bonecode 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/ARCHITECTURE.md +183 -0
- package/README.md +71 -0
- package/bin/bonecode +62 -0
- package/bone/migrations/rag_vectors.sql +258 -0
- package/bone/output/agent/.dockerignore +7 -0
- package/bone/output/agent/.env.example +36 -0
- package/bone/output/agent/.github/workflows/ci.yaml +58 -0
- package/bone/output/agent/AgentDomain.bone.map +350 -0
- package/bone/output/agent/AgentDomain.postman_collection.json +958 -0
- package/bone/output/agent/Dockerfile +22 -0
- package/bone/output/agent/README.md +47 -0
- package/bone/output/agent/admin/index.html +740 -0
- package/bone/output/agent/docker-compose.yaml +22 -0
- package/bone/output/agent/k8s/deployment.yaml +75 -0
- package/bone/output/agent/migrations/agent.sql +36 -0
- package/bone/output/agent/migrations/agent_instance.sql +36 -0
- package/bone/output/agent/migrations/audit_log.sql +18 -0
- package/bone/output/agent/migrations/build_step.sql +34 -0
- package/bone/output/agent/migrations/event_outbox.sql +31 -0
- package/bone/output/agent/migrations/plan.sql +30 -0
- package/bone/output/agent/migrations/task.sql +30 -0
- package/bone/output/agent/migrations/tool_call.sql +33 -0
- package/bone/output/agent/openapi.yaml +1116 -0
- package/bone/output/agent/package.json +36 -0
- package/bone/output/agent/schema.graphql +233 -0
- package/bone/output/agent/sdk/client.ts +231 -0
- package/bone/output/agent/src/algorithms.ts +2 -0
- package/bone/output/agent/src/audit.ts +44 -0
- package/bone/output/agent/src/auth.ts +57 -0
- package/bone/output/agent/src/cron.ts +12 -0
- package/bone/output/agent/src/db.ts +32 -0
- package/bone/output/agent/src/debug.ts +66 -0
- package/bone/output/agent/src/events.ts +243 -0
- package/bone/output/agent/src/extensions.ts +54 -0
- package/bone/output/agent/src/failure_rules.ts +323 -0
- package/bone/output/agent/src/flows.ts +168 -0
- package/bone/output/agent/src/health.ts +43 -0
- package/bone/output/agent/src/index.ts +100 -0
- package/bone/output/agent/src/logger.ts +66 -0
- package/bone/output/agent/src/metrics.ts +75 -0
- package/bone/output/agent/src/migrate.ts +352 -0
- package/bone/output/agent/src/migration_diff.ts +108 -0
- package/bone/output/agent/src/notify.ts +125 -0
- package/bone/output/agent/src/routes/agent_instance.ts +234 -0
- package/bone/output/agent/src/routes/build_step.ts +105 -0
- package/bone/output/agent/src/routes/plan.ts +91 -0
- package/bone/output/agent/src/routes/task.ts +105 -0
- package/bone/output/agent/src/routes/tool_call.ts +166 -0
- package/bone/output/agent/src/schemas.ts +384 -0
- package/bone/output/agent/src/state_machines/agent_instance.ts +24 -0
- package/bone/output/agent/src/state_machines/build_step.ts +22 -0
- package/bone/output/agent/src/state_machines/plan.ts +22 -0
- package/bone/output/agent/src/state_machines/task.ts +22 -0
- package/bone/output/agent/src/state_machines/tool_call.ts +22 -0
- package/bone/output/agent/src/tests.ts +362 -0
- package/bone/output/agent/src/websocket.ts +201 -0
- package/bone/output/agent/tsconfig.json +25 -0
- package/bone/output/rag/.dockerignore +7 -0
- package/bone/output/rag/.env.example +36 -0
- package/bone/output/rag/.github/workflows/ci.yaml +58 -0
- package/bone/output/rag/Dockerfile +22 -0
- package/bone/output/rag/RAGDomain.bone.map +287 -0
- package/bone/output/rag/RAGDomain.postman_collection.json +923 -0
- package/bone/output/rag/README.md +47 -0
- package/bone/output/rag/admin/index.html +818 -0
- package/bone/output/rag/docker-compose.yaml +22 -0
- package/bone/output/rag/k8s/deployment.yaml +75 -0
- package/bone/output/rag/migrations/audit_log.sql +18 -0
- package/bone/output/rag/migrations/code_chunk.sql +34 -0
- package/bone/output/rag/migrations/code_file.sql +33 -0
- package/bone/output/rag/migrations/event_outbox.sql +31 -0
- package/bone/output/rag/migrations/indexing_job.sql +33 -0
- package/bone/output/rag/migrations/knowledge_base.sql +35 -0
- package/bone/output/rag/migrations/memory_entry.sql +34 -0
- package/bone/output/rag/openapi.yaml +1097 -0
- package/bone/output/rag/package.json +36 -0
- package/bone/output/rag/schema.graphql +245 -0
- package/bone/output/rag/sdk/client.ts +234 -0
- package/bone/output/rag/src/algorithms.ts +2 -0
- package/bone/output/rag/src/audit.ts +37 -0
- package/bone/output/rag/src/auth.ts +57 -0
- package/bone/output/rag/src/cron.ts +12 -0
- package/bone/output/rag/src/db.ts +32 -0
- package/bone/output/rag/src/debug.ts +66 -0
- package/bone/output/rag/src/events.ts +243 -0
- package/bone/output/rag/src/extensions.ts +350 -0
- package/bone/output/rag/src/failure_rules.ts +315 -0
- package/bone/output/rag/src/flows.ts +239 -0
- package/bone/output/rag/src/health.ts +43 -0
- package/bone/output/rag/src/index.ts +95 -0
- package/bone/output/rag/src/logger.ts +66 -0
- package/bone/output/rag/src/metrics.ts +75 -0
- package/bone/output/rag/src/migrate.ts +364 -0
- package/bone/output/rag/src/migration_diff.ts +108 -0
- package/bone/output/rag/src/notify.ts +99 -0
- package/bone/output/rag/src/routes/code_chunk.ts +75 -0
- package/bone/output/rag/src/routes/code_file.ts +101 -0
- package/bone/output/rag/src/routes/indexing_job.ts +87 -0
- package/bone/output/rag/src/routes/knowledge_base.ts +230 -0
- package/bone/output/rag/src/routes/memory_entry.ts +87 -0
- package/bone/output/rag/src/schemas.ts +394 -0
- package/bone/output/rag/src/state_machines/code_file.ts +23 -0
- package/bone/output/rag/src/state_machines/indexing_job.ts +22 -0
- package/bone/output/rag/src/state_machines/knowledge_base.ts +23 -0
- package/bone/output/rag/src/state_machines/memory_entry.ts +20 -0
- package/bone/output/rag/src/tests.ts +340 -0
- package/bone/output/rag/tsconfig.json +25 -0
- package/bone/output/session/.dockerignore +7 -0
- package/bone/output/session/.env.example +36 -0
- package/bone/output/session/.github/workflows/ci.yaml +58 -0
- package/bone/output/session/Dockerfile +22 -0
- package/bone/output/session/README.md +47 -0
- package/bone/output/session/SessionDomain.bone.map +350 -0
- package/bone/output/session/SessionDomain.postman_collection.json +958 -0
- package/bone/output/session/admin/index.html +667 -0
- package/bone/output/session/docker-compose.yaml +22 -0
- package/bone/output/session/k8s/deployment.yaml +75 -0
- package/bone/output/session/migrations/audit_log.sql +18 -0
- package/bone/output/session/migrations/event_outbox.sql +31 -0
- package/bone/output/session/migrations/message.sql +31 -0
- package/bone/output/session/migrations/part.sql +28 -0
- package/bone/output/session/migrations/permission.sql +28 -0
- package/bone/output/session/migrations/project.sql +28 -0
- package/bone/output/session/migrations/session.sql +38 -0
- package/bone/output/session/openapi.yaml +1101 -0
- package/bone/output/session/package.json +36 -0
- package/bone/output/session/schema.graphql +222 -0
- package/bone/output/session/sdk/client.ts +225 -0
- package/bone/output/session/src/algorithms.ts +2 -0
- package/bone/output/session/src/audit.ts +44 -0
- package/bone/output/session/src/auth.ts +57 -0
- package/bone/output/session/src/cron.ts +12 -0
- package/bone/output/session/src/db.ts +32 -0
- package/bone/output/session/src/debug.ts +66 -0
