commons-proxy 2.0.0

package/src/providers/github-provider.js

@@ -0,0 +1,287 @@
+/**
+ * GitHub Models Provider
+ *
+ * Implements authentication via GitHub Personal Access Token (PAT).
+ * Supports models from GitHub Models marketplace.
+ */
+
+import BaseProvider from './base-provider.js';
+
+export class GitHubProvider extends BaseProvider {
+    constructor(config = {}) {
+        super('github', 'GitHub Models', {
+            apiEndpoint: config.apiEndpoint || 'https://models.inference.ai.azure.com',
+            modelsEndpoint: config.modelsEndpoint || 'https://api.github.com/models',
+            ...config
+        });
+    }
+
+    /**
+     * Validate GitHub PAT
+     *
+     * @param {Object} account - Account with apiKey (PAT)
+     * @returns {Promise<{valid: boolean, error?: string, email?: string}>}
+     */
+    async validateCredentials(account) {
+        if (!account.apiKey) {
+            return { valid: false, error: 'Missing Personal Access Token' };
+        }
+
+        try {
+            // Verify PAT by fetching user info
+            const response = await fetch('https://api.github.com/user', {
+                method: 'GET',
+                headers: {
+                    'Authorization': `Bearer ${account.apiKey}`,
+                    'Accept': 'application/vnd.github+json',
+                    'X-GitHub-Api-Version': '2022-11-28'
+                }
+            });
+
+            if (!response.ok) {
+                const error = await response.text();
+                return { valid: false, error: `PAT validation failed: ${error}` };
+            }
+
+            const userData = await response.json();
+            const email = userData.email || `${userData.login}@github`;
+
+            return { valid: true, email };
+        } catch (error) {
+            this.error('Credential validation failed', error);
+            return { valid: false, error: error.message };
+        }
+    }
+
+    /**
+     * Get PAT (for GitHub, PAT IS the access token)
+     *
+     * @param {Object} account - Account with apiKey (PAT)
+     * @returns {Promise<string>} PAT
+     */
+    async getAccessToken(account) {
+        if (!account.apiKey) {
+            throw new Error('Account missing Personal Access Token');
+        }
+        return account.apiKey;
+    }
+
+    /**
+     * Fetch usage/quota information from GitHub Models API
+     *
+     * @param {Object} account - Account object
+     * @param {string} token - PAT
+     * @returns {Promise<Object>} Quota data
+     */
+    async getQuotas(account, token) {
+        try {
+            // Fetch available models from GitHub
+            const response = await fetch(this.config.modelsEndpoint, {
+                method: 'GET',
+                headers: {
+                    'Authorization': `Bearer ${token}`,
+                    'Accept': 'application/vnd.github+json',
+                    'X-GitHub-Api-Version': '2022-11-28'
+                }
+            });
+
+            if (!response.ok) {
+                throw new Error(`Failed to fetch models: ${response.status}`);
+            }
+
+            const models = await response.json();
+            const quotaData = {};
+
+            // GitHub Models has rate limits per model
+            // Default quota assumption since GitHub doesn't expose usage API
+            if (Array.isArray(models)) {
+                models.forEach(model => {
+                    quotaData[model.name] = {
+                        remainingFraction: 1.0, // Unknown - assume available
+                        resetTime: null
+                    };
+                });
+            }
+
+            // Add common models if list is empty
+            if (Object.keys(quotaData).length === 0) {
+                const commonModels = [
+                    'gpt-4o',
+                    'gpt-4o-mini',
+                    'claude-3-5-sonnet',
+                    'gemini-1.5-pro',
+                    'gemini-1.5-flash',
+                    'llama-3.1-405b-instruct',
+                    'mistral-large'
+                ];
+                commonModels.forEach(modelId => {
+                    quotaData[modelId] = {
+                        remainingFraction: 1.0,
+                        resetTime: null
+                    };
+                });
+            }
+
+            return { models: quotaData };
+        } catch (error) {
+            this.error('Failed to fetch quotas', error);
+            // Return default quota on error
+            return {
+                models: {
+                    'gpt-4o': { remainingFraction: 1.0, resetTime: null },
+                    'claude-3-5-sonnet': { remainingFraction: 1.0, resetTime: null }
+                }
+            };
+        }
+    }
+
+    /**
+     * Get subscription tier (GitHub Models is free for developers)
+     *
+     * @param {Object} account - Account object
+     * @param {string} token - PAT
+     * @returns {Promise<{tier: string, projectId: null}>}
+     */
+    async getSubscriptionTier(account, token) {
