authorizes
+   * @throws {AccessDeniedError} If the user denies access
+   *
+   * @example
+   * ```ts
+   * const auth = new CopilotAuth();
+   * const { userCode, verificationUrl, waitForToken } = await auth.startDeviceFlow();
+   * console.log(`Open ${verificationUrl} and enter code: ${userCode}`);
+   * const token = await waitForToken();
+   * ```
+   */
+  async startDeviceFlow(options) {
+    const scopes = options?.scopes ?? DEFAULT_SCOPES;
+    const response = await this.fetchFn(DEVICE_CODE_URL, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/x-www-form-urlencoded",
+        Accept: "application/json"
+      },
+      body: new URLSearchParams({
+        client_id: CLIENT_ID,
+        scope: scopes
+      }),
+      signal: options?.signal
+    });
+    if (!response.ok) {
+      throw new AuthError(
+        `Failed to request device code: ${response.status} ${response.statusText}`
+      );
+    }
+    const data = await response.json();
+    return {
+      userCode: data.user_code,
+      verificationUrl: data.verification_uri,
+      waitForToken: (signal) => this.pollForToken(data.device_code, data.interval, signal)
+    };
+  }
+  async pollForToken(deviceCode, interval, signal) {
+    let pollIntervalMs = interval * 1e3;
+    while (true) {
+      if (signal?.aborted) {
+        throw new AuthError("Authentication was aborted.");
+      }
+      await this.delay(pollIntervalMs, signal);
+      const response = await this.fetchFn(ACCESS_TOKEN_URL, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/x-www-form-urlencoded",
+          Accept: "application/json"
+        },
+        body: new URLSearchParams({
+          client_id: CLIENT_ID,
+          device_code: deviceCode,
+          grant_type: GRANT_TYPE
+        }),
+        signal
+      });
+      if (!response.ok) {
+        throw new AuthError(
+          `Token poll failed: ${response.status} ${response.statusText}`
+        );
+      }
+      const data = await response.json();
+      if (data.access_token) {
+        const token = {
+          accessToken: data.access_token,
+          tokenType: data.token_type ?? "bearer",
+          obtainedAt: Date.now()
+        };
+        try {
+          const login = await this.fetchUserLogin(data.access_token, signal);
+          if (login) token.login = login;
+        } catch {
+        }
+        return token;
+      }
+      if (data.error === "authorization_pending") {
+        continue;
+      }
+      if (data.error === "slow_down") {
+        pollIntervalMs = (data.interval ?? interval + 5) * 1e3;
+        continue;
+      }
+      if (data.error === "expired_token") {
+        throw new DeviceCodeExpiredError();
+      }
+      if (data.error === "access_denied") {
+        throw new AccessDeniedError();
+      }
+      throw new AuthError(
+        data.error_description ?? `Unexpected error: ${data.error}`
+      );
+    }
+  }
+  async fetchUserLogin(token, signal) {
+    const response = await this.fetchFn(USER_API_URL, {
+      headers: {
+        Authorization: `Bearer ${token}`,
+        Accept: "application/json"
+      },
+      signal
+    });
+    if (!response.ok) return void 0;
+    const user = await response.json();
+    return user.login;
+  }
+  delay(ms, signal) {
+    return new Promise((resolve, reject) => {
+      const timer = setTimeout(resolve, ms);
+      signal?.addEventListener(
+        "abort",
+        () => {
+          clearTimeout(timer);
+          reject(new AuthError("Authentication was aborted."));
+        },
+        { once: true }
+      );
+    });
+  }
+};
+var CLIENT_ID2 = "9d1c250a-e61b-44d9-88ed-5944d1962f5e";
+var AUTHORIZE_URL = "https://claude.ai/oauth/authorize";
+var TOKEN_URL = "https://platform.claude.com/v1/oauth/token";
+var DEFAULT_REDIRECT_URI = "https://platform.claude.com/oauth/code/callback";
+var DEFAULT_SCOPES2 = "user:profile user:inference user:sessions:claude_code user:mcp_servers";
+var ClaudeAuth = class _ClaudeAuth {
+  fetchFn;
+  randomBytes;
+  /**
+   * @param options - Optional configuration with custom fetch and random bytes for testing
+   */
+  constructor(options) {
+    this.fetchFn = options?.fetch ?? globalThis.fetch;
+    this.randomBytes = options?.randomBytes ?? defaultRandomBytes;
+  }
+  /**
+   * Start the Claude OAuth+PKCE flow.
+   * Generates PKCE code verifier/challenge and returns an authorize URL
+   * plus a `completeAuth(code)` function for token exchange.
+   *
+   * @param options - Redirect URI and optional scopes
+   * @returns OAuth flow result with authorize URL and completeAuth function
+   * @throws {AuthError} If PKCE generation fails
+   *
+   * @example
+   * ```ts
+   * const auth = new ClaudeAuth();
+   * const { authorizeUrl, completeAuth } = auth.startOAuthFlow({
+   *   redirectUri: "https://platform.claude.com/oauth/code/callback",
+   * });
+   * console.log(`Open: ${authorizeUrl}`);
+   * const token = await completeAuth(authorizationCode);
+   * ```
+   */
+  startOAuthFlow(options) {
+    const redirectUri = options?.redirectUri ?? DEFAULT_REDIRECT_URI;
+    const scopes = options?.scopes ?? DEFAULT_SCOPES2;
+    const codeVerifier = this.generateCodeVerifier();
+    const state = this.generateState();
+    const authorizeUrl = this.buildAuthorizeUrl(
+      redirectUri,
+      scopes,
+      codeVerifier,
+      state
+    );
+    return {
+      authorizeUrl,
+      completeAuth: (codeOrUrl) => {
+        const code = _ClaudeAuth.extractCode(codeOrUrl);
+        return this.exchangeCode(code, codeVerifier, state, redirectUri);
+      }
+    };
+  }
+  /**
+   * Extract an authorization code from user input.
+   * Accepts a raw code string or a full redirect URL containing a `code` query parameter.
+   *
+   * @param input - Raw authorization code or redirect URL
+   * @returns The extracted authorization code
+   *
+   * @example
+   * ```ts
+   * ClaudeAuth.extractCode("abc123"); // "abc123"
+   * ClaudeAuth.extractCode("https://platform.claude.com/oauth/code/callback?code=abc123&state=xyz"); // "abc123"
+   * ```
+   */
+  static extractCode(input) {
+    const trimmed = input.trim();
+    try {
+      const url = new URL(trimmed);
+      const code = url.searchParams.get("code");
+      if (code) return code;
+    } catch {
+    }
+    const hashIdx = trimmed.indexOf("#");
+    if (hashIdx > 0) {
+      return trimmed.substring(0, hashIdx);
+    }
+    return trimmed;
+  }
+  /**
+   * Refresh an expired Claude token.