- package/bone/output/session/src/events.ts +270 -0
- package/bone/output/session/src/extensions.ts +215 -0
- package/bone/output/session/src/failure_rules.ts +284 -0
- package/bone/output/session/src/flows.ts +168 -0
- package/bone/output/session/src/health.ts +43 -0
- package/bone/output/session/src/index.ts +100 -0
- package/bone/output/session/src/logger.ts +66 -0
- package/bone/output/session/src/metrics.ts +75 -0
- package/bone/output/session/src/migrate.ts +332 -0
- package/bone/output/session/src/migration_diff.ts +108 -0
- package/bone/output/session/src/notify.ts +112 -0
- package/bone/output/session/src/routes/message.ts +93 -0
- package/bone/output/session/src/routes/part.ts +79 -0
- package/bone/output/session/src/routes/permission.ts +79 -0
- package/bone/output/session/src/routes/project.ts +79 -0
- package/bone/output/session/src/routes/session.ts +294 -0
- package/bone/output/session/src/schemas.ts +357 -0
- package/bone/output/session/src/state_machines/session.ts +23 -0
- package/bone/output/session/src/tests.ts +326 -0
- package/bone/output/session/src/websocket.ts +201 -0
- package/bone/output/session/tsconfig.json +25 -0
- package/bone/output/workspace/.dockerignore +7 -0
- package/bone/output/workspace/.env.example +36 -0
- package/bone/output/workspace/.github/workflows/ci.yaml +58 -0
- package/bone/output/workspace/Dockerfile +22 -0
- package/bone/output/workspace/README.md +45 -0
- package/bone/output/workspace/WorkspaceDomain.bone.map +189 -0
- package/bone/output/workspace/WorkspaceDomain.postman_collection.json +621 -0
- package/bone/output/workspace/admin/index.html +485 -0
- package/bone/output/workspace/docker-compose.yaml +22 -0
- package/bone/output/workspace/k8s/deployment.yaml +75 -0
- package/bone/output/workspace/migrations/audit_log.sql +18 -0
- package/bone/output/workspace/migrations/codebase.sql +34 -0
- package/bone/output/workspace/migrations/event_outbox.sql +31 -0
- package/bone/output/workspace/migrations/snapshot.sql +32 -0
- package/bone/output/workspace/migrations/workspace.sql +33 -0
- package/bone/output/workspace/openapi.yaml +721 -0
- package/bone/output/workspace/package.json +36 -0
- package/bone/output/workspace/schema.graphql +153 -0
- package/bone/output/workspace/sdk/client.ts +155 -0
- package/bone/output/workspace/src/algorithms.ts +2 -0
- package/bone/output/workspace/src/audit.ts +37 -0
- package/bone/output/workspace/src/auth.ts +57 -0
- package/bone/output/workspace/src/cron.ts +12 -0
- package/bone/output/workspace/src/db.ts +32 -0
- package/bone/output/workspace/src/debug.ts +66 -0
- package/bone/output/workspace/src/events.ts +243 -0
- package/bone/output/workspace/src/extensions.ts +44 -0
- package/bone/output/workspace/src/failure_rules.ts +153 -0
- package/bone/output/workspace/src/health.ts +43 -0
- package/bone/output/workspace/src/index.ts +89 -0
- package/bone/output/workspace/src/logger.ts +66 -0
- package/bone/output/workspace/src/metrics.ts +75 -0
- package/bone/output/workspace/src/migrate.ts +220 -0
- package/bone/output/workspace/src/migration_diff.ts +108 -0
- package/bone/output/workspace/src/notify.ts +73 -0
- package/bone/output/workspace/src/routes/codebase.ts +87 -0
- package/bone/output/workspace/src/routes/snapshot.ts +127 -0
- package/bone/output/workspace/src/routes/workspace.ts +190 -0
- package/bone/output/workspace/src/schemas.ts +231 -0
- package/bone/output/workspace/src/state_machines/codebase.ts +21 -0
- package/bone/output/workspace/src/state_machines/snapshot.ts +20 -0
- package/bone/output/workspace/src/state_machines/workspace.ts +21 -0
- package/bone/output/workspace/src/tests.ts +249 -0
- package/bone/output/workspace/tsconfig.json +25 -0
- package/compat/opencode_adapter.ts +410 -0
- package/package.json +69 -0
- package/scripts/check_benchmark_session.js +34 -0
- package/scripts/check_finish_event.js +24 -0
- package/scripts/check_parts.js +15 -0
- package/scripts/compile.js +79 -0
- package/scripts/copy_opencode.ps1 +53 -0
- package/scripts/create_functions.sql +129 -0
- package/scripts/migrate.js +85 -0
- package/scripts/migrate_from_opencode.ts +218 -0
- package/scripts/test_agent_loop.js +101 -0
- package/scripts/test_api.ps1 +116 -0
- package/scripts/test_context_builder.js +136 -0
- package/scripts/test_context_builder.ts +97 -0
- package/scripts/test_rag.js +189 -0
- package/scripts/test_stream_events.js +36 -0
- package/scripts/test_websocket_and_saga.js +216 -0
- package/src/cli.ts +475 -0
- package/src/config.ts +162 -0
- package/src/context_builder.ts +598 -0
- package/src/engine/account/account.sql.ts +39 -0
- package/src/engine/account/account.ts +456 -0
- package/src/engine/account/repo.ts +166 -0
- package/src/engine/account/schema.ts +99 -0
- package/src/engine/account/url.ts +8 -0
- package/src/engine/acp/README.md +174 -0
- package/src/engine/acp/agent.ts +1968 -0
- package/src/engine/acp/runtime.ts +22 -0
- package/src/engine/acp/session.ts +122 -0
- package/src/engine/acp/types.ts +24 -0
- package/src/engine/agent/agent.ts +463 -0
- package/src/engine/agent/generate.txt +75 -0
- package/src/engine/agent/prompt/compaction.txt +9 -0
- package/src/engine/agent/prompt/explore.txt +18 -0
- package/src/engine/agent/prompt/scout.txt +36 -0
- package/src/engine/agent/prompt/summary.txt +11 -0
- package/src/engine/agent/prompt/title.txt +44 -0
- package/src/engine/agent/subagent-permissions.ts +34 -0
- package/src/engine/auth/index.ts +96 -0
- package/src/engine/background/background/job.ts +200 -0
- package/src/engine/background/job.ts +200 -0
- package/src/engine/bus/bus-event.ts +45 -0
- package/src/engine/bus/global.ts +22 -0
- package/src/engine/bus/index.ts +203 -0
- package/src/engine/command/command/index.ts +181 -0
- package/src/engine/command/command/template/initialize.txt +66 -0
- package/src/engine/command/command/template/review.txt +101 -0
- package/src/engine/command/index.ts +181 -0
- package/src/engine/command/template/initialize.txt +66 -0
- package/src/engine/command/template/review.txt +101 -0
- package/src/engine/config/agent.ts +172 -0
- package/src/engine/config/attachment.ts +25 -0
- package/src/engine/config/command.ts +62 -0
- package/src/engine/config/config.ts +833 -0
- package/src/engine/config/console-state.ts +14 -0
- package/src/engine/config/entry-name.ts +16 -0
- package/src/engine/config/error.ts +23 -0
- package/src/engine/config/formatter.ts +13 -0
- package/src/engine/config/layout.ts +6 -0
- package/src/engine/config/lsp.ts +43 -0
- package/src/engine/config/managed.ts +71 -0
- package/src/engine/config/markdown.ts +96 -0
- package/src/engine/config/mcp.ts +56 -0
- package/src/engine/config/model-id.ts +5 -0
- package/src/engine/config/parse.ts +79 -0
- package/src/engine/config/paths.ts +45 -0
- package/src/engine/config/permission.ts +58 -0
- package/src/engine/config/plugin.ts +84 -0
- package/src/engine/config/provider.ts +111 -0
- package/src/engine/config/reference.ts +23 -0
- package/src/engine/config/server.ts +19 -0
- package/src/engine/config/skills.ts +14 -0
- package/src/engine/config/variable.ts +90 -0
- package/src/engine/control-plane/adapters/index.ts +41 -0
- package/src/engine/control-plane/adapters/worktree.ts +96 -0