+        try {
+            // Check GitHub user/org details
+            const response = await fetch('https://api.github.com/user', {
+                method: 'GET',
+                headers: {
+                    'Authorization': `Bearer ${token}`,
+                    'Accept': 'application/vnd.github+json',
+                    'X-GitHub-Api-Version': '2022-11-28'
+                }
+            });
+
+            if (!response.ok) {
+                return { tier: 'unknown', projectId: null };
+            }
+
+            const userData = await response.json();
+
+            // GitHub Copilot subscribers likely have higher rate limits
+            // But we can't directly check subscription status via API
+            // Default to "developer" tier
+            return {
+                tier: userData.plan?.name || 'developer',
+                projectId: userData.login
+            };
+        } catch (error) {
+            this.error('Failed to fetch subscription tier', error);
+            return { tier: 'developer', projectId: null };
+        }
+    }
+
+    /**
+     * Get available models from GitHub Models
+     *
+     * @param {Object} account - Account object
+     * @param {string} token - PAT
+     * @returns {Promise<Array>} List of available models
+     */
+    async getAvailableModels(account, token) {
+        try {
+            const response = await fetch(this.config.modelsEndpoint, {
+                method: 'GET',
+                headers: {
+                    'Authorization': `Bearer ${token}`,
+                    'Accept': 'application/vnd.github+json',
+                    'X-GitHub-Api-Version': '2022-11-28'
+                }
+            });
+
+            if (!response.ok) {
+                throw new Error(`Failed to fetch models: ${response.status}`);
+            }
+
+            const models = await response.json();
+            if (Array.isArray(models)) {
+                return models.map(model => {
+                    // Determine family from model name
+                    let family = 'unknown';
+                    if (model.name.includes('gpt')) family = 'gpt';
+                    else if (model.name.includes('claude')) family = 'claude';
+                    else if (model.name.includes('gemini')) family = 'gemini';
+                    else if (model.name.includes('llama')) family = 'llama';
+                    else if (model.name.includes('mistral')) family = 'mistral';
+
+                    return {
+                        id: model.name,
+                        name: model.summary || model.name,
+                        family
+                    };
+                });
+            }
+
+            return [];
+        } catch (error) {
+            this.error('Failed to fetch available models', error);
+            return [];
+        }
+    }
+
+    /**
+     * Parse GitHub API rate limit headers
+     *
+     * @param {Response} response - Fetch response
+     * @param {Object} errorData - Error data from response body
+     * @returns {Object|null} Rate limit info
+     */
+    parseRateLimitInfo(response, errorData = null) {
+        // GitHub uses these headers:
+        // - x-ratelimit-limit
+        // - x-ratelimit-remaining
+        // - x-ratelimit-reset (Unix timestamp)
+        // - x-ratelimit-resource
+
+        const rateLimitReset = response.headers.get('x-ratelimit-reset');
+        const retryAfter = response.headers.get('retry-after');
+
+        if (rateLimitReset) {
+            const resetTimestamp = parseInt(rateLimitReset, 10);
+            return {
+                resetTime: new Date(resetTimestamp * 1000),
+                retryAfter: Math.max(0, Math.floor((resetTimestamp * 1000 - Date.now()) / 1000))
+            };
+        }
+
+        if (retryAfter) {
+            const retrySeconds = parseInt(retryAfter, 10);
+            return {
+                resetTime: new Date(Date.now() + retrySeconds * 1000),
+                retryAfter: retrySeconds
+            };
+        }
+
+        // Check error response
+        if (errorData?.message && errorData.message.includes('rate limit')) {
+            return {
+                resetTime: new Date(Date.now() + 3600000), // Default: 1 hour
+                retryAfter: 3600
+            };
+        }
+
+        return null;
+    }
+
+    /**
+     * Check if error indicates invalid PAT
+     *
+     * @param {Error} error - Error object
+     * @returns {boolean}
+     */
+    shouldInvalidateCredentials(error) {
+        if (error.message && (
+            error.message.includes('Bad credentials') ||
+            error.message.includes('Requires authentication') ||
+            error.message.includes('Invalid token')
+        )) {
+            return true;
+        }
+
+        return super.shouldInvalidateCredentials(error);
+    }
+}
+
+export default GitHubProvider;

package/src/providers/google-provider.js

@@ -0,0 +1,192 @@
+/**
+ * Google Cloud Code Provider
+ *
+ * Implements authentication via Google OAuth with PKCE.