+   *
+   * @param refreshToken - The refresh token from a previous authentication
+   * @returns New auth token with refreshed access token
+   * @throws {TokenExchangeError} If the refresh request fails
+   *
+   * @example
+   * ```ts
+   * const auth = new ClaudeAuth();
+   * const newToken = await auth.refreshToken(oldToken.refreshToken);
+   * ```
+   */
+  async refreshToken(refreshToken) {
+    const response = await this.fetchFn(TOKEN_URL, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        grant_type: "refresh_token",
+        refresh_token: refreshToken,
+        client_id: CLIENT_ID2
+      })
+    });
+    if (!response.ok) {
+      const text = await response.text();
+      throw new TokenExchangeError(
+        `Token refresh failed: ${response.status} ${text}`
+      );
+    }
+    const data = await response.json();
+    return this.mapTokenResponse(data);
+  }
+  generateCodeVerifier() {
+    const bytes = this.randomBytes(96);
+    return base64Encode(bytes).replace(/\+/g, "~").replace(/=/g, "_").replace(/\//g, "-");
+  }
+  generateState() {
+    const bytes = this.randomBytes(16);
+    return hexEncode(bytes);
+  }
+  buildAuthorizeUrl(redirectUri, scopes, codeVerifier, state) {
+    const codeChallenge = this.generateCodeChallengeSync(codeVerifier);
+    const url = new URL(AUTHORIZE_URL);
+    url.searchParams.set("code", "true");
+    url.searchParams.set("client_id", CLIENT_ID2);
+    url.searchParams.set("response_type", "code");
+    url.searchParams.set("redirect_uri", redirectUri);
+    url.searchParams.set("scope", scopes);
+    url.searchParams.set("code_challenge", codeChallenge);
+    url.searchParams.set("code_challenge_method", "S256");
+    url.searchParams.set("state", state);
+    return url.toString();
+  }
+  generateCodeChallengeSync(verifier) {
+    const hash = createHash("sha256").update(verifier).digest("base64");
+    return hash.split("=")[0].replace(/\+/g, "-").replace(/\//g, "_");
+  }
+  async exchangeCode(code, codeVerifier, state, redirectUri) {
+    const response = await this.fetchFn(TOKEN_URL, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        grant_type: "authorization_code",
+        code,
+        redirect_uri: redirectUri,
+        client_id: CLIENT_ID2,
+        code_verifier: codeVerifier,
+        state
+      })
+    });
+    if (!response.ok) {
+      const text = await response.text();
+      throw new TokenExchangeError(
+        `Token exchange failed: ${response.status} ${text}`
+      );
+    }
+    const data = await response.json();
+    return this.mapTokenResponse(data);
+  }
+  mapTokenResponse(data) {
+    return {
+      accessToken: data.access_token,
+      tokenType: data.token_type ?? "bearer",
+      expiresIn: data.expires_in,
+      obtainedAt: Date.now(),
+      refreshToken: data.refresh_token,
+      scopes: data.scope?.split(" ") ?? []
+    };
+  }
+};
+function defaultRandomBytes(size) {
+  return new Uint8Array(randomBytes(size));
+}
+function base64Encode(bytes) {
+  return Buffer.from(bytes).toString("base64");
+}
+function hexEncode(bytes) {
+  return Buffer.from(bytes).toString("hex");
+}
+export { AccessDeniedError, AuthError, ClaudeAuth, CopilotAuth, DeviceCodeExpiredError, TokenExchangeError };
+//# sourceMappingURL=index.js.map
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/auth/types.ts","../../src/auth/copilot-auth.ts","../../src/auth/claude-auth.ts"],"names":["CLIENT_ID","DEFAULT_SCOPES","nodeRandomBytes"],"mappings":";;;AAqIO,IAAM,SAAA,GAAN,cAAwB,KAAA,CAAM;AAAA,EACnC,WAAA,CAAY,SAAiB,OAAA,EAAwB;AACnD,IAAA,KAAA,CAAM,SAAS,OAAO,CAAA;AACtB,IAAA,IAAA,CAAK,IAAA,GAAO,WAAA;AAAA,EACd;AACF;AAGO,IAAM,sBAAA,GAAN,cAAqC,SAAA,CAAU;AAAA,EACpD,WAAA,GAAc;AACZ,IAAA,KAAA,CAAM,oDAAoD,CAAA;AAC1D,IAAA,IAAA,CAAK,IAAA,GAAO,wBAAA;AAAA,EACd;AACF;AAGO,IAAM,iBAAA,GAAN,cAAgC,SAAA,CAAU;AAAA,EAC/C,WAAA,GAAc;AACZ,IAAA,KAAA,CAAM,gCAAgC,CAAA;AACtC,IAAA,IAAA,CAAK,IAAA,GAAO,mBAAA;AAAA,EACd;AACF;AAMO,IAAM,kBAAA,GAAN,cAAiC,SAAA,CAAU;AAAA,EAChD,WAAA,CAAY,SAAiB,OAAA,EAAwB;AACnD,IAAA,KAAA,CAAM,SAAS,OAAO,CAAA;AACtB,IAAA,IAAA,CAAK,IAAA,GAAO,oBAAA;AAAA,EACd;AACF;;;AC9JA,IAAM,SAAA,GAAY,sBAAA;AAClB,IAAM,eAAA,GAAkB,sCAAA;AACxB,IAAM,gBAAA,GAAmB,6CAAA;AACzB,IAAM,YAAA,GAAe,6BAAA;AACrB,IAAM,cAAA,GAAiB,8BAAA;AACvB,IAAM,UAAA,GAAa,8CAAA;AAsCZ,IAAM,cAAN,MAAkB;AAAA,EACN,OAAA;AAAA;AAAA,EAGjB,YAAY,OAAA,EAA+B;AACzC,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA,EAAS,KAAA,IAAS,UAAA,CAAW,KAAA;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqBA,MAAM,gBAAgB,OAAA,EAGQ;AAC5B,IAAA,MAAM,MAAA,GAAS,SAAS,MAAA,IAAU,cAAA;AAClC,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,OAAA,CAAQ,eAAA,EAAiB;AAAA,MACnD,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS;AAAA,QACP,cAAA,EAAgB,mCAAA;AAAA,QAChB,MAAA,EAAQ;AAAA,OACV;AAAA,MACA,IAAA,EAAM,IAAI,eAAA,CAAgB;AAAA,QACxB,SAAA,EAAW,SAAA;AAAA,QACX,KAAA,EAAO;AAAA,OACR,CAAA;AAAA,MACD,QAAQ,OAAA,EAAS;AAAA,KAClB,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,IAAI,SAAA;AAAA,QACR,CAAA,+BAAA,EAAkC,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,SAAS,UAAU,CAAA;AAAA,OAC1E;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAElC,IAAA,OAAO;AAAA,MACL,UAAU,IAAA,CAAK,SAAA;AAAA,MACf,iBAAiB,IAAA,CAAK,gBAAA;AAAA,MACtB,YAAA,EAAc,CAAC,MAAA,KACb,IAAA,CAAK,aAAa,IAAA,CAAK,WAAA,EAAa,IAAA,CAAK,QAAA,EAAU,MAAM;AAAA,KAC7D;AAAA,EACF;AAAA,EAEA,MAAc,YAAA,CACZ,UAAA,EACA,QAAA,EACA,MAAA,EAC2B;AAC3B,IAAA,IAAI,iBAAiB,QAAA,GAAW,GAAA;AAEhC,IAAA,OAAO,IAAA,EAAM;AACX,MAAA,IAAI,QAAQ,OAAA,EAAS;AACnB,QAAA,MAAM,IAAI,UAAU,6BAA6B,CAAA;AAAA,MACnD;AAEA,MAAA,MAAM,IAAA,CAAK,KAAA,CAAM,cAAA,EAAgB,MAAM,CAAA;AAEvC,MAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,OAAA,CAAQ,gBAAA,EAAkB;AAAA,QACpD,MAAA,EAAQ,MAAA;AAAA,QACR,OAAA,EAAS;AAAA,UACP,cAAA,EAAgB,mCAAA;AAAA,UAChB,MAAA,EAAQ;AAAA,SACV;AAAA,QACA,IAAA,EAAM,IAAI,eAAA,CAAgB;AAAA,UACxB,SAAA,EAAW,SAAA;AAAA,UACX,WAAA,EAAa,UAAA;AAAA,UACb,UAAA,EAAY;AAAA,SACb,CAAA;AAAA,QACD;AAAA,OACD,CAAA;AAED,MAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,QAAA,MAAM,IAAI,SAAA;AAAA,UACR,CAAA,mBAAA,EAAsB,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,SAAS,UAAU,CAAA;AAAA,SAC9D;AAAA,MACF;AAEA,MAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAElC,MAAA,IAAI,KAAK,YAAA,EAAc;AACrB,QAAA,MAAM,KAAA,GAA0B;AAAA,UAC9B,aAAa,IAAA,CAAK,YAAA;AAAA,UAClB,SAAA,EAAW,KAAK,UAAA,IAAc,QAAA;AAAA,UAC9B,UAAA,EAAY,KAAK,GAAA;AAAI,SACvB;AAGA,QAAA,IAAI;AACF,UAAA,MAAM,QAAQ,MAAM,IAAA,CAAK,cAAA,CAAe,IAAA,CAAK,cAAc,MAAM,CAAA;AACjE,UAAA,IAAI,KAAA,QAAa,KAAA,GAAQ,KAAA;AAAA,QAC3B,CAAA,CAAA,MAAQ;AAAA,QAER;AAEA,QAAA,OAAO,KAAA;AAAA,MACT;AAEA,MAAA,IAAI,IAAA,CAAK,UAAU,uBAAA,EAAyB;AAC1C,QAAA;AAAA,MACF;AAEA,MAAA,IAAI,IAAA,CAAK,UAAU,WAAA,EAAa;AAC9B,QAAA,cAAA,GAAA,CAAkB,IAAA,CAAK,QAAA,IAAY,QAAA,GAAW,CAAA,IAAK,GAAA;AACnD,QAAA;AAAA,MACF;AAEA,MAAA,IAAI,IAAA,CAAK,UAAU,eAAA,EAAiB;AAClC,QAAA,MAAM,IAAI,sBAAA,EAAuB;AAAA,MACnC;AAEA,MAAA,IAAI,IAAA,CAAK,UAAU,eAAA,EAAiB;AAClC,QAAA,MAAM,IAAI,iBAAA,EAAkB;AAAA,MAC9B;AAEA,MAAA,MAAM,IAAI,SAAA;AAAA,QACR,IAAA,CAAK,iBAAA,IAAqB,CAAA,kBAAA,EAAqB,IAAA,CAAK,KAAK,CAAA;AAAA,OAC3D;AAAA,IACF;AAAA,EACF;AAAA,EAEA,MAAc,cAAA,CACZ,KAAA,EACA,MAAA,EAC6B;AAC7B,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,OAAA,CAAQ,YAAA,EAAc;AAAA,MAChD,OAAA,EAAS;AAAA,QACP,aAAA,EAAe,UAAU,KAAK,CAAA,CAAA;AAAA,QAC9B,MAAA,EAAQ;AAAA,OACV;AAAA,MACA;AAAA,KACD,CAAA;AAED,IAAA,IAAI,CAAC,QAAA,CAAS,EAAA,EAAI,OAAO,MAAA;AAEzB,IAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,IAAA,OAAO,IAAA,CAAK,KAAA;AAAA,EACd;AAAA,EAEQ,KAAA,CAAM,IAAY,MAAA,EAAqC;AAC7D,IAAA,OAAO,IAAI,OAAA,CAAQ,CAAC,OAAA,EAAS,MAAA,KAAW;AACtC,MAAA,MAAM,KAAA,GAAQ,UAAA,CAAW,OAAA,EAAS,EAAE,CAAA;AACpC,MAAA,MAAA,EAAQ,gBAAA;AAAA,QACN,OAAA;AAAA,QACA,MAAM;AACJ,UAAA,YAAA,CAAa,KAAK,CAAA;AAClB,UAAA,MAAA,CAAO,IAAI,SAAA,CAAU,6BAA6B,CAAC,CAAA;AAAA,QACrD,CAAA;AAAA,QACA,EAAE,MAAM,IAAA;AAAK,OACf;AAAA,IACF,CAAC,CAAA;AAAA,EACH;AACF;ACvNA,IAAMA,UAAAA,GAAY,sCAAA;AAClB,IAAM,aAAA,GAAgB,mCAAA;AACtB,IAAM,SAAA,GAAY,4CAAA;AAClB,IAAM,oBAAA,GACJ,iDAAA;AACF,IAAMC,eAAAA,GACJ,wEAAA;AAsBK,IAAM,UAAA,GAAN,MAAM,WAAA,CAAW;AAAA,EACL,OAAA;AAAA,EACA,WAAA;AAAA;AAAA;AAAA;AAAA,EAKjB,YAAY,OAAA,EAGT;AACD,IAAA,IAAA,CAAK,OAAA,GAAU,OAAA,EAAS,KAAA,IAAS,UAAA,CAAW,KAAA;AAC5C,IAAA,IAAA,CAAK,WAAA,GAAc,SAAS,WAAA,IAAe,kBAAA;AAAA,EAC7C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAqBA,eAAe,OAAA,EAA6C;AAC1D,IAAA,MAAM,WAAA,GAAc,SAAS,WAAA,IAAe,oBAAA;AAC5C,IAAA,MAAM,MAAA,GAAS,SAAS,MAAA,IAAUA,eAAAA;AAElC,IAAA,MAAM,YAAA,GAAe,KAAK,oBAAA,EAAqB;AAC/C,IAAA,MAAM,KAAA,GAAQ,KAAK,aAAA,EAAc;AAEjC,IAAA,MAAM,eAAe,IAAA,CAAK,iBAAA;AAAA,MACxB,WAAA;AAAA,MACA,MAAA;AAAA,MACA,YAAA;AAAA,MACA;AAAA,KACF;AAEA,IAAA,OAAO;AAAA,MACL,YAAA;AAAA,MACA,YAAA,EAAc,CAAC,SAAA,KAAsB;AACnC,QAAA,MAAM,IAAA,GAAO,WAAA,CAAW,WAAA,CAAY,SAAS,CAAA;AAC7C,QAAA,OAAO,IAAA,CAAK,YAAA,CAAa,IAAA,EAAM,YAAA,EAAc,OAAO,WAAW,CAAA;AAAA,MACjE;AAAA,KACF;AAAA,EACF;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,OAAO,YAAY,KAAA,EAAuB;AACxC,IAAA,MAAM,OAAA,GAAU,MAAM,IAAA,EAAK;AAC3B,IAAA,IAAI;AACF,MAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,OAAO,CAAA;AAC3B,MAAA,MAAM,IAAA,GAAO,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAM,CAAA;AACxC,MAAA,IAAI,MAAM,OAAO,IAAA;AAAA,IACnB,CAAA,CAAA,MAAQ;AAAA,IAER;AAEA,IAAA,MAAM,OAAA,GAAU,OAAA,CAAQ,OAAA,CAAQ,GAAG,CAAA;AACnC,IAAA,IAAI,UAAU,CAAA,EAAG;AACf,MAAA,OAAO,OAAA,CAAQ,SAAA,CAAU,CAAA,EAAG,OAAO,CAAA;AAAA,IACrC;AACA,IAAA,OAAO,OAAA;AAAA,EACT;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,MAAM,aAAa,YAAA,EAAgD;AACjE,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,OAAA,CAAQ,SAAA,EAAW;AAAA,MAC7C,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,MAC9C,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,QACnB,UAAA,EAAY,eAAA;AAAA,QACZ,aAAA,EAAe,YAAA;AAAA,QACf,SAAA,EAAWD;AAAA,OACZ;AAAA,KACF,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,CAAA,sBAAA,EAAyB,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA;AAAA,OAClD;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,IAAA,OAAO,IAAA,CAAK,iBAAiB,IAAI,CAAA;AAAA,EACnC;AAAA,EAEQ,oBAAA,GAA+B;AACrC,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,WAAA,CAAY,EAAE,CAAA;AACjC,IAAA,OAAO,YAAA,CAAa,KAAK,CAAA,CACtB,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAClB,OAAA,CAAQ,IAAA,EAAM,GAAG,CAAA,CACjB,OAAA,CAAQ,OAAO,GAAG,CAAA;AAAA,EACvB;AAAA,EAEQ,aAAA,GAAwB;AAC9B,IAAA,MAAM,KAAA,GAAQ,IAAA,CAAK,WAAA,CAAY,EAAE,CAAA;AACjC,IAAA,OAAO,UAAU,KAAK,CAAA;AAAA,EACxB;AAAA,EAEQ,iBAAA,CACN,WAAA,EACA,MAAA,EACA,YAAA,EACA,KAAA,EACQ;AACR,IAAA,MAAM,aAAA,GAAgB,IAAA,CAAK,yBAAA,CAA0B,YAAY,CAAA;AAEjE,IAAA,MAAM,GAAA,GAAM,IAAI,GAAA,CAAI,aAAa,CAAA;AACjC,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,MAAA,EAAQ,MAAM,CAAA;AACnC,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,WAAA,EAAaA,UAAS,CAAA;AAC3C,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,eAAA,EAAiB,MAAM,CAAA;AAC5C,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