- package/src/engine/control-plane/dev/README.md +19 -0
- package/src/engine/control-plane/dev/debug-workspace-plugin.ts +73 -0
- package/src/engine/control-plane/schema.ts +14 -0
- package/src/engine/control-plane/types.ts +59 -0
- package/src/engine/control-plane/util.ts +39 -0
- package/src/engine/control-plane/workspace-adapter-runtime.ts +51 -0
- package/src/engine/control-plane/workspace-context.ts +26 -0
- package/src/engine/control-plane/workspace.sql.ts +20 -0
- package/src/engine/control-plane/workspace.ts +1072 -0
- package/src/engine/data-migration.ts +161 -0
- package/src/engine/effect/app-runtime.ts +143 -0
- package/src/engine/effect/bootstrap-runtime.ts +29 -0
- package/src/engine/effect/bridge.ts +84 -0
- package/src/engine/effect/config-service.ts +67 -0
- package/src/engine/effect/instance-ref.ts +11 -0
- package/src/engine/effect/instance-registry.ts +12 -0
- package/src/engine/effect/instance-state.ts +72 -0
- package/src/engine/effect/promise.ts +17 -0
- package/src/engine/effect/run-service.ts +47 -0
- package/src/engine/effect/runner.ts +217 -0
- package/src/engine/effect/runtime-flags.ts +74 -0
- package/src/engine/effect/service-use.ts +38 -0
- package/src/engine/env/index.ts +37 -0
- package/src/engine/event-v2-bridge.ts +89 -0
- package/src/engine/file/file/ignore.ts +81 -0
- package/src/engine/file/file/index.ts +651 -0
- package/src/engine/file/file/protected.ts +59 -0
- package/src/engine/file/file/ripgrep.ts +481 -0
- package/src/engine/file/file/watcher.ts +167 -0
- package/src/engine/file/ignore.ts +81 -0
- package/src/engine/file/index.ts +651 -0
- package/src/engine/file/protected.ts +59 -0
- package/src/engine/file/ripgrep.ts +481 -0
- package/src/engine/file/watcher.ts +167 -0
- package/src/engine/format/format/formatter.ts +404 -0
- package/src/engine/format/format/index.ts +209 -0
- package/src/engine/format/formatter.ts +404 -0
- package/src/engine/format/index.ts +209 -0
- package/src/engine/git/git/index.ts +347 -0
- package/src/engine/git/index.ts +347 -0
- package/src/engine/id/id.ts +80 -0
- package/src/engine/ide/index.ts +70 -0
- package/src/engine/image/image/image.ts +176 -0
- package/src/engine/image/image.ts +176 -0
- package/src/engine/index.ts +251 -0
- package/src/engine/installation/index.ts +327 -0
- package/src/engine/lsp/client.ts +707 -0
- package/src/engine/lsp/diagnostic.ts +29 -0
- package/src/engine/lsp/language.ts +121 -0
- package/src/engine/lsp/launch.ts +21 -0
- package/src/engine/lsp/lsp/client.ts +707 -0
- package/src/engine/lsp/lsp/diagnostic.ts +29 -0
- package/src/engine/lsp/lsp/language.ts +121 -0
- package/src/engine/lsp/lsp/launch.ts +21 -0
- package/src/engine/lsp/lsp/lsp.ts +507 -0
- package/src/engine/lsp/lsp/server.ts +2064 -0
- package/src/engine/lsp/lsp.ts +507 -0
- package/src/engine/lsp/server.ts +2064 -0
- package/src/engine/mcp/auth.ts +146 -0
- package/src/engine/mcp/index.ts +958 -0
- package/src/engine/mcp/mcp/auth.ts +146 -0
- package/src/engine/mcp/mcp/index.ts +958 -0
- package/src/engine/mcp/mcp/oauth-callback.ts +232 -0
- package/src/engine/mcp/mcp/oauth-provider.ts +214 -0
- package/src/engine/mcp/oauth-callback.ts +232 -0
- package/src/engine/mcp/oauth-provider.ts +214 -0
- package/src/engine/node.ts +6 -0
- package/src/engine/patch/index.ts +689 -0
- package/src/engine/patch/patch/index.ts +689 -0
- package/src/engine/permission/arity.ts +163 -0
- package/src/engine/permission/evaluate.ts +15 -0
- package/src/engine/permission/index.ts +306 -0
- package/src/engine/permission/permission/arity.ts +163 -0
- package/src/engine/permission/permission/evaluate.ts +15 -0
- package/src/engine/permission/permission/index.ts +306 -0
- package/src/engine/permission/permission/schema.ts +13 -0
- package/src/engine/permission/schema.ts +13 -0
- package/src/engine/plugin/azure.ts +26 -0
- package/src/engine/plugin/cloudflare.ts +76 -0
- package/src/engine/plugin/codex.ts +622 -0
- package/src/engine/plugin/digitalocean.ts +411 -0
- package/src/engine/plugin/github-copilot/copilot.ts +394 -0
- package/src/engine/plugin/github-copilot/models.ts +196 -0
- package/src/engine/plugin/index.ts +295 -0
- package/src/engine/plugin/install.ts +439 -0
- package/src/engine/plugin/loader.ts +216 -0
- package/src/engine/plugin/meta.ts +188 -0
- package/src/engine/plugin/shared.ts +323 -0
- package/src/engine/project/bootstrap-service.ts +9 -0
- package/src/engine/project/bootstrap.ts +75 -0
- package/src/engine/project/instance-context.ts +24 -0
- package/src/engine/project/instance-layer.ts +11 -0
- package/src/engine/project/instance-runtime.ts +16 -0
- package/src/engine/project/instance-store.ts +193 -0
- package/src/engine/project/project.sql.ts +17 -0
- package/src/engine/project/project.ts +537 -0
- package/src/engine/project/schema.ts +13 -0
- package/src/engine/project/vcs.ts +405 -0
- package/src/engine/provider/auth.ts +225 -0
- package/src/engine/provider/error.ts +204 -0
- package/src/engine/provider/model-status.ts +8 -0
- package/src/engine/provider/provider.ts +1843 -0
- package/src/engine/provider/schema.ts +30 -0
- package/src/engine/provider/sdk/copilot/AGENTS.md +1 -0
- package/src/engine/provider/transform.ts +1376 -0
- package/src/engine/pty/index.ts +365 -0
- package/src/engine/pty/input.ts +24 -0
- package/src/engine/pty/pty/index.ts +365 -0
- package/src/engine/pty/pty/input.ts +24 -0
- package/src/engine/pty/pty/pty.bun.ts +26 -0
- package/src/engine/pty/pty/pty.node.ts +27 -0
- package/src/engine/pty/pty/pty.ts +25 -0
- package/src/engine/pty/pty/schema.ts +14 -0
- package/src/engine/pty/pty/ticket.ts +68 -0
- package/src/engine/pty/pty.bun.ts +26 -0
- package/src/engine/pty/pty.node.ts +27 -0
- package/src/engine/pty/pty.ts +25 -0
- package/src/engine/pty/schema.ts +14 -0
- package/src/engine/pty/ticket.ts +68 -0
- package/src/engine/question/index.ts +213 -0
- package/src/engine/question/question/index.ts +213 -0
- package/src/engine/question/question/schema.ts +10 -0
- package/src/engine/question/schema.ts +10 -0
- package/src/engine/reference/reference/reference.ts +241 -0
- package/src/engine/reference/reference/repository-cache.ts +147 -0
- package/src/engine/reference/reference.ts +241 -0
- package/src/engine/reference/repository-cache.ts +147 -0
- package/src/engine/session/compaction.ts +651 -0
- package/src/engine/session/compaction_logic.ts +120 -0
- package/src/engine/session/instruction.ts +238 -0
- package/src/engine/session/instruction_loader.ts +54 -0
- package/src/engine/session/llm.ts +459 -0
- package/src/engine/session/message-error.ts +14 -0
- package/src/engine/session/message-v2.ts +1202 -0
- package/src/engine/session/message.ts +146 -0
- package/src/engine/session/overflow.ts +32 -0
- package/src/engine/session/overflow_check.ts +46 -0
- package/src/engine/session/processor.ts +823 -0
- package/src/engine/session/prompt/anthropic.txt +105 -0
- package/src/engine/session/prompt/beast.txt +147 -0
- package/src/engine/session/prompt/build-switch.txt +5 -0
- package/src/engine/session/prompt/codex.txt +79 -0
- package/src/engine/session/prompt/copilot-gpt-5.txt +143 -0
- package/src/engine/session/prompt/default.txt +105 -0
