npm - ampcode-connector - Versions diffs - 0.1.13 → 0.1.15 - Mend

ampcode-connector 0.1.13 → 0.1.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -10,6 +10,8 @@ bunx ampcode-connector          # start
 Requires [Bun](https://bun.sh) 1.3+. Config at `./config.yaml` or `~/.config/ampcode-connector/config.yaml` — see [`config.example.yaml`](config.example.yaml).
+`setup` writes `amp.url` to Amp's canonical settings file (`~/.config/amp/settings.json`, or `AMP_SETTINGS_FILE` if set). Amp tokens are stored in `~/.local/share/amp/secrets.json`.
 ## License
 [MIT](LICENSE)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "ampcode-connector",
-  "version": "0.1.13",
+  "version": "0.1.15",
   "description": "Proxy AmpCode through local OAuth subscriptions (Claude Code, Codex, Gemini CLI, Antigravity)",
   "license": "MIT",
   "repository": {

package/src/auth/oauth.ts CHANGED Viewed

@@ -36,18 +36,8 @@ export async function token(config: OAuthConfig, account = 0): Promise<string |
   if (store.fresh(creds)) return creds.accessToken;
-  try {
-    return (await refresh(config, creds.refreshToken, account)).accessToken;
-  } catch (err) {
-    logger.warn(`Token refresh failed for ${config.providerName}:${account}, retrying...`, { error: String(err) });
-    try {
-      await Bun.sleep(1000);
-      return (await refresh(config, creds.refreshToken, account)).accessToken;
-    } catch (retryErr) {
-      logger.error(`Token refresh retry failed for ${config.providerName}:${account}`, { error: String(retryErr) });
-      return null;
-    }
-  }
+  const refreshed = await refreshWithRetry(config, creds.refreshToken, account);
+  return refreshed?.accessToken ?? null;
 }
 export async function tokenFromAny(config: OAuthConfig): Promise<{ accessToken: string; account: number } | null> {
@@ -61,6 +51,7 @@ export async function tokenFromAny(config: OAuthConfig): Promise<{ accessToken:
       const refreshed = await refresh(config, c.refreshToken, account);
       return { accessToken: refreshed.accessToken, account };
     } catch (err) {
+      handleRefreshFailure(config, account, err);
       logger.debug(`${config.providerName}:${account} refresh failed in tokenFromAny`, { error: String(err) });
     }
   }
@@ -160,6 +151,29 @@ async function refresh(config: OAuthConfig, refreshToken: string, account = 0):
   return credentials;
 }
+async function refreshWithRetry(
+  config: OAuthConfig,
+  refreshToken: string,
+  account: number,
+): Promise<Credentials | null> {
+  try {
+    return await refresh(config, refreshToken, account);
+  } catch (err) {
+    if (handleRefreshFailure(config, account, err)) return null;
+    logger.warn(`Token refresh failed for ${config.providerName}:${account}, retrying...`, { error: String(err) });
+    try {
+      await Bun.sleep(1000);
+      return await refresh(config, refreshToken, account);
+    } catch (retryErr) {
+      handleRefreshFailure(config, account, retryErr);
+      logger.error(`Token refresh retry failed for ${config.providerName}:${account}`, { error: String(retryErr) });
+      return null;
+    }
+  }
+}
 async function exchange(config: OAuthConfig, params: Record<string, string>): Promise<Record<string, unknown>> {
   const all: Record<string, string> = { client_id: config.clientId, ...params };
   if (config.clientSecret) all.client_secret = config.clientSecret;
@@ -173,12 +187,83 @@ async function exchange(config: OAuthConfig, params: Record<string, string>): Pr
   if (!res.ok) {
     const text = await res.text();
-    throw new Error(`${config.providerName} token exchange failed (${res.status}): ${text}`);
+    const oauthError = parseOAuthError(text);
+    throw new TokenExchangeError(config.providerName, res.status, text, oauthError.code, oauthError.description);
   }
   return (await res.json()) as Record<string, unknown>;
 }
+class TokenExchangeError extends Error {
+  readonly status: number;
+  readonly responseBody: string;
+  readonly errorCode: string | null;
+  readonly errorDescription: string | null;
+  constructor(
+    providerName: string,
+    status: number,
+    responseBody: string,
+    errorCode: string | null,
+    errorDescription: string | null,
+  ) {
+    super(`${providerName} token exchange failed (${status}): ${responseBody}`);
+    this.name = "TokenExchangeError";
+    this.status = status;
+    this.responseBody = responseBody;
+    this.errorCode = errorCode;
+    this.errorDescription = errorDescription;
+  }
+}
+function parseOAuthError(responseBody: string): { code: string | null; description: string | null } {
+  try {
+    const parsed = JSON.parse(responseBody) as { error?: unknown; error_description?: unknown };
+    const code = typeof parsed.error === "string" ? parsed.error : null;
+    const description = typeof parsed.error_description === "string" ? parsed.error_description : null;
+    return { code, description };
+  } catch {
+    return { code: null, description: null };
+  }
+}
+/** Handles terminal refresh failures and returns true when retry should stop. */
+function handleRefreshFailure(config: OAuthConfig, account: number, err: unknown): boolean {
+  if (!isInvalidRefreshTokenError(err)) return false;
+  if (!store.get(config.providerName, account)) return false;
+  store.remove(config.providerName, account);
+  logger.warn(`Removed invalid refresh token for ${config.providerName}:${account}; re-login required.`, {
+    error: String(err),
+  });
+  return true;
+}
+function isInvalidRefreshTokenError(err: unknown): boolean {
+  if (!(err instanceof TokenExchangeError)) return false;
+  if (err.status !== 400 && err.status !== 401) return false;
+  if (err.errorCode === "invalid_grant") return true;
+  const description = err.errorDescription?.toLowerCase() ?? "";
+  const hasRefreshTokenContext = description.includes("refresh token");
+  const indicatesInvalidState =
+    description.includes("invalid") ||
+    description.includes("not found") ||
+    description.includes("expired") ||
+    description.includes("revoked");
+  if (hasRefreshTokenContext && indicatesInvalidState) return true;
+  const body = err.responseBody.toLowerCase();
+  return (
+    body.includes("invalid_grant") ||
+    body.includes("invalid refresh token") ||
+    body.includes("refresh token not found") ||
+    body.includes("refresh token is invalid")
+  );
+}
 function parseTokenFields(raw: Record<string, unknown>, config: OAuthConfig): Credentials {
   if (typeof raw.access_token !== "string" || !raw.access_token) {
     throw new Error(`${config.providerName} token response missing access_token`);