,cAAA,EAAgB,WAAW,CAAA;AAChD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,MAAM,CAAA;AACpC,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,gBAAA,EAAkB,aAAa,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,uBAAA,EAAyB,MAAM,CAAA;AACpD,IAAA,GAAA,CAAI,YAAA,CAAa,GAAA,CAAI,OAAA,EAAS,KAAK,CAAA;AAEnC,IAAA,OAAO,IAAI,QAAA,EAAS;AAAA,EACtB;AAAA,EAEQ,0BAA0B,QAAA,EAA0B;AAC1D,IAAA,MAAM,IAAA,GAAO,WAAW,QAAQ,CAAA,CAAE,OAAO,QAAQ,CAAA,CAAE,OAAO,QAAQ,CAAA;AAClE,IAAA,OAAO,IAAA,CAAK,KAAA,CAAM,GAAG,CAAA,CAAE,CAAC,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA,CAAE,OAAA,CAAQ,KAAA,EAAO,GAAG,CAAA;AAAA,EAClE;AAAA,EAEA,MAAc,YAAA,CACZ,IAAA,EACA,YAAA,EACA,OACA,WAAA,EAC0B;AAC1B,IAAA,MAAM,QAAA,GAAW,MAAM,IAAA,CAAK,OAAA,CAAQ,SAAA,EAAW;AAAA,MAC7C,MAAA,EAAQ,MAAA;AAAA,MACR,OAAA,EAAS,EAAE,cAAA,EAAgB,kBAAA,EAAmB;AAAA,MAC9C,IAAA,EAAM,KAAK,SAAA,CAAU;AAAA,QACnB,UAAA,EAAY,oBAAA;AAAA,QACZ,IAAA;AAAA,QACA,YAAA,EAAc,WAAA;AAAA,QACd,SAAA,EAAWA,UAAAA;AAAA,QACX,aAAA,EAAe,YAAA;AAAA,QACf;AAAA,OACD;AAAA,KACF,CAAA;AAED,IAAA,IAAI,CAAC,SAAS,EAAA,EAAI;AAChB,MAAA,MAAM,IAAA,GAAO,MAAM,QAAA,CAAS,IAAA,EAAK;AACjC,MAAA,MAAM,IAAI,kBAAA;AAAA,QACR,CAAA,uBAAA,EAA0B,QAAA,CAAS,MAAM,CAAA,CAAA,EAAI,IAAI,CAAA;AAAA,OACnD;AAAA,IACF;AAEA,IAAA,MAAM,IAAA,GAAQ,MAAM,QAAA,CAAS,IAAA,EAAK;AAClC,IAAA,OAAO,IAAA,CAAK,iBAAiB,IAAI,CAAA;AAAA,EACnC;AAAA,EAEQ,iBAAiB,IAAA,EAAsC;AAC7D,IAAA,OAAO;AAAA,MACL,aAAa,IAAA,CAAK,YAAA;AAAA,MAClB,SAAA,EAAW,KAAK,UAAA,IAAc,QAAA;AAAA,MAC9B,WAAW,IAAA,CAAK,UAAA;AAAA,MAChB,UAAA,EAAY,KAAK,GAAA,EAAI;AAAA,MACrB,cAAc,IAAA,CAAK,aAAA;AAAA,MACnB,QAAQ,IAAA,CAAK,KAAA,EAAO,KAAA,CAAM,GAAG,KAAK;AAAC,KACrC;AAAA,EACF;AACF;AAcA,SAAS,mBAAmB,IAAA,EAA0B;AACpD,EAAA,OAAO,IAAI,UAAA,CAAWE,WAAA,CAAgB,IAAI,CAAC,CAAA;AAC7C;AAEA,SAAS,aAAa,KAAA,EAA2B;AAC/C,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,CAAE,SAAS,QAAQ,CAAA;AAC7C;AAEA,SAAS,UAAU,KAAA,EAA2B;AAC5C,EAAA,OAAO,MAAA,CAAO,IAAA,CAAK,KAAK,CAAA,CAAE,SAAS,KAAK,CAAA;AAC1C","file":"index.js","sourcesContent":["// ─── Auth Token Types ──────────────────────────────────────────\n\n/**\n * Base auth token returned by all auth providers.\n *\n * @example\n * ```ts\n * import type { AuthToken } from \"@witqq/agent-sdk/auth\";\n *\n * const token: AuthToken = {\n * accessToken: \"gho_abc123...\",\n * tokenType: \"bearer\",\n * obtainedAt: Date.now(),\n * };\n * ```\n */\nexport interface AuthToken {\n /** The access token string */\n accessToken: string;\n /** Token type (e.g. \"bearer\") */\n tokenType: string;\n /** Seconds until token expires (undefined = long-lived) */\n expiresIn?: number;\n /** Timestamp when the token was obtained */\n obtainedAt: number;\n}\n\n/**\n * Copilot-specific token (GitHub OAuth, long-lived).\n *\n * @example\n * ```ts\n * import type { CopilotAuthToken } from \"@witqq/agent-sdk/auth\";\n *\n * const token: CopilotAuthToken = {\n * accessToken: \"gho_abc123...\",\n * tokenType: \"bearer\",\n * obtainedAt: Date.now(),\n * login: \"octocat\",\n * };\n * ```\n */\nexport interface CopilotAuthToken extends AuthToken {\n /** GitHub user login associated with the token */\n login?: string;\n}\n\n/**\n * Claude-specific token (OAuth+PKCE, expires in 8h).\n *\n * @example\n * ```ts\n * import type { ClaudeAuthToken } from \"@witqq/agent-sdk/auth\";\n *\n * const token: ClaudeAuthToken = {\n * accessToken: \"sk-ant-oat01-...\",\n * tokenType: \"bearer\",\n * expiresIn: 28800,\n * obtainedAt: Date.now(),\n * refreshToken: \"sk-ant-rt01-...\",\n * scopes: [\"user:inference\", \"user:profile\"],\n * };\n * ```\n */\nexport interface ClaudeAuthToken extends AuthToken {\n /** Refresh token for obtaining new access tokens */\n refreshToken: string;\n /** OAuth scopes granted */\n scopes: string[];\n}\n\n// ─── Device Flow Types (Copilot) ──────────────────────────────\n\n/**\n * Result of initiating a GitHub Device Flow.\n *\n * @example\n * ```ts\n * import { CopilotAuth } from \"@witqq/agent-sdk/auth\";\n *\n * const auth = new CopilotAuth();\n * const { userCode, verificationUrl, waitForToken } = await auth.startDeviceFlow();\n * console.log(`Open ${verificationUrl} and enter code: ${userCode}`);\n * const token = await waitForToken();\n * ```\n */\nexport interface DeviceFlowResult {\n /** The code the user must enter at the verification URL */\n userCode: string;\n /** URL where the user enters the code */\n verificationUrl: string;\n /** Polls GitHub until user authorizes; resolves with token */\n waitForToken: (signal?: AbortSignal) => Promise<CopilotAuthToken>;\n}\n\n// ─── OAuth Flow Types (Claude) ────────────────────────────────\n\n/** Options for starting a Claude OAuth flow */\nexport interface OAuthFlowOptions {\n /** The redirect URI registered with the OAuth app */\n redirectUri?: string;\n /** OAuth scopes to request (defaults to user:profile user:inference) */\n scopes?: string;\n}\n\n/**\n * Result of initiating a Claude OAuth flow.\n *\n * @example\n * ```ts\n * import type { OAuthFlowResult } from \"@witqq/agent-sdk/auth\";\n *\n * const result: OAuthFlowResult = {\n * authorizeUrl: \"https://claude.ai/oauth/authorize?...\",\n * completeAuth: async (code) => ({ ... }),\n * };\n * // Open result.authorizeUrl in browser, get code from redirect\n * const token = await result.completeAuth(code);\n * ```\n */\nexport interface OAuthFlowResult {\n /** URL to open in browser for user authorization */\n authorizeUrl: string;\n /** Exchange the authorization code (or full redirect URL) for tokens */\n completeAuth: (codeOrUrl: string) => Promise<ClaudeAuthToken>;\n}\n\n// ─── Auth Errors ──────────────────────────────────────────────\n\n/** Base error for auth operations.