- package/src/engine/session/prompt/gemini.txt +155 -0
- package/src/engine/session/prompt/gpt.txt +107 -0
- package/src/engine/session/prompt/kimi.txt +95 -0
- package/src/engine/session/prompt/max-steps.txt +16 -0
- package/src/engine/session/prompt/plan-reminder-anthropic.txt +67 -0
- package/src/engine/session/prompt/plan.txt +26 -0
- package/src/engine/session/prompt/trinity.txt +97 -0
- package/src/engine/session/prompt.ts +671 -0
- package/src/engine/session/provider_transform.ts +187 -0
- package/src/engine/session/retry.ts +200 -0
- package/src/engine/session/retry_logic.ts +65 -0
- package/src/engine/session/revert.ts +162 -0
- package/src/engine/session/run-state.ts +153 -0
- package/src/engine/session/schema.ts +26 -0
- package/src/engine/session/session.sql.ts +137 -0
- package/src/engine/session/session.ts +1011 -0
- package/src/engine/session/status.ts +94 -0
- package/src/engine/session/summary.ts +164 -0
- package/src/engine/session/system.ts +84 -0
- package/src/engine/session/system_prompt.ts +65 -0
- package/src/engine/session/todo.ts +81 -0
- package/src/engine/session/tool_registry.ts +162 -0
- package/src/engine/share/session.ts +61 -0
- package/src/engine/share/share-next.ts +376 -0
- package/src/engine/share/share.sql.ts +13 -0
- package/src/engine/shell/shell/shell.ts +215 -0
- package/src/engine/shell/shell.ts +215 -0
- package/src/engine/skill/discovery.ts +116 -0
- package/src/engine/skill/index.ts +336 -0
- package/src/engine/skill/prompt/customize-opencode.md +377 -0
- package/src/engine/skill/skill/discovery.ts +116 -0
- package/src/engine/skill/skill/index.ts +336 -0
- package/src/engine/skill/skill/prompt/customize-opencode.md +377 -0
- package/src/engine/snapshot/index.ts +762 -0
- package/src/engine/snapshot/snapshot/index.ts +762 -0
- package/src/engine/sync/README.md +179 -0
- package/src/engine/sync/event.sql.ts +17 -0
- package/src/engine/sync/index.ts +410 -0
- package/src/engine/sync/schema.ts +11 -0
- package/src/engine/temporary.ts +33 -0
- package/src/engine/tool/apply_patch.ts +313 -0
- package/src/engine/tool/apply_patch.txt +33 -0
- package/src/engine/tool/edit.ts +711 -0
- package/src/engine/tool/edit.txt +10 -0
- package/src/engine/tool/external-directory.ts +49 -0
- package/src/engine/tool/glob.ts +103 -0
- package/src/engine/tool/glob.txt +6 -0
- package/src/engine/tool/grep.ts +156 -0
- package/src/engine/tool/grep.txt +8 -0
- package/src/engine/tool/invalid.ts +21 -0
- package/src/engine/tool/json-schema.ts +164 -0
- package/src/engine/tool/lsp.ts +113 -0
- package/src/engine/tool/lsp.txt +24 -0
- package/src/engine/tool/mcp-websearch.ts +96 -0
- package/src/engine/tool/plan-enter.txt +14 -0
- package/src/engine/tool/plan-exit.txt +13 -0
- package/src/engine/tool/plan.ts +78 -0
- package/src/engine/tool/question.ts +44 -0
- package/src/engine/tool/question.txt +10 -0
- package/src/engine/tool/read.ts +337 -0
- package/src/engine/tool/read.txt +14 -0
- package/src/engine/tool/registry.ts +472 -0
- package/src/engine/tool/repo_clone.ts +80 -0
- package/src/engine/tool/repo_clone.txt +5 -0
- package/src/engine/tool/repo_overview.ts +279 -0
- package/src/engine/tool/repo_overview.txt +4 -0
- package/src/engine/tool/schema.ts +14 -0
- package/src/engine/tool/shell/id.ts +19 -0
- package/src/engine/tool/shell/prompt.ts +295 -0
- package/src/engine/tool/shell/shell.txt +77 -0
- package/src/engine/tool/shell.ts +647 -0
- package/src/engine/tool/skill.ts +75 -0
- package/src/engine/tool/skill.txt +5 -0
- package/src/engine/tool/task.ts +337 -0
- package/src/engine/tool/task.txt +58 -0
- package/src/engine/tool/task_status.ts +179 -0
- package/src/engine/tool/task_status.txt +13 -0
- package/src/engine/tool/todo.ts +57 -0
- package/src/engine/tool/todowrite.txt +167 -0
- package/src/engine/tool/tool/apply_patch.ts +313 -0
- package/src/engine/tool/tool/apply_patch.txt +33 -0
- package/src/engine/tool/tool/edit.ts +711 -0
- package/src/engine/tool/tool/edit.txt +10 -0
- package/src/engine/tool/tool/external-directory.ts +49 -0
- package/src/engine/tool/tool/glob.ts +103 -0
- package/src/engine/tool/tool/glob.txt +6 -0
- package/src/engine/tool/tool/grep.ts +156 -0
- package/src/engine/tool/tool/grep.txt +8 -0
- package/src/engine/tool/tool/invalid.ts +21 -0
- package/src/engine/tool/tool/json-schema.ts +164 -0
- package/src/engine/tool/tool/lsp.ts +113 -0
- package/src/engine/tool/tool/lsp.txt +24 -0
- package/src/engine/tool/tool/mcp-websearch.ts +96 -0
- package/src/engine/tool/tool/plan-enter.txt +14 -0
- package/src/engine/tool/tool/plan-exit.txt +13 -0
- package/src/engine/tool/tool/plan.ts +78 -0
- package/src/engine/tool/tool/question.ts +44 -0
- package/src/engine/tool/tool/question.txt +10 -0
- package/src/engine/tool/tool/read.ts +337 -0
- package/src/engine/tool/tool/read.txt +14 -0
- package/src/engine/tool/tool/registry.ts +472 -0
- package/src/engine/tool/tool/repo_clone.ts +80 -0
- package/src/engine/tool/tool/repo_clone.txt +5 -0
- package/src/engine/tool/tool/repo_overview.ts +279 -0
- package/src/engine/tool/tool/repo_overview.txt +4 -0
- package/src/engine/tool/tool/schema.ts +14 -0
- package/src/engine/tool/tool/shell/id.ts +19 -0
- package/src/engine/tool/tool/shell/prompt.ts +295 -0
- package/src/engine/tool/tool/shell/shell.txt +77 -0
- package/src/engine/tool/tool/shell.ts +647 -0
- package/src/engine/tool/tool/skill.ts +75 -0
- package/src/engine/tool/tool/skill.txt +5 -0
- package/src/engine/tool/tool/task.ts +337 -0
- package/src/engine/tool/tool/task.txt +58 -0
- package/src/engine/tool/tool/task_status.ts +179 -0
- package/src/engine/tool/tool/task_status.txt +13 -0
- package/src/engine/tool/tool/todo.ts +57 -0
- package/src/engine/tool/tool/todowrite.txt +167 -0
- package/src/engine/tool/tool/tool.ts +164 -0
- package/src/engine/tool/tool/truncate.ts +160 -0
- package/src/engine/tool/tool/truncation-dir.ts +4 -0
- package/src/engine/tool/tool/webfetch.ts +192 -0
- package/src/engine/tool/tool/webfetch.txt +13 -0
- package/src/engine/tool/tool/websearch.ts +143 -0
- package/src/engine/tool/tool/websearch.txt +14 -0
- package/src/engine/tool/tool/write.ts +104 -0
- package/src/engine/tool/tool/write.txt +8 -0
- package/src/engine/tool/tool.ts +164 -0
- package/src/engine/tool/truncate.ts +160 -0
- package/src/engine/tool/truncation-dir.ts +4 -0
- package/src/engine/tool/webfetch.ts +192 -0
- package/src/engine/tool/webfetch.txt +13 -0
- package/src/engine/tool/websearch.ts +143 -0
- package/src/engine/tool/websearch.txt +14 -0
- package/src/engine/tool/write.ts +104 -0
- package/src/engine/tool/write.txt +8 -0
- package/src/engine/util/archive.ts +17 -0
- package/src/engine/util/bom.ts +31 -0
- package/src/engine/util/data-url.ts +9 -0
- package/src/engine/util/defer.ts +10 -0
- package/src/engine/util/effect-http-client.ts +11 -0
- package/src/engine/util/error.ts +88 -0
- package/src/engine/util/filesystem.ts +252 -0
- package/src/engine/util/format.ts +20 -0
- package/src/engine/util/iife.ts +3 -0
- package/src/engine/util/lazy.ts +20 -0
- package/src/engine/util/local-context.ts +25 -0
- package/src/engine/util/locale.ts +86 -0
- package/src/engine/util/media.ts +26 -0
- package/src/engine/util/process.ts +176 -0
- package/src/engine/util/queue.ts +32 -0