+ * Wraps existing OAuth and Cloud Code API logic.
+ */
+
+import BaseProvider from './base-provider.js';
+import {
+    refreshAccessToken,
+    getUserEmail,
+    discoverProjectId
+} from '../auth/oauth.js';
+import { getModelQuotas, getSubscriptionTier } from '../cloudcode/model-api.js';
+import { logger } from '../utils/logger.js';
+
+export class GoogleProvider extends BaseProvider {
+    constructor(config = {}) {
+        super('google', 'Google Cloud Code', config);
+    }
+
+    /**
+     * Validate OAuth refresh token by attempting to refresh
+     *
+     * @param {Object} account - Account with refreshToken
+     * @returns {Promise<{valid: boolean, error?: string, email?: string}>}
+     */
+    async validateCredentials(account) {
+        if (!account.refreshToken) {
+            return { valid: false, error: 'Missing refresh token' };
+        }
+
+        try {
+            // Try to refresh the access token
+            const { accessToken } = await refreshAccessToken(account.refreshToken);
+
+            // Get email to confirm account identity
+            const email = await getUserEmail(accessToken);
+
+            return { valid: true, email };
+        } catch (error) {
+            this.error('Credential validation failed', error);
+            return { valid: false, error: error.message };
+        }
+    }
+
+    /**
+     * Get access token from OAuth refresh token
+     *
+     * @param {Object} account - Account with refreshToken
+     * @returns {Promise<string>} Access token
+     */
+    async getAccessToken(account) {
+        if (!account.refreshToken) {
+            throw new Error('Account missing refresh token');
+        }
+
+        try {
+            const { accessToken } = await refreshAccessToken(account.refreshToken);
+            return accessToken;
+        } catch (error) {
+            this.error('Failed to get access token', error);
+            throw error;
+        }
+    }
+
+    /**
+     * Fetch model quotas from Cloud Code API
+     *
+     * @param {Object} account - Account object
+     * @param {string} token - Access token
+     * @returns {Promise<Object>} Quota data
+     */
+    async getQuotas(account, token) {
+        try {
+            const projectId = account.projectId || account.subscription?.projectId;
+            if (!projectId) {
+                this.debug('No project ID available, attempting discovery...');
+                const discoveredProject = await discoverProjectId(token);
+                if (!discoveredProject) {
+                    throw new Error('Could not discover project ID');
+                }
+                return await getModelQuotas(token, discoveredProject);
+            }
+
+            return await getModelQuotas(token, projectId);
+        } catch (error) {
+            this.error('Failed to fetch quotas', error);
+            throw error;
+        }
+    }
+
+    /**
+     * Fetch subscription tier from loadCodeAssist API
+     *
+     * @param {Object} account - Account object
+     * @param {string} token - Access token
+     * @returns {Promise<{tier: string, projectId: string}>}
+     */
+    async getSubscriptionTier(account, token) {
+        try {
+            return await getSubscriptionTier(token);
+        } catch (error) {
+            this.error('Failed to fetch subscription tier', error);
+            // Return cached value if available
+            if (account.subscription?.tier) {
+                this.debug('Using cached subscription tier');
+                return {
+                    tier: account.subscription.tier,
+                    projectId: account.subscription.projectId
+                };
+            }
+            return { tier: 'unknown', projectId: null };
+        }
+    }
+
+    /**
+     * Refresh OAuth credentials
+     *
+     * @param {Object} account - Account object
+     * @returns {Promise<Object>} Updated account (no changes for OAuth - refresh happens on-demand)
+     */
+    async refreshCredentials(account) {
+        // OAuth refresh happens on-demand via refreshAccessToken()
+        // No need to update account object
+        return account;
+    }
+
+    /**
+     * Parse rate limit headers from Cloud Code API
+     *
+     * @param {Response} response - Fetch response
+     * @param {Object} errorData - Error data from response body
+     * @returns {Object|null} Rate limit info
+     */
+    parseRateLimitInfo(response, errorData = null) {
+        // Check for rate limit headers (X-RateLimit-Reset, Retry-After, etc.)