\n * @param message - Error description\n * @param options - Standard ErrorOptions (e.g. cause)\n */\nexport class AuthError extends Error {\n constructor(message: string, options?: ErrorOptions) {\n super(message, options);\n this.name = \"AuthError\";\n }\n}\n\n/** Device code expired before user authorized */\nexport class DeviceCodeExpiredError extends AuthError {\n constructor() {\n super(\"Device code expired. Please restart the auth flow.\");\n this.name = \"DeviceCodeExpiredError\";\n }\n}\n\n/** User denied access during OAuth flow */\nexport class AccessDeniedError extends AuthError {\n constructor() {\n super(\"Access was denied by the user.\");\n this.name = \"AccessDeniedError\";\n }\n}\n\n/** Token exchange or refresh failed.\n * @param message - Error description\n * @param options - Standard ErrorOptions (e.g. cause)\n */\nexport class TokenExchangeError extends AuthError {\n constructor(message: string, options?: ErrorOptions) {\n super(message, options);\n this.name = \"TokenExchangeError\";\n }\n}\n","import type { CopilotAuthToken, DeviceFlowResult } from \"./types.js\";\nimport {\n AuthError,\n DeviceCodeExpiredError,\n AccessDeniedError,\n} from \"./types.js\";\n\nconst CLIENT_ID = \"Ov23ctDVkRmgkPke0Mmm\";\nconst DEVICE_CODE_URL = \"https://github.com/login/device/code\";\nconst ACCESS_TOKEN_URL = \"https://github.com/login/oauth/access_token\";\nconst USER_API_URL = \"https://api.github.com/user\";\nconst DEFAULT_SCOPES = \"read:user,read:org,repo,gist\";\nconst GRANT_TYPE = \"urn:ietf:params:oauth:grant-type:device_code\";\n\ninterface DeviceCodeResponse {\n device_code: string;\n user_code: string;\n verification_uri: string;\n expires_in: number;\n interval: number;\n}\n\ninterface TokenPollResponse {\n access_token?: string;\n token_type?: string;\n scope?: string;\n error?: string;\n error_description?: string;\n interval?: number;\n}\n\ninterface GitHubUser {\n login: string;\n}\n\n/** Fetch function type for dependency injection in tests */\ntype FetchFn = typeof globalThis.fetch;\n\n/**\n * Programmatic GitHub Device Flow authentication for Copilot SDK.\n *\n * @example\n * ```ts\n * const auth = new CopilotAuth();\n * const flow = await auth.startDeviceFlow();\n * console.log(`Open ${flow.verificationUrl} and enter ${flow.userCode}`);\n * const token = await flow.waitForToken();\n * // Use token.accessToken with CopilotBackendOptions.githubToken\n * ```\n */\nexport class CopilotAuth {\n private readonly fetchFn: FetchFn;\n\n /** @param options - Optional configuration with custom fetch for testing */\n constructor(options?: { fetch?: FetchFn }) {\n this.fetchFn = options?.fetch ?? globalThis.fetch;\n }\n\n /**\n * Start the GitHub Device Flow.\n * Returns a device code result with user code, verification URL,\n * and a `waitForToken()` function that polls until the user authorizes.\n *\n * @param options - Optional scopes and abort signal\n * @returns Device flow result with user code, verification URL, and waitForToken poller\n * @throws {AuthError} If the device code request fails\n * @throws {DeviceCodeExpiredError} If the device code expires before user authorizes\n * @throws {AccessDeniedError} If the user denies access\n *\n * @example\n * ```ts\n * const auth = new CopilotAuth();\n * const { userCode, verificationUrl, waitForToken } = await auth.startDeviceFlow();\n * console.log(`Open ${verificationUrl} and enter code: ${userCode}`);\n * const token = await waitForToken();\n * ```\n */\n async startDeviceFlow(options?: {\n scopes?: string;\n signal?: AbortSignal;\n }): Promise<DeviceFlowResult> {\n const scopes = options?.scopes ?? DEFAULT_SCOPES;\n const response = await this.fetchFn(DEVICE_CODE_URL, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n Accept: \"application/json\",\n },\n body: new URLSearchParams({\n client_id: CLIENT_ID,\n scope: scopes,\n }),\n signal: options?.signal,\n });\n\n if (!response.ok) {\n throw new AuthError(\n `Failed to request device code: ${response.status} ${response.statusText}`,\n );\n }\n\n const data = (await response.json()) as DeviceCodeResponse;\n\n return {\n userCode: data.user_code,\n verificationUrl: data.verification_uri,\n waitForToken: (signal?: AbortSignal) =>\n this.pollForToken(data.device_code, data.interval, signal),\n };\n }\n\n private async pollForToken(\n deviceCode: string,\n interval: number,\n signal?: AbortSignal,\n ): Promise<CopilotAuthToken> {\n let pollIntervalMs = interval * 1000;\n\n while (true) {\n if (signal?.aborted) {\n throw new AuthError(\"Authentication was aborted.