- package/src/engine/util/record.ts +3 -0
- package/src/engine/util/repository.ts +158 -0
- package/src/engine/util/rpc.ts +66 -0
- package/src/engine/util/signal.ts +12 -0
- package/src/engine/util/timeout.ts +13 -0
- package/src/engine/util/token.ts +7 -0
- package/src/engine/util/util/archive.ts +17 -0
- package/src/engine/util/util/bom.ts +31 -0
- package/src/engine/util/util/data-url.ts +9 -0
- package/src/engine/util/util/defer.ts +10 -0
- package/src/engine/util/util/effect-http-client.ts +11 -0
- package/src/engine/util/util/error.ts +88 -0
- package/src/engine/util/util/filesystem.ts +252 -0
- package/src/engine/util/util/format.ts +20 -0
- package/src/engine/util/util/iife.ts +3 -0
- package/src/engine/util/util/lazy.ts +20 -0
- package/src/engine/util/util/local-context.ts +25 -0
- package/src/engine/util/util/locale.ts +86 -0
- package/src/engine/util/util/media.ts +26 -0
- package/src/engine/util/util/process.ts +176 -0
- package/src/engine/util/util/queue.ts +32 -0
- package/src/engine/util/util/record.ts +3 -0
- package/src/engine/util/util/repository.ts +158 -0
- package/src/engine/util/util/rpc.ts +66 -0
- package/src/engine/util/util/signal.ts +12 -0
- package/src/engine/util/util/timeout.ts +13 -0
- package/src/engine/util/util/token.ts +7 -0
- package/src/engine/util/util/which.ts +14 -0
- package/src/engine/util/util/wildcard.ts +59 -0
- package/src/engine/util/which.ts +14 -0
- package/src/engine/util/wildcard.ts +59 -0
- package/src/engine/worktree/index.ts +621 -0
- package/src/rag_worker.ts +519 -0
- package/src/server.ts +201 -0
- package/src/tui.ts +637 -0
- package/tsconfig.json +24 -0
|
@@ -0,0 +1,232 @@
|
|
|
1
|
+
import { createConnection } from "net"
|
|
2
|
+
import { createServer } from "http"
|
|
3
|
+
import * as Log from "@opencode-ai/core/util/log"
|
|
4
|
+
import { OAUTH_CALLBACK_PORT, OAUTH_CALLBACK_PATH, parseRedirectUri } from "./oauth-provider"
|
|
5
|
+
|
|
6
|
+
const log = Log.create({ service: "mcp.oauth-callback" })
|
|
7
|
+
|
|
8
|
+
// Current callback server configuration (may differ from defaults if custom redirectUri is used)
|
|
9
|
+
let currentPort = OAUTH_CALLBACK_PORT
|
|
10
|
+
let currentPath = OAUTH_CALLBACK_PATH
|
|
11
|
+
|
|
12
|
+
const HTML_SUCCESS = `<!DOCTYPE html>
|
|
13
|
+
<html>
|
|
14
|
+
<head>
|
|
15
|
+
<title>OpenCode - Authorization Successful</title>
|
|
16
|
+
<style>
|
|
17
|
+
body { font-family: system-ui, -apple-system, sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: #1a1a2e; color: #eee; }
|
|
18
|
+
.container { text-align: center; padding: 2rem; }
|
|
19
|
+
h1 { color: #4ade80; margin-bottom: 1rem; }
|
|
20
|
+
p { color: #aaa; }
|
|
21
|
+
</style>
|
|
22
|
+
</head>
|
|
23
|
+
<body>
|
|
24
|
+
<div class="container">
|
|
25
|
+
<h1>Authorization Successful</h1>
|
|
26
|
+
<p>You can close this window and return to OpenCode.</p>
|
|
27
|
+
</div>
|
|
28
|
+
<script>setTimeout(() => window.close(), 2000);</script>
|
|
29
|
+
</body>
|
|
30
|
+
</html>`
|
|
31
|
+
|
|
32
|
+
const HTML_ERROR = (error: string) => `<!DOCTYPE html>
|
|
33
|
+
<html>
|
|
34
|
+
<head>
|
|
35
|
+
<title>OpenCode - Authorization Failed</title>
|
|
36
|
+
<style>
|
|
37
|
+
body { font-family: system-ui, -apple-system, sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: #1a1a2e; color: #eee; }
|
|
38
|
+
.container { text-align: center; padding: 2rem; }
|
|
39
|
+
h1 { color: #f87171; margin-bottom: 1rem; }
|
|
40
|
+
p { color: #aaa; }
|
|
41
|
+
.error { color: #fca5a5; font-family: monospace; margin-top: 1rem; padding: 1rem; background: rgba(248,113,113,0.1); border-radius: 0.5rem; }
|
|
42
|
+
</style>
|
|
43
|
+
</head>
|
|
44
|
+
<body>
|
|
45
|
+
<div class="container">
|
|
46
|
+
<h1>Authorization Failed</h1>
|
|
47
|
+
<p>An error occurred during authorization.</p>
|
|
48
|
+
<div class="error">${error}</div>
|
|
49
|
+
</div>
|
|
50
|
+
</body>
|
|
51
|
+
</html>`
|
|
52
|
+
|
|
53
|
+
interface PendingAuth {
|
|
54
|
+
resolve: (code: string) => void
|
|
55
|
+
reject: (error: Error) => void
|
|
56
|
+
timeout: ReturnType<typeof setTimeout>
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
let server: ReturnType<typeof createServer> | undefined
|
|
60
|
+
const pendingAuths = new Map<string, PendingAuth>()
|
|
61
|
+
// Reverse index: mcpName → oauthState, so cancelPending(mcpName) can
|
|
62
|
+
// find the right entry in pendingAuths (which is keyed by oauthState).
|
|
63
|
+
const mcpNameToState = new Map<string, string>()
|
|
64
|
+
|
|
65
|
+
const CALLBACK_TIMEOUT_MS = 5 * 60 * 1000 // 5 minutes
|
|
66
|
+
|
|
67
|
+
function cleanupStateIndex(oauthState: string) {
|
|
68
|
+
for (const [name, state] of mcpNameToState) {
|
|
69
|
+
if (state === oauthState) {
|
|
70
|
+
mcpNameToState.delete(name)
|
|
71
|
+
break
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
function handleRequest(req: import("http").IncomingMessage, res: import("http").ServerResponse) {
|
|
77
|
+
const url = new URL(req.url || "/", `http://localhost:${currentPort}`)
|
|
78
|
+
|
|
79
|
+
if (url.pathname !== currentPath) {
|
|
80
|
+
res.writeHead(404)
|
|
81
|
+
res.end("Not found")
|
|
82
|
+
return
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
const code = url.searchParams.get("code")
|
|
86
|
+
const state = url.searchParams.get("state")
|
|
87
|
+
const error = url.searchParams.get("error")
|
|
88
|
+
const errorDescription = url.searchParams.get("error_description")
|
|
89
|
+
|
|
90
|
+
log.info("received oauth callback", { hasCode: !!code, state, error })
|
|
91
|
+
|
|
92
|
+
// Enforce state parameter presence
|
|
93
|
+
if (!state) {
|
|
94
|
+
const errorMsg = "Missing required state parameter - potential CSRF attack"
|
|
95
|
+
log.error("oauth callback missing state parameter", { url: url.toString() })
|
|
96
|
+
res.writeHead(400, { "Content-Type": "text/html" })
|
|
97
|
+
res.end(HTML_ERROR(errorMsg))
|
|
98
|
+
return
|
|
99
|
+
}
|
|
100
|
+
|
|
101
|
+
if (error) {
|
|
102
|
+
const errorMsg = errorDescription || error
|
|
103
|
+
if (pendingAuths.has(state)) {
|
|
104
|
+
const pending = pendingAuths.get(state)!
|
|
105
|
+
clearTimeout(pending.timeout)
|
|
106
|
+
pendingAuths.delete(state)
|
|
107
|
+
cleanupStateIndex(state)
|
|
108
|
+
pending.reject(new Error(errorMsg))
|
|
109
|
+
}
|
|
110
|
+
res.writeHead(200, { "Content-Type": "text/html" })
|
|
111
|
+
res.end(HTML_ERROR(errorMsg))
|
|
112
|
+
return
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
if (!code) {
|
|
116
|
+
res.writeHead(400, { "Content-Type": "text/html" })
|
|
117
|
+
res.end(HTML_ERROR("No authorization code provided"))
|
|
118
|
+
return
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
// Validate state parameter
|
|
122
|
+
if (!pendingAuths.has(state)) {
|
|
123
|
+
const errorMsg = "Invalid or expired state parameter - potential CSRF attack"
|
|
124
|
+
log.error("oauth callback with invalid state", { state, pendingStates: Array.from(pendingAuths.keys()) })
|
|
125
|
+
res.writeHead(400, { "Content-Type": "text/html" })
|
|
126
|
+
res.end(HTML_ERROR(errorMsg))
|
|
127
|
+
return
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
const pending = pendingAuths.get(state)!