package/src/cli/setup.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 /** Auto-configure Amp CLI to route through ampcode-connector. */
-import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { existsSync, lstatSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
 import { homedir } from "node:os";
 import { dirname, join } from "node:path";
 import { loadConfig } from "../config/config.ts";
@@ -10,14 +10,26 @@ import * as status from "./status.ts";
 const AMP_SECRETS_DIR = join(homedir(), ".local", "share", "amp");
 const AMP_SECRETS_PATH = join(AMP_SECRETS_DIR, "secrets.json");
-const AMP_SETTINGS_PATHS = [
-  join(homedir(), ".config", "amp", "settings.json"),
-  join(homedir(), ".amp", "settings.json"),
-];
+const AMP_SETTINGS_PATH = join(homedir(), ".config", "amp", "settings.json");
+const AMP_LEGACY_SETTINGS_PATH = join(homedir(), ".amp", "settings.json");
-function ampSettingsPaths(): string[] {
+function ampSettingsPath(): string {
   const envPath = process.env.AMP_SETTINGS_FILE;
-  return envPath ? [envPath] : AMP_SETTINGS_PATHS;
+  return envPath || AMP_SETTINGS_PATH;
+}
+function warnLegacySettingsFile(): void {
+  if (process.env.AMP_SETTINGS_FILE || !existsSync(AMP_LEGACY_SETTINGS_PATH)) return;
+  try {
+    if (lstatSync(AMP_LEGACY_SETTINGS_PATH).isSymbolicLink()) return;
+  } catch {
+    return;
+  }
+  line(
+    `${s.yellow}!${s.reset} Legacy settings file detected at ${s.dim}${AMP_LEGACY_SETTINGS_PATH}${s.reset}. ` +
+      `Prefer a single source of truth at ${s.dim}${AMP_SETTINGS_PATH}${s.reset}.`,
+  );
 }
 function readJson(path: string): Record<string, unknown> {
@@ -88,14 +100,15 @@ export async function setup(): Promise<void> {
   line(`${s.bold}ampcode-connector setup${s.reset}`);
   line();
-  // Step 1: Configure amp.url in all settings files
-  for (const settingsPath of ampSettingsPaths()) {
-    const settings = readJson(settingsPath);
-    if (settings["amp.url"] === proxyUrl) continue;
+  // Step 1: Configure amp.url in canonical settings file
+  const settingsPath = ampSettingsPath();
+  const settings = readJson(settingsPath);
+  if (settings["amp.url"] !== proxyUrl) {
     settings["amp.url"] = proxyUrl;
     writeJson(settingsPath, settings);
   }
-  line(`${s.green}ok${s.reset} amp.url = ${s.cyan}${proxyUrl}${s.reset}`);
+  line(`${s.green}ok${s.reset} amp.url = ${s.cyan}${proxyUrl}${s.reset}  ${s.dim}${settingsPath}${s.reset}`);
+  warnLegacySettingsFile();
   // Step 2: Amp API key
   const existingKey = findAmpApiKey(proxyUrl);