\");\n }\n\n await this.delay(pollIntervalMs, signal);\n\n const response = await this.fetchFn(ACCESS_TOKEN_URL, {\n method: \"POST\",\n headers: {\n \"Content-Type\": \"application/x-www-form-urlencoded\",\n Accept: \"application/json\",\n },\n body: new URLSearchParams({\n client_id: CLIENT_ID,\n device_code: deviceCode,\n grant_type: GRANT_TYPE,\n }),\n signal,\n });\n\n if (!response.ok) {\n throw new AuthError(\n `Token poll failed: ${response.status} ${response.statusText}`,\n );\n }\n\n const data = (await response.json()) as TokenPollResponse;\n\n if (data.access_token) {\n const token: CopilotAuthToken = {\n accessToken: data.access_token,\n tokenType: data.token_type ?? \"bearer\",\n obtainedAt: Date.now(),\n };\n\n // Try to fetch user login\n try {\n const login = await this.fetchUserLogin(data.access_token, signal);\n if (login) token.login = login;\n } catch {\n // Non-critical: login is optional\n }\n\n return token;\n }\n\n if (data.error === \"authorization_pending\") {\n continue;\n }\n\n if (data.error === \"slow_down\") {\n pollIntervalMs = (data.interval ?? interval + 5) * 1000;\n continue;\n }\n\n if (data.error === \"expired_token\") {\n throw new DeviceCodeExpiredError();\n }\n\n if (data.error === \"access_denied\") {\n throw new AccessDeniedError();\n }\n\n throw new AuthError(\n data.error_description ?? `Unexpected error: ${data.error}`,\n );\n }\n }\n\n private async fetchUserLogin(\n token: string,\n signal?: AbortSignal,\n ): Promise<string | undefined> {\n const response = await this.fetchFn(USER_API_URL, {\n headers: {\n Authorization: `Bearer ${token}`,\n Accept: \"application/json\",\n },\n signal,\n });\n\n if (!response.ok) return undefined;\n\n const user = (await response.json()) as GitHubUser;\n return user.login;\n }\n\n private delay(ms: number, signal?: AbortSignal): Promise<void> {\n return new Promise((resolve, reject) => {\n const timer = setTimeout(resolve, ms);\n signal?.addEventListener(\n \"abort\",\n () => {\n clearTimeout(timer);\n reject(new AuthError(\"Authentication was aborted.\"));\n },\n { once: true },\n );\n });\n }\n}\n","import type { ClaudeAuthToken, OAuthFlowResult, OAuthFlowOptions } from \"./types.js\";\nimport { TokenExchangeError } from \"./types.js\";\nimport { createHash, randomBytes as nodeRandomBytes } from \"node:crypto\";\n\nconst CLIENT_ID = \"9d1c250a-e61b-44d9-88ed-5944d1962f5e\";\nconst AUTHORIZE_URL = \"https://claude.ai/oauth/authorize\";\nconst TOKEN_URL = \"https://platform.claude.com/v1/oauth/token\";\nconst DEFAULT_REDIRECT_URI =\n \"https://platform.claude.com/oauth/code/callback\";\nconst DEFAULT_SCOPES =\n \"user:profile user:inference user:sessions:claude_code user:mcp_servers\";\n\n/** Fetch function type for dependency injection in tests */\ntype FetchFn = typeof globalThis.fetch;\n\n/** Random bytes generator for dependency injection in tests */\ntype RandomBytesFn = (size: number) => Uint8Array;\n\n/**\n * Programmatic OAuth+PKCE authentication for Claude SDK.\n *\n * @example\n * ```ts\n * const auth = new ClaudeAuth();\n * const { authorizeUrl, completeAuth } = auth.startOAuthFlow({\n * redirectUri: \"https://platform.claude.com/oauth/code/callback\",\n * });\n * // Open authorizeUrl in browser, get code from redirect\n * const token = await completeAuth(code);\n * // Use token with ClaudeBackendOptions: env.CLAUDE_CODE_OAUTH_TOKEN\n * ```\n */\nexport class ClaudeAuth {\n private readonly fetchFn: FetchFn;\n private readonly randomBytes: RandomBytesFn;\n\n /**\n * @param options - Optional configuration with custom fetch and random bytes for testing\n */\n constructor(options?: {\n fetch?: FetchFn;\n randomBytes?: RandomBytesFn;\n }) {\n this.fetchFn = options?.fetch ?? globalThis.fetch;\n this.randomBytes = options?.randomBytes ?? defaultRandomBytes;\n }\n\n /**\n * Start the Claude OAuth+PKCE flow.\n * Generates PKCE code verifier/challenge and returns an authorize URL\n * plus a `completeAuth(code)` function for token exchange.\n *\n * @param options - Redirect URI and optional scopes\n * @returns OAuth flow result with authorize URL and completeAuth function\n * @throws {AuthError} If PKCE generation fails\n *\n * @example\n * ```ts\n * const auth = new ClaudeAuth();\n * const { authorizeUrl, completeAuth } = auth.startOAuthFlow({\n * redirectUri: \"https://platform.claude.com/oauth/code/callback\",\n * });\n * console.log(`Open: ${authorizeUrl}`);\n * const token = await completeAuth(authorizationCode);\n * ```\n */\n startOAuthFlow(options?: OAuthFlowOptions): OAuthFlowResult {\n const redirectUri = options?.redirectUri ?? DEFAULT_REDIRECT_URI;\n const scopes = options?.scopes ?? DEFAULT_SCOPES;\n\n const codeVerifier = this.generateCodeVerifier();\n const state = this.generateState();\n\n const authorizeUrl = this.buildAuthorizeUrl(\n redirectUri,\n scopes,\n codeVerifier,\n state,\n );\n\n return {\n authorizeUrl,\n completeAuth: (codeOrUrl: string) => {\n const code = ClaudeAuth.extractCode(codeOrUrl);\n return this.exchangeCode(code, codeVerifier, state, redirectUri);\n },\n };\n }\n\n /**\n * Extract an authorization code from user input.\n * Accepts a raw code string or a full redirect URL containing a `code` query parameter.\n *\n * @param input - Raw authorization code or redirect URL\n * @returns The extracted authorization code\n *\n * @example\n * ```ts\n * ClaudeAuth.extractCode(\"abc123\"); // \"abc123\"\n * ClaudeAuth.extractCode(\"https://platform.claude.com/oauth/code/callback?code=abc123&state=xyz\"); // \"abc123\"\n * ```\n */\n static extractCode(input: string): string {\n const trimmed = input.trim();\n try {\n const url = new URL(trimmed);\n const code = url.searchParams.get(\"code\");\n if (code) return code;\n } catch {\n // Not a URL — treat as raw code\n }\n // Handle code#state format from redirect page\n const hashIdx = trimmed.indexOf(\"#\");\n if (hashIdx > 0) {\n return trimmed.substring(0, hashIdx);\n }\n return trimmed;\n }\n\n /**\n * Refresh an expired Claude token.