|
|
131
|
+
|
|
132
|
+
clearTimeout(pending.timeout)
|
|
133
|
+
pendingAuths.delete(state)
|
|
134
|
+
cleanupStateIndex(state)
|
|
135
|
+
pending.resolve(code)
|
|
136
|
+
|
|
137
|
+
res.writeHead(200, { "Content-Type": "text/html" })
|
|
138
|
+
res.end(HTML_SUCCESS)
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
export async function ensureRunning(redirectUri?: string): Promise<void> {
|
|
142
|
+
// Parse the redirect URI to get port and path (uses defaults if not provided)
|
|
143
|
+
const { port, path } = parseRedirectUri(redirectUri)
|
|
144
|
+
|
|
145
|
+
// If server is running on a different port/path, stop it first
|
|
146
|
+
if (server && (currentPort !== port || currentPath !== path)) {
|
|
147
|
+
log.info("stopping oauth callback server to reconfigure", { oldPort: currentPort, newPort: port })
|
|
148
|
+
await stop()
|
|
149
|
+
}
|
|
150
|
+
|
|
151
|
+
if (server) return
|
|
152
|
+
|
|
153
|
+
const running = await isPortInUse(port)
|
|
154
|
+
if (running) {
|
|
155
|
+
log.info("oauth callback server already running on another instance", { port })
|
|
156
|
+
return
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
currentPort = port
|
|
160
|
+
currentPath = path
|
|
161
|
+
|
|
162
|
+
server = createServer(handleRequest)
|
|
163
|
+
await new Promise<void>((resolve, reject) => {
|
|
164
|
+
server!.listen(currentPort, () => {
|
|
165
|
+
log.info("oauth callback server started", { port: currentPort, path: currentPath })
|
|
166
|
+
resolve()
|
|
167
|
+
})
|
|
168
|
+
server!.on("error", reject)
|
|
169
|
+
})
|
|
170
|
+
}
|
|
171
|
+
|
|
172
|
+
export function waitForCallback(oauthState: string, mcpName?: string): Promise<string> {
|
|
173
|
+
if (mcpName) mcpNameToState.set(mcpName, oauthState)
|
|
174
|
+
return new Promise((resolve, reject) => {
|
|
175
|
+
const timeout = setTimeout(() => {
|
|
176
|
+
if (pendingAuths.has(oauthState)) {
|
|
177
|
+
pendingAuths.delete(oauthState)
|
|
178
|
+
if (mcpName) mcpNameToState.delete(mcpName)
|
|
179
|
+
reject(new Error("OAuth callback timeout - authorization took too long"))
|
|
180
|
+
}
|
|
181
|
+
}, CALLBACK_TIMEOUT_MS)
|
|
182
|
+
|
|
183
|
+
pendingAuths.set(oauthState, { resolve, reject, timeout })
|
|
184
|
+
})
|
|
185
|
+
}
|
|
186
|
+
|
|
187
|
+
export function cancelPending(mcpName: string): void {
|
|
188
|
+
// Look up the oauthState for this mcpName via the reverse index
|
|
189
|
+
const oauthState = mcpNameToState.get(mcpName)
|
|
190
|
+
const key = oauthState ?? mcpName
|
|
191
|
+
const pending = pendingAuths.get(key)
|
|
192
|
+
if (pending) {
|
|
193
|
+
clearTimeout(pending.timeout)
|
|
194
|
+
pendingAuths.delete(key)
|
|
195
|
+
mcpNameToState.delete(mcpName)
|
|
196
|
+
pending.reject(new Error("Authorization cancelled"))
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
export async function isPortInUse(port: number = OAUTH_CALLBACK_PORT): Promise<boolean> {
|
|
201
|
+
return new Promise((resolve) => {
|
|
202
|
+
const socket = createConnection(port, "127.0.0.1")
|
|
203
|
+
socket.on("connect", () => {
|
|
204
|
+
socket.destroy()
|
|
205
|
+
resolve(true)
|
|
206
|
+
})
|
|
207
|
+
socket.on("error", () => {
|
|
208
|
+
resolve(false)
|
|
209
|
+
})
|
|
210
|
+
})
|
|
211
|
+
}
|
|
212
|
+
|
|
213
|
+
export async function stop(): Promise<void> {
|
|
214
|
+
if (server) {
|
|
215
|
+
await new Promise<void>((resolve) => server!.close(() => resolve()))
|
|
216
|
+
server = undefined
|
|
217
|
+
log.info("oauth callback server stopped")
|
|
218
|
+
}
|
|
219
|
+
|
|
220
|
+
for (const [_name, pending] of pendingAuths) {
|
|
221
|
+
clearTimeout(pending.timeout)
|
|
222
|
+
pending.reject(new Error("OAuth callback server stopped"))
|
|
223
|
+
}
|
|
224
|
+
pendingAuths.clear()
|
|
225
|
+
mcpNameToState.clear()
|
|
226
|
+
}
|
|
227
|
+
|
|
228
|
+
export function isRunning(): boolean {
|
|
229
|
+
return server !== undefined
|
|
230
|
+
}
|
|
231
|
+
|
|
232
|
+
export * as McpOAuthCallback from "./oauth-callback"
|
|
@@ -0,0 +1,214 @@
|
|
|
1
|
+
import type { OAuthClientProvider } from "@modelcontextprotocol/sdk/client/auth.js"
|
|
2
|
+
import type {
|
|
3
|
+
OAuthClientMetadata,
|
|
4
|
+
OAuthTokens,
|
|
5
|
+
OAuthClientInformation,
|
|
6
|
+
OAuthClientInformationFull,
|
|
7
|
+
} from "@modelcontextprotocol/sdk/shared/auth.js"
|
|
8
|
+
import { Effect } from "effect"
|
|
9
|
+
import { McpAuth } from "./auth"
|
|
10
|
+
import * as Log from "@opencode-ai/core/util/log"
|
|
11
|
+
|
|
12
|
+
const log = Log.create({ service: "mcp.oauth" })
|
|
13
|
+
|
|
14
|
+
const OAUTH_CALLBACK_PORT = 19876
|
|
15
|
+
const OAUTH_CALLBACK_PATH = "/mcp/oauth/callback"
|
|
16
|
+
|
|
17
|
+
export interface McpOAuthConfig {
|
|
18
|
+
clientId?: string
|
|
19
|
+
clientSecret?: string
|
|
20
|
+
scope?: string
|
|
21
|
+
redirectUri?: string
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
export interface McpOAuthCallbacks {
|
|
25
|
+
onRedirect: (url: URL) => void | Promise<void>
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
export class McpOAuthProvider implements OAuthClientProvider {
|
|
29
|
+
constructor(
|
|
30
|
+
private mcpName: string,
|
|
31
|
+
private serverUrl: string,
|
|
32
|
+
private config: McpOAuthConfig,
|
|
33
|
+
private callbacks: McpOAuthCallbacks,
|
|
34
|
+
private auth: McpAuth.Interface,
|
|
35
|
+
) {}
|
|
36
|
+
|
|
37
|
+
get redirectUrl(): string {
|
|
38
|
+
if (this.config.redirectUri) {
|
|
39
|
+
return this.config.redirectUri
|
|
40
|
+
}
|
|
41
|
+
return `http://127.0.0.1:${OAUTH_CALLBACK_PORT}${OAUTH_CALLBACK_PATH}`
|
|
42
|
+
}
|
|
43
|
+
|
|
44
|
+
get clientMetadata(): OAuthClientMetadata {
|
|
45
|
+
return {
|
|
46
|
+
redirect_uris: [this.redirectUrl],
|
|
47
|
+
client_name: "OpenCode",
|
|
48
|
+
client_uri: "https://opencode.ai",
|
|
49
|
+
grant_types: ["authorization_code", "refresh_token"],
|
|
50
|
+
response_types: ["code"],
|
|
51
|
+
token_endpoint_auth_method: this.config.clientSecret ? "client_secret_post" : "none",
|
|
52
|
+
}
|
|
53
|
+
}
|
|
54
|
+
|
|
55
|
+
async clientInformation(): Promise<OAuthClientInformation | undefined> {
|
|
56
|
+
// Check config first (pre-registered client)
|
|
57
|
+
if (this.config.clientId) {
|
|
58
|
+
return {
|
|
59
|
+
client_id: this.config.clientId,
|
|
60
|
+
client_secret: this.config.clientSecret,
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
// Check stored client info (from dynamic registration)
|
|
65
|
+
// Use getForUrl to validate credentials are for the current server URL
|
|
66
|
+
const entry = await Effect.runPromise(this.auth.getForUrl(this.mcpName, this.serverUrl))
|
|
67
|
+
if (entry?.clientInfo) {
|
|
68
|
+
// Check if client secret has expired
|
|
69
|
+
if (entry.clientInfo.clientSecretExpiresAt && entry.clientInfo.clientSecretExpiresAt < Date.now() / 1000) {
|
|
70
|
+
log.info("client secret expired, need to re-register", { mcpName: this.mcpName })
|
|
71
|
+
return undefined
|
|
72
|
+
}
|
|
73
|
+
return {
|
|
74
|
+
client_id: entry.clientInfo.clientId,
|
|
75
|
+
client_secret: entry.clientInfo.clientSecret,
|
|
76
|
+
}
|
|
77
|
+
}
|
|
78
|
+
|
|
79
|
+
// No client info or URL changed - will trigger dynamic registration
|
|
80
|
+
return undefined
|
|
81
|
+
}
|
|
82
|
+
|
|
83
|
+
async saveClientInformation(info: OAuthClientInformationFull): Promise<void> {
|
|
84
|
+
await Effect.runPromise(
|
|
85
|
+
this.auth.updateClientInfo(
|
|
86
|
+
this.mcpName,
|
|
87
|
+
{
|
|
88
|
+
clientId: info.client_id,
|
|
89
|
+
clientSecret: info.client_secret,
|
|
90
|
+
clientIdIssuedAt: info.client_id_issued_at,
|
|
91
|
+
clientSecretExpiresAt: info.client_secret_expires_at,
|
|
92
|
+
},
|
|
93
|
+
this.serverUrl,
|
|
94
|
+
),
|
|
95
|
+
)
|
|
96
|
+
log.info("saved dynamically registered client", {
|
|
97
|
+
mcpName: this.mcpName,
|
|
98
|
+
clientId: info.client_id,
|
|
99
|
+
})
|
|
100
|
+
}
|
|
101
|
+
|
|
102
|
+
async tokens(): Promise<OAuthTokens | undefined> {
|
|
103
|
+
// Use getForUrl to validate tokens are for the current server URL
|
|
104
|
+
const entry = await Effect.runPromise(this.auth.getForUrl(this.mcpName, this.serverUrl))
|
|
105
|
+
if (!entry?.tokens) return undefined
|
|
106
|
+
|
|
107
|
+
return {
|
|
108
|
+
access_token: entry.tokens.accessToken,
|
|
109
|
+
token_type: "Bearer",
|
|
110
|
+
refresh_token: entry.tokens.refreshToken,
|
|
111
|
+
expires_in: entry.tokens.expiresAt
|
|
112
|
+
? Math.max(0, Math.floor(entry.tokens.expiresAt - Date.now() / 1000))
|
|
113
|
+
: undefined,
|
|
114
|
+
scope: entry.tokens.scope,
|
|
115
|
+
}
|
|
116
|
+
}
|
|
117
|
+
|
|
118
|
+
async saveTokens(tokens: OAuthTokens): Promise<void> {
|
|
119
|
+
await Effect.runPromise(
|
|
120
|
+
this.auth.updateTokens(
|
|
121
|
+
this.mcpName,
|
|
122
|
+
{
|
|
123
|
+
accessToken: tokens.access_token,
|
|
124
|
+
refreshToken: tokens.refresh_token,
|
|
125
|
+
expiresAt: tokens.expires_in ? Date.now() / 1000 + tokens.expires_in : undefined,
|
|
126
|
+
scope: tokens.scope,
|
|
127
|
+
},
|
|
128
|
+
this.serverUrl,
|
|
129
|
+
),
|
|
130
|
+
)
|
|
131
|
+
log.info("saved oauth tokens", { mcpName: this.mcpName })
|
|
132
|
+
}
|
|
133
|
+
|
|
134
|
+
async redirectToAuthorization(authorizationUrl: URL): Promise<void> {
|
|
135
|
+
log.info("redirecting to authorization", { mcpName: this.mcpName, url: authorizationUrl.toString() })
|
|
136
|
+
await this.callbacks.onRedirect(authorizationUrl)
|
|
137
|
+
}
|
|
138
|
+
|
|
139
|
+
async saveCodeVerifier(codeVerifier: string): Promise<void> {
|
|
140
|
+
await Effect.runPromise(this.auth.updateCodeVerifier(this.mcpName, codeVerifier))
|
|
141
|
+
}
|
|
142
|
+
|
|
143
|
+
async codeVerifier(): Promise<string> {
|
|
144
|
+
const entry = await Effect.runPromise(this.auth.get(this.mcpName))
|
|
145
|
+
if (!entry?.codeVerifier) {
|
|
146
|
+
throw new Error(`No code verifier saved for MCP server: ${this.mcpName}`)
|
|
147
|
+
}
|
|
148
|
+
return entry.codeVerifier
|
|
149
|
+
}
|
|
150
|
+
|
|
151
|
+
async saveState(state: string): Promise<void> {
|
|
152
|
+
await Effect.runPromise(this.auth.updateOAuthState(this.mcpName, state))
|
|
153
|
+
}
|
|
154
|
+
|
|
155
|
+
async state(): Promise<string> {
|
|
156
|
+
const entry = await Effect.runPromise(this.auth.get(this.mcpName))
|
|
157
|
+
if (entry?.oauthState) {
|
|
158
|
+
return entry.oauthState
|
|
159
|
+
}
|
|
160
|
+
|
|
161
|
+
// Generate a new state if none exists — the SDK calls state() as a
|
|
162
|
+
// generator, not just a reader, so we need to produce a value even when
|
|
163
|
+
// startAuth() hasn't pre-saved one (e.g. during automatic auth on first
|
|
164
|
+
// connect).