+        const retryAfter = response.headers.get('retry-after');
+        const rateLimitReset = response.headers.get('x-ratelimit-reset');
+
+        if (retryAfter) {
+            const retrySeconds = parseInt(retryAfter, 10);
+            return {
+                resetTime: new Date(Date.now() + retrySeconds * 1000),
+                retryAfter: retrySeconds
+            };
+        }
+
+        if (rateLimitReset) {
+            const resetTimestamp = parseInt(rateLimitReset, 10);
+            return {
+                resetTime: new Date(resetTimestamp * 1000),
+                retryAfter: Math.max(0, Math.floor((resetTimestamp * 1000 - Date.now()) / 1000))
+            };
+        }
+
+        // Check error data for rate limit info
+        if (errorData?.error?.details) {
+            const details = errorData.error.details;
+            // Look for quota reset time in error details
+            if (details.quotaResetTime) {
+                return {
+                    resetTime: new Date(details.quotaResetTime),
+                    retryAfter: Math.max(0, Math.floor((new Date(details.quotaResetTime) - Date.now()) / 1000))
+                };
+            }
+        }
+
+        return null;
+    }
+
+    /**
+     * Check if error indicates invalid OAuth credentials
+     *
+     * @param {Error} error - Error object
+     * @returns {boolean}
+     */
+    shouldInvalidateCredentials(error) {
+        // Check for OAuth-specific errors
+        if (error.message && (
+            error.message.includes('invalid_grant') ||
+            error.message.includes('Token has been expired or revoked') ||
+            error.message.includes('Invalid Credentials')
+        )) {
+            return true;
+        }
+
+        return super.shouldInvalidateCredentials(error);
+    }
+}
+
+export default GoogleProvider;

package/src/providers/index.js

@@ -0,0 +1,211 @@
+/**
+ * Provider System for CommonsProxy
+ * 
+ * Multi-provider support inspired by opencode's provider architecture.
+ * Allows CommonsProxy to work with multiple AI backends:
+ * - Google Cloud Code (OAuth, default)
+ * - Anthropic (API key)
+ * - OpenAI (API key)
+ * - GitHub Models (PAT)
+ * - GitHub Copilot
+ * - OpenAI-compatible endpoints
+ * - Custom providers
+ */
+
+import { logger } from '../utils/logger.js';
+import GoogleProvider from './google-provider.js';
+import AnthropicProvider from './anthropic-provider.js';
+import OpenAIProvider from './openai-provider.js';
+import GitHubProvider from './github-provider.js';
+import CopilotProvider from './copilot.js';
+import OpenRouterProvider from './openrouter-provider.js';
+
+// Provider registry (legacy system for message routing providers)
+const messagingProviders = new Map();
+
+// Authentication provider registry (new system)
+const authProviders = new Map();
+
+// Initialize authentication providers
+authProviders.set('google', new GoogleProvider());
+authProviders.set('anthropic', new AnthropicProvider());
+authProviders.set('openai', new OpenAIProvider());
+authProviders.set('github', new GitHubProvider());
+authProviders.set('copilot', new CopilotProvider());
+authProviders.set('openrouter', new OpenRouterProvider());
+
+/**
+ * Provider interface definition
+ * Each provider must implement these methods
+ */
+export const ProviderInterface = {
+    id: 'string',           // Unique provider ID
+    name: 'string',         // Display name
+    type: 'string',         // Provider type: 'cloudcode', 'copilot', 'openai', 'custom'
+    
+    // Required methods
+    // authenticate: async (credentials) => { accessToken, refreshToken, expiresAt }
+    // sendMessage: async (request, options) => response
+    // sendMessageStream: async function* (request, options) => yields events
+    // listModels: async () => [{ id, name, capabilities }]
+};
+
+/**
+ * Register a legacy messaging provider
+ * @param {Object} provider - Provider implementation
+ */
+export function registerProvider(provider) {
+    if (!provider.id || !provider.name) {
+        throw new Error('Provider must have id and name');
+    }
+    messagingProviders.set(provider.id, provider);