\n *\n * @param refreshToken - The refresh token from a previous authentication\n * @returns New auth token with refreshed access token\n * @throws {TokenExchangeError} If the refresh request fails\n *\n * @example\n * ```ts\n * const auth = new ClaudeAuth();\n * const newToken = await auth.refreshToken(oldToken.refreshToken);\n * ```\n */\n async refreshToken(refreshToken: string): Promise<ClaudeAuthToken> {\n const response = await this.fetchFn(TOKEN_URL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n grant_type: \"refresh_token\",\n refresh_token: refreshToken,\n client_id: CLIENT_ID,\n }),\n });\n\n if (!response.ok) {\n const text = await response.text();\n throw new TokenExchangeError(\n `Token refresh failed: ${response.status} ${text}`,\n );\n }\n\n const data = (await response.json()) as TokenResponse;\n return this.mapTokenResponse(data);\n }\n\n private generateCodeVerifier(): string {\n const bytes = this.randomBytes(96);\n return base64Encode(bytes)\n .replace(/\\+/g, \"~\")\n .replace(/=/g, \"_\")\n .replace(/\\//g, \"-\");\n }\n\n private generateState(): string {\n const bytes = this.randomBytes(16);\n return hexEncode(bytes);\n }\n\n private buildAuthorizeUrl(\n redirectUri: string,\n scopes: string,\n codeVerifier: string,\n state: string,\n ): string {\n const codeChallenge = this.generateCodeChallengeSync(codeVerifier);\n\n const url = new URL(AUTHORIZE_URL);\n url.searchParams.set(\"code\", \"true\");\n url.searchParams.set(\"client_id\", CLIENT_ID);\n url.searchParams.set(\"response_type\", \"code\");\n url.searchParams.set(\"redirect_uri\", redirectUri);\n url.searchParams.set(\"scope\", scopes);\n url.searchParams.set(\"code_challenge\", codeChallenge);\n url.searchParams.set(\"code_challenge_method\", \"S256\");\n url.searchParams.set(\"state\", state);\n\n return url.toString();\n }\n\n private generateCodeChallengeSync(verifier: string): string {\n const hash = createHash(\"sha256\").update(verifier).digest(\"base64\");\n return hash.split(\"=\")[0].replace(/\\+/g, \"-\").replace(/\\//g, \"_\");\n }\n\n private async exchangeCode(\n code: string,\n codeVerifier: string,\n state: string,\n redirectUri: string,\n ): Promise<ClaudeAuthToken> {\n const response = await this.fetchFn(TOKEN_URL, {\n method: \"POST\",\n headers: { \"Content-Type\": \"application/json\" },\n body: JSON.stringify({\n grant_type: \"authorization_code\",\n code,\n redirect_uri: redirectUri,\n client_id: CLIENT_ID,\n code_verifier: codeVerifier,\n state,\n }),\n });\n\n if (!response.ok) {\n const text = await response.text();\n throw new TokenExchangeError(\n `Token exchange failed: ${response.status} ${text}`,\n );\n }\n\n const data = (await response.json()) as TokenResponse;\n return this.mapTokenResponse(data);\n }\n\n private mapTokenResponse(data: TokenResponse): ClaudeAuthToken {\n return {\n accessToken: data.access_token,\n tokenType: data.token_type ?? \"bearer\",\n expiresIn: data.expires_in,\n obtainedAt: Date.now(),\n refreshToken: data.refresh_token,\n scopes: data.scope?.split(\" \") ?? [],\n };\n }\n}\n\n// ─── Internal Types ───────────────────────────────────────────\n\ninterface TokenResponse {\n access_token: string;\n token_type?: string;\n expires_in?: number;\n scope?: string;\n refresh_token: string;\n}\n\n// ─── Utility Functions ────────────────────────────────────────\n\nfunction defaultRandomBytes(size: number): Uint8Array {\n return new Uint8Array(nodeRandomBytes(size));\n}\n\nfunction base64Encode(bytes: Uint8Array): string {\n return Buffer.from(bytes).toString(\"base64\");\n}\n\nfunction hexEncode(bytes: Uint8Array): string {\n return Buffer.from(bytes).toString(\"hex\");\n}\n"]}

package/dist/backends/claude.cjs CHANGED Viewed

@@ -43,6 +43,10 @@ var BaseAgent = class {
   state = "idle";
   abortController = null;
   config;
+  /** CLI session ID for persistent mode. Override in backends that support it. */
+  get sessionId() {
+    return void 0;
+  }
   constructor(config) {
     this.config = Object.freeze({ ...config });
   }
@@ -337,12 +341,9 @@ function _injectSDK(mock) {
 function _resetSDK() {
   sdkModule = null;
 }
-var CLAUDE_KNOWN_MODELS = [
-  { id: "claude-sonnet-4-5-20250514", name: "Claude Sonnet 4.5" },
-  { id: "claude-haiku-3-5-20241022", name: "Claude 3.5 Haiku" },
-  { id: "claude-opus-4-20250514", name: "Claude Opus 4" },
-  { id: "claude-sonnet-4-20250514", name: "Claude Sonnet 4" }
-];
+var ANTHROPIC_MODELS_URL = "https://api.anthropic.com/v1/models";
+var ANTHROPIC_API_VERSION = "2023-06-01";
+var ANTHROPIC_OAUTH_BETA = "oauth-2025-04-20";
 function buildMcpServer(sdk, tools, toolResultCapture) {
   if (tools.length === 0) return void 0;
   const mcpTools = tools.map(
@@ -586,17 +587,27 @@ var ClaudeAgent = class extends BaseAgent {
   options;
   tools;
   canUseTool;
+  isPersistent;
+  _sessionId;
   constructor(config, options) {
     super(config);
     this.options = options;
     this.tools = config.tools;
     this.canUseTool = buildCanUseTool(config);
+    this.isPersistent = config.sessionMode === "persistent";
     if (config.supervisor?.onAskUser) {
       console.warn(
         "[agent-sdk/claude] supervisor.onAskUser is not supported by the Claude CLI backend. User interaction requests from the model will not be forwarded."