|
|
165
|
+
const newState = Array.from(crypto.getRandomValues(new Uint8Array(32)))
|
|
166
|
+
.map((b) => b.toString(16).padStart(2, "0"))
|
|
167
|
+
.join("")
|
|
168
|
+
await Effect.runPromise(this.auth.updateOAuthState(this.mcpName, newState))
|
|
169
|
+
return newState
|
|
170
|
+
}
|
|
171
|
+
|
|
172
|
+
async invalidateCredentials(type: "all" | "client" | "tokens"): Promise<void> {
|
|
173
|
+
log.info("invalidating credentials", { mcpName: this.mcpName, type })
|
|
174
|
+
const entry = await Effect.runPromise(this.auth.get(this.mcpName))
|
|
175
|
+
if (!entry) {
|
|
176
|
+
return
|
|
177
|
+
}
|
|
178
|
+
|
|
179
|
+
switch (type) {
|
|
180
|
+
case "all":
|
|
181
|
+
await Effect.runPromise(this.auth.remove(this.mcpName))
|
|
182
|
+
break
|
|
183
|
+
case "client":
|
|
184
|
+
delete entry.clientInfo
|
|
185
|
+
await Effect.runPromise(this.auth.set(this.mcpName, entry))
|
|
186
|
+
break
|
|
187
|
+
case "tokens":
|
|
188
|
+
delete entry.tokens
|
|
189
|
+
await Effect.runPromise(this.auth.set(this.mcpName, entry))
|
|
190
|
+
break
|
|
191
|
+
}
|
|
192
|
+
}
|
|
193
|
+
}
|
|
194
|
+
|
|
195
|
+
export { OAUTH_CALLBACK_PORT, OAUTH_CALLBACK_PATH }
|
|
196
|
+
|
|
197
|
+
/**
|
|
198
|
+
* Parse a redirect URI to extract port and path for the callback server.
|
|
199
|
+
* Returns defaults if the URI can't be parsed.
|
|
200
|
+
*/
|
|
201
|
+
export function parseRedirectUri(redirectUri?: string): { port: number; path: string } {
|
|
202
|
+
if (!redirectUri) {
|
|
203
|
+
return { port: OAUTH_CALLBACK_PORT, path: OAUTH_CALLBACK_PATH }
|
|
204
|
+
}
|
|
205
|
+
|
|
206
|
+
try {
|
|
207
|
+
const url = new URL(redirectUri)
|
|
208
|
+
const port = url.port ? parseInt(url.port, 10) : url.protocol === "https:" ? 443 : 80
|
|
209
|
+
const path = url.pathname || OAUTH_CALLBACK_PATH
|
|
210
|
+
return { port, path }
|
|
211
|
+
} catch {
|
|
212
|
+
return { port: OAUTH_CALLBACK_PORT, path: OAUTH_CALLBACK_PATH }
|
|
213
|
+
}
|
|
214
|
+
}
|
|
@@ -0,0 +1,232 @@
|
|
|
1
|
+
import { createConnection } from "net"
|
|
2
|
+
import { createServer } from "http"
|
|
3
|
+
import * as Log from "@opencode-ai/core/util/log"
|
|
4
|
+
import { OAUTH_CALLBACK_PORT, OAUTH_CALLBACK_PATH, parseRedirectUri } from "./oauth-provider"
|
|
5
|
+
|
|
6
|
+
const log = Log.create({ service: "mcp.oauth-callback" })
|
|
7
|
+
|
|
8
|
+
// Current callback server configuration (may differ from defaults if custom redirectUri is used)
|
|
9
|
+
let currentPort = OAUTH_CALLBACK_PORT
|
|
10
|
+
let currentPath = OAUTH_CALLBACK_PATH
|
|
11
|
+
|
|
12
|
+
const HTML_SUCCESS = `<!DOCTYPE html>
|
|
13
|
+
<html>
|
|
14
|
+
<head>
|
|
15
|
+
<title>OpenCode - Authorization Successful</title>
|
|
16
|
+
<style>
|
|
17
|
+
body { font-family: system-ui, -apple-system, sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: #1a1a2e; color: #eee; }
|
|
18
|
+
.container { text-align: center; padding: 2rem; }
|
|
19
|
+
h1 { color: #4ade80; margin-bottom: 1rem; }
|
|
20
|
+
p { color: #aaa; }
|
|
21
|
+
</style>
|
|
22
|
+
</head>
|
|
23
|
+
<body>
|
|
24
|
+
<div class="container">
|
|
25
|
+
<h1>Authorization Successful</h1>
|
|
26
|
+
<p>You can close this window and return to OpenCode.</p>
|
|
27
|
+
</div>
|
|
28
|
+
<script>setTimeout(() => window.close(), 2000);</script>
|
|
29
|
+
</body>
|
|
30
|
+
</html>`
|
|
31
|
+
|
|
32
|
+
const HTML_ERROR = (error: string) => `<!DOCTYPE html>
|
|
33
|
+
<html>
|
|
34
|
+
<head>
|
|
35
|
+
<title>OpenCode - Authorization Failed</title>
|
|
36
|
+
<style>
|
|
37
|
+
body { font-family: system-ui, -apple-system, sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: #1a1a2e; color: #eee; }
|
|
38
|
+
.container { text-align: center; padding: 2rem; }
|
|
39
|
+
h1 { color: #f87171; margin-bottom: 1rem; }
|
|
40
|
+
p { color: #aaa; }
|
|
41
|
+
.error { color: #fca5a5; font-family: monospace; margin-top: 1rem; padding: 1rem; background: rgba(248,113,113,0.1); border-radius: 0.5rem; }
|
|
42
|
+
</style>
|
|
43
|
+
</head>
|
|
44
|
+
<body>
|
|
45
|
+
<div class="container">
|
|
46
|
+
<h1>Authorization Failed</h1>
|
|
47
|
+
<p>An error occurred during authorization.</p>
|
|
48
|
+
<div class="error">${error}</div>
|
|
49
|
+
</div>
|
|
50
|
+
</body>
|
|
51
|
+
</html>`
|
|
52
|
+
|
|
53
|
+
interface PendingAuth {
|
|
54
|
+
resolve: (code: string) => void
|
|
55
|
+
reject: (error: Error) => void
|
|
56
|
+
timeout: ReturnType<typeof setTimeout>
|
|
57
|
+
}
|
|
58
|
+
|
|
59
|
+
let server: ReturnType<typeof createServer> | undefined
|
|
60
|
+
const pendingAuths = new Map<string, PendingAuth>()
|
|
61
|
+
// Reverse index: mcpName → oauthState, so cancelPending(mcpName) can
|
|
62
|
+
// find the right entry in pendingAuths (which is keyed by oauthState).