+    logger.info(`[Providers] Registered messaging provider: ${provider.name} (${provider.id})`);
+}
+
+/**
+ * Get a legacy messaging provider by ID
+ * @param {string} id - Provider ID
+ * @returns {Object|null} Provider or null
+ */
+export function getProvider(id) {
+    return messagingProviders.get(id) || null;
+}
+
+/**
+ * Get authentication provider by ID
+ * @param {string} providerId - Provider identifier ('google', 'anthropic', 'openai', 'github')
+ * @returns {BaseProvider} Provider instance
+ */
+export function getAuthProvider(providerId) {
+    const provider = authProviders.get(providerId);
+    if (!provider) {
+        throw new Error(`Unknown auth provider: ${providerId}`);
+    }
+    return provider;
+}
+
+/**
+ * Get authentication provider for an account
+ * @param {Object} account - Account object with provider field
+ * @returns {BaseProvider} Provider instance
+ */
+export function getProviderForAccount(account) {
+    // Determine provider from account source or explicit provider field
+    const providerId = account.provider || detectProviderFromSource(account.source);
+    return getAuthProvider(providerId);
+}
+
+/**
+ * Detect provider from legacy source field
+ * @param {string} source - Account source ('oauth', 'manual', 'database')
+ * @returns {string} Provider ID
+ */
+function detectProviderFromSource(source) {
+    // Legacy accounts use 'oauth' or 'database' for Google OAuth
+    if (source === 'oauth' || source === 'database') {
+        return 'google';
+    }
+    // Manual accounts default to Google (legacy behavior)
+    if (source === 'manual') {
+        return 'google';
+    }
+    // Default to Google
+    return 'google';
+}
+
+/**
+ * Register a custom authentication provider
+ * @param {string} id - Provider ID
+ * @param {BaseProvider} provider - Provider instance
+ */
+export function registerAuthProvider(id, provider) {
+    authProviders.set(id, provider);
+    logger.info(`[Providers] Registered auth provider: ${provider.name} (${id})`);
+}
+
+/**
+ * Get list of all available authentication providers
+ * @returns {Array<{id: string, name: string, authType: string}>} Provider list
+ */
+export function getAllAuthProviders() {
+    return Array.from(authProviders.entries()).map(([id, provider]) => ({
+        id,
+        name: provider.name,
+        authType: id === 'google' ? 'oauth' : (id === 'copilot' ? 'device-auth' : 'api-key')
+    }));
+}
+
+/**
+ * List all registered legacy messaging providers
+ * @returns {Array} Array of provider info
+ */
+export function listProviders() {
+    return Array.from(messagingProviders.values()).map(p => ({
+        id: p.id,
+        name: p.name,
+        type: p.type,
+        enabled: p.enabled !== false
+    }));
+}
+
+/**
+ * Get the default provider
+ * @returns {Object} Default provider (cloudcode)
+ */
+export function getDefaultProvider() {
+    return messagingProviders.get('cloudcode') || messagingProviders.values().next().value;
+}
+
+/**
+ * Check if an authentication provider is registered
+ * @param {string} providerId - Provider ID to check
+ * @returns {boolean} True if provider exists
+ */
+export function hasAuthProvider(providerId) {
+    return authProviders.has(providerId);
+}
+
+/**
+ * Provider types enum
+ */
+export const ProviderType = {
+    CLOUDCODE: 'cloudcode',
+    COPILOT: 'copilot',
+    OPENROUTER: 'openrouter',
+    ANTHROPIC: 'anthropic',
+    GITHUB: 'github',
+    CUSTOM: 'custom'
+};
+
+// Export provider classes for direct instantiation if needed
+export {
+    GoogleProvider,
+    AnthropicProvider,
+    OpenAIProvider,
+    GitHubProvider,
+    CopilotProvider,
+    OpenRouterProvider
+};
+
+export default {
+    // Legacy messaging provider functions
+    registerProvider,
+    getProvider,
+    listProviders,
+    getDefaultProvider,
+    // New authentication provider functions
+    getAuthProvider,
+    getProviderForAccount,
+    registerAuthProvider,
+    getAllAuthProviders,
+    hasAuthProvider,
+    // Provider classes
+    GoogleProvider,
+    AnthropicProvider,
+    OpenAIProvider,
+    GitHubProvider,
+    CopilotProvider,
+    OpenRouterProvider,
+    // Enums
+    ProviderType
+};