       );
     }
   }
+  get sessionId() {
+    return this._sessionId;
+  }
+  /** Clear persistent session state after an error so next call starts fresh */
+  clearPersistentSession() {
+    this._sessionId = void 0;
+  }
   buildQueryOptions(signal) {
     const ac = new AbortController();
     signal.addEventListener("abort", () => ac.abort(), { once: true });
@@ -606,13 +617,19 @@ var ClaudeAgent = class extends BaseAgent {
       maxTurns: this.options.maxTurns,
       cwd: this.options.workingDirectory,
       pathToClaudeCodeExecutable: this.options.cliPath,
-      persistSession: false,
+      persistSession: this.isPersistent,
       includePartialMessages: true,
       canUseTool: this.canUseTool
     };
+    if (this.isPersistent && this._sessionId) {
+      opts.resume = this._sessionId;
+    }
     if (this.config.systemPrompt) {
       opts.systemPrompt = this.config.systemPrompt;
     }
+    if (this.options.oauthToken) {
+      opts.env = { ...process.env, CLAUDE_CODE_OAUTH_TOKEN: this.options.oauthToken };
+    }
     return opts;
   }
   async buildMcpConfig(opts, toolResultCapture) {
@@ -630,7 +647,8 @@ var ClaudeAgent = class extends BaseAgent {
   async executeRun(messages, _options, signal) {
     this.checkAbort(signal);
     const sdk = await loadSDK();
-    const prompt = extractLastUserPrompt(messages);
+    const isResuming = this.isPersistent && this._sessionId !== void 0;
+    const prompt = isResuming ? extractLastUserPrompt(messages) : buildContextualPrompt(messages);
     let opts = this.buildQueryOptions(signal);
     const toolResultCapture = /* @__PURE__ */ new Map();
     opts = await this.buildMcpConfig(opts, toolResultCapture);
@@ -669,6 +687,9 @@ var ClaudeAgent = class extends BaseAgent {
             const r = msg;
             output = r.result;
             usage = aggregateUsage(r.modelUsage);
+            if (this.isPersistent && r.session_id) {
+              this._sessionId = r.session_id;
+            }
           } else if (msg.is_error) {
             const r = msg;
             throw new Error(
@@ -678,6 +699,7 @@ var ClaudeAgent = class extends BaseAgent {
         }
       }
     } catch (e) {
+      if (this.isPersistent) this.clearPersistentSession();
       if (signal.aborted) throw new AbortError();
       throw e;
     }
@@ -696,7 +718,8 @@ var ClaudeAgent = class extends BaseAgent {
   async executeRunStructured(messages, schema, _options, signal) {
     this.checkAbort(signal);
     const sdk = await loadSDK();
-    const prompt = extractLastUserPrompt(messages);
+    const isResuming = this.isPersistent && this._sessionId !== void 0;
+    const prompt = isResuming ? extractLastUserPrompt(messages) : buildContextualPrompt(messages);
     let opts = this.buildQueryOptions(signal);
     opts = await this.buildMcpConfig(opts);
     const jsonSchema = zodToJsonSchema(schema.schema);
@@ -732,6 +755,9 @@ var ClaudeAgent = class extends BaseAgent {
             }
           }
           usage = aggregateUsage(r.modelUsage);
+          if (this.isPersistent && r.session_id) {
+            this._sessionId = r.session_id;
+          }
         } else if (msg.type === "result" && msg.is_error) {
           const r = msg;
           throw new Error(
@@ -740,6 +766,7 @@ var ClaudeAgent = class extends BaseAgent {
         }
       }
     } catch (e) {
+      if (this.isPersistent) this.clearPersistentSession();
       if (signal.aborted) throw new AbortError();
       throw e;
     }
@@ -758,7 +785,8 @@ var ClaudeAgent = class extends BaseAgent {
   async *executeStream(messages, _options, signal) {
     this.checkAbort(signal);
     const sdk = await loadSDK();
-    const prompt = extractLastUserPrompt(messages);
+    const isResuming = this.isPersistent && this._sessionId !== void 0;
+    const prompt = isResuming ? extractLastUserPrompt(messages) : buildContextualPrompt(messages);
     let opts = this.buildQueryOptions(signal);
     opts = await this.buildMcpConfig(opts);
     const q = sdk.query({ prompt, options: opts });
@@ -777,15 +805,20 @@ var ClaudeAgent = class extends BaseAgent {
         }
         if (msg.type === "result" && msg.subtype === "success") {
           const r = msg;
+          if (this.isPersistent && r.session_id) {
+            this._sessionId = r.session_id;
+          }
           yield { type: "done", finalOutput: r.result };
         }
       }
     } catch (e) {
+      if (this.isPersistent) this.clearPersistentSession();
       if (signal.aborted) throw new AbortError();
       throw e;
     }
   }
   dispose() {
+    this._sessionId = void 0;
     super.dispose();
   }
 };
@@ -798,6 +831,20 @@ function extractLastUserPrompt(messages) {
   }
   return "";
 }
+function buildContextualPrompt(messages) {
+  if (messages.length <= 1) {
+    return extractLastUserPrompt(messages);
+  }
+  const history = messages.slice(0, -1).map((msg) => {
+    const text = msg.content ? getTextContent(msg.content) : "";
+    return msg.role === "user" ? `User: ${text}` : `Assistant: ${text}`;
+  }).join("\n");
+  const lastPrompt = extractLastUserPrompt(messages);
+  return `Conversation history:
+${history}
+User: ${lastPrompt}`;
+}
 var ClaudeAgentService = class {
   name = "claude";
   disposed = false;
@@ -813,9 +860,30 @@ var ClaudeAgentService = class {
   async listModels() {
     if (this.disposed) throw new DisposedError("ClaudeAgentService");
     if (this.cachedModels) return this.cachedModels;
-    this.cachedModels = CLAUDE_KNOWN_MODELS.map((m) => ({
+    const token = this.options.oauthToken;
+    if (!token) {
+      return [];
+    }
+    const res = await globalThis.fetch(
+      `${ANTHROPIC_MODELS_URL}?limit=100`,
+      {
+        headers: {
+          Authorization: `Bearer ${token}`,
+          "anthropic-version": ANTHROPIC_API_VERSION,
+          "anthropic-beta": ANTHROPIC_OAUTH_BETA
+        }
+      }
+    );
+    if (!res.ok) {
+      return [];
+    }
+    const body = await res.json();
+    if (!body.data || body.data.length === 0) {
+      return [];
+    }
+    this.cachedModels = body.data.map((m) => ({
       id: m.id,
-      name: m.name,
+      name: m.display_name,
       provider: "claude"
     }));
     return this.cachedModels;
@@ -836,7 +904,7 @@ var ClaudeAgentService = class {
       const q = sdk.query({
         prompt: "echo test",
         options: {
-          model: CLAUDE_KNOWN_MODELS[0].id,
+          model: "claude-sonnet-4-20250514",
           pathToClaudeCodeExecutable: this.options.cliPath,
           cwd: this.options.workingDirectory,
           persistSession: false,