|
|
63
|
+
const mcpNameToState = new Map<string, string>()
|
|
64
|
+
|
|
65
|
+
const CALLBACK_TIMEOUT_MS = 5 * 60 * 1000 // 5 minutes
|
|
66
|
+
|
|
67
|
+
function cleanupStateIndex(oauthState: string) {
|
|
68
|
+
for (const [name, state] of mcpNameToState) {
|
|
69
|
+
if (state === oauthState) {
|
|
70
|
+
mcpNameToState.delete(name)
|
|
71
|
+
break
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
|
|
76
|
+
function handleRequest(req: import("http").IncomingMessage, res: import("http").ServerResponse) {
|
|
77
|
+
const url = new URL(req.url || "/", `http://localhost:${currentPort}`)
|
|
78
|
+
|
|
79
|
+
if (url.pathname !== currentPath) {
|
|
80
|
+
res.writeHead(404)
|
|
81
|
+
res.end("Not found")
|
|
82
|
+
return
|
|
83
|
+
}
|
|
84
|
+
|
|
85
|
+
const code = url.searchParams.get("code")
|
|
86
|
+
const state = url.searchParams.get("state")
|
|
87
|
+
const error = url.searchParams.get("error")
|
|
88
|
+
const errorDescription = url.searchParams.get("error_description")
|
|
89
|
+
|
|
90
|
+
log.info("received oauth callback", { hasCode: !!code, state, error })
|
|
91
|
+
|
|
92
|
+
// Enforce state parameter presence
|
|
93
|
+
if (!state) {
|
|
94
|
+
const errorMsg = "Missing required state parameter - potential CSRF attack"
|
|
95
|
+
log.error("oauth callback missing state parameter", { url: url.toString() })
|
|
96
|
+
res.writeHead(400, { "Content-Type": "text/html" })
|
|
97
|
+
res.end(HTML_ERROR(errorMsg))
|
|
98
|
+
return
|
|
99
|
+
}
|
|
100
|
+
|
|
101
|
+
if (error) {
|
|
102
|
+
const errorMsg = errorDescription || error
|
|
103
|
+
if (pendingAuths.has(state)) {
|
|
104
|
+
const pending = pendingAuths.get(state)!
|
|
105
|
+
clearTimeout(pending.timeout)
|
|
106
|
+
pendingAuths.delete(state)
|
|
107
|
+
cleanupStateIndex(state)
|
|
108
|
+
pending.reject(new Error(errorMsg))
|
|
109
|
+
}
|
|
110
|
+
res.writeHead(200, { "Content-Type": "text/html" })
|
|
111
|
+
res.end(HTML_ERROR(errorMsg))
|
|
112
|
+
return
|
|
113
|
+
}
|
|
114
|
+
|
|
115
|
+
if (!code) {
|
|
116
|
+
res.writeHead(400, { "Content-Type": "text/html" })
|
|
117
|
+
res.end(HTML_ERROR("No authorization code provided"))
|
|
118
|
+
return
|
|
119
|
+
}
|
|
120
|
+
|
|
121
|
+
// Validate state parameter
|
|
122
|
+
if (!pendingAuths.has(state)) {
|
|
123
|
+
const errorMsg = "Invalid or expired state parameter - potential CSRF attack"
|
|
124
|
+
log.error("oauth callback with invalid state", { state, pendingStates: Array.from(pendingAuths.keys()) })
|
|
125
|
+
res.writeHead(400, { "Content-Type": "text/html" })
|
|
126
|
+
res.end(HTML_ERROR(errorMsg))
|
|
127
|
+
return
|
|
128
|
+
}
|
|
129
|
+
|
|
130
|
+
const pending = pendingAuths.get(state)!
|
|
131
|
+
|
|
132
|
+
clearTimeout(pending.timeout)
|
|
133
|
+
pendingAuths.delete(state)
|
|
134
|
+
cleanupStateIndex(state)
|
|
135
|
+
pending.resolve(code)
|
|
136
|
+
|
|
137
|
+
res.writeHead(200, { "Content-Type": "text/html" })
|
|
138
|
+
res.end(HTML_SUCCESS)
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
export async function ensureRunning(redirectUri?: string): Promise<void> {
|
|
142
|
+
// Parse the redirect URI to get port and path (uses defaults if not provided)
|
|
143
|
+
const { port, path } = parseRedirectUri(redirectUri)
|
|
144
|
+
|
|
145
|
+
// If server is running on a different port/path, stop it first
|
|
146
|
+
if (server && (currentPort !== port || currentPath !== path)) {
|
|
147
|
+
log.info("stopping oauth callback server to reconfigure", { oldPort: currentPort, newPort: port })
|
|
148
|
+
await stop()
|
|
149
|
+
}
|
|
150
|
+
|
|
151
|
+
if (server) return
|
|
152
|
+
|
|
153
|
+
const running = await isPortInUse(port)
|
|
154
|
+
if (running) {
|
|
155
|
+
log.info("oauth callback server already running on another instance", { port })
|
|
156
|
+
return
|
|
157
|
+
}
|
|
158
|
+
|
|
159
|
+
currentPort = port
|
|
160
|
+
currentPath = path
|
|
161
|
+
|
|
162
|
+
server = createServer(handleRequest)
|
|
163
|
+
await new Promise<void>((resolve, reject) => {
|
|
164
|
+
server!.listen(currentPort, () => {
|
|
165
|
+
log.info("oauth callback server started", { port: currentPort, path: currentPath })
|
|
166
|
+
resolve()
|
|
167
|
+
})
|
|
168
|
+
server!.on("error", reject)
|
|
169
|
+
})
|
|
170
|
+
}
|
|
171
|
+
|
|
172
|
+
export function waitForCallback(oauthState: string, mcpName?: string): Promise<string> {
|
|
173
|
+
if (mcpName) mcpNameToState.set(mcpName, oauthState)
|
|
174
|
+
return new Promise((resolve, reject) => {
|
|
175
|
+
const timeout = setTimeout(() => {
|
|
176
|
+
if (pendingAuths.has(oauthState)) {
|
|
177
|
+
pendingAuths.delete(oauthState)
|
|
178
|
+
if (mcpName) mcpNameToState.delete(mcpName)
|
|
179
|
+
reject(new Error("OAuth callback timeout - authorization took too long"))
|
|
180
|
+
}
|
|
181
|
+
}, CALLBACK_TIMEOUT_MS)
|
|
182
|
+
|
|
183
|
+
pendingAuths.set(oauthState, { resolve, reject, timeout })
|
|
184
|
+
})
|
|
185
|
+
}
|
|
186
|
+
|
|
187
|
+
export function cancelPending(mcpName: string): void {
|
|
188
|
+
// Look up the oauthState for this mcpName via the reverse index
|
|
189
|
+
const oauthState = mcpNameToState.get(mcpName)
|
|
190
|
+
const key = oauthState ?? mcpName
|
|
191
|
+
const pending = pendingAuths.get(key)
|
|
192
|
+
if (pending) {
|
|
193
|
+
clearTimeout(pending.timeout)
|
|
194
|
+
pendingAuths.delete(key)
|
|
195
|
+
mcpNameToState.delete(mcpName)
|
|
196
|
+
pending.reject(new Error("Authorization cancelled"))
|
|
197
|
+
}
|
|
198
|
+
}
|
|
199
|
+
|
|
200
|
+
export async function isPortInUse(port: number = OAUTH_CALLBACK_PORT): Promise<boolean> {
|
|
201
|
+
return new Promise((resolve) => {
|
|
202
|
+
const socket = createConnection(port, "127.0.0.1")
|
|
203
|
+
socket.on("connect", () => {
|
|
204
|
+
socket.destroy()
|
|
205
|
+
resolve(true)
|
|
206
|
+
})
|
|
207
|
+
socket.on("error", () => {
|
|
208
|
+
resolve(false)
|
|
209
|
+
})
|
|
210
|
+
})
|
|
211
|
+
}
|
|
212
|
+
|
|
213
|
+
export async function stop(): Promise<void> {
|
|
214
|
+
if (server) {
|
|
215
|
+
await new Promise<void>((resolve) => server!.close(() => resolve()))
|
|
216
|
+
server = undefined
|
|
217
|
+
log.info("oauth callback server stopped")
|
|
218
|
+
}
|
|
219
|
+
|
|
220
|
+
for (const [_name, pending] of pendingAuths) {
|
|
221
|
+
clearTimeout(pending.timeout)
|
|
222
|
+
pending.reject(new Error("OAuth callback server stopped"))
|
|
223
|
+
}
|
|
224
|
+
pendingAuths.clear()
|
|
225
|
+
mcpNameToState.clear()
|
|
226
|
+
}
|
|
227
|
+
|
|
228
|
+
export function isRunning(): boolean {
|
|
229
|
+
return server !== undefined
|
|
230
|
+
}
|
|
231
|
+
|
|
232
|
+
export * as McpOAuthCallback from "./oauth-callback"
|