ethagent 3.3.4 → 4.0.0

package/src/app/hooks/useDoublePress.ts

@@ -1,46 +0,0 @@
-
-import { useCallback, useEffect, useRef } from 'react'
-
-export const DOUBLE_PRESS_TIMEOUT_MS = 1800
-
-export function useDoublePress(
-  setPending: (pending: boolean) => void,
-  onDoublePress: () => void,
-): () => void {
-  const lastPressRef = useRef<number>(0)
-  const timeoutRef = useRef<NodeJS.Timeout | undefined>(undefined)
-
-  const clearPendingTimeout = useCallback(() => {
-    if (timeoutRef.current) {
-      clearTimeout(timeoutRef.current)
-      timeoutRef.current = undefined
-    }
-  }, [])
-
-  useEffect(() => {
-    return () => {
-      clearPendingTimeout()
-    }
-  }, [clearPendingTimeout])
-
-  return useCallback(() => {
-    const now = Date.now()
-    const elapsed = now - lastPressRef.current
-    const isDouble = elapsed <= DOUBLE_PRESS_TIMEOUT_MS && timeoutRef.current !== undefined
-
-    if (isDouble) {
-      clearPendingTimeout()
-      setPending(false)
-      onDoublePress()
-    } else {
-      setPending(true)
-      clearPendingTimeout()
-      timeoutRef.current = setTimeout(() => {
-        setPending(false)
-        timeoutRef.current = undefined
-      }, DOUBLE_PRESS_TIMEOUT_MS)
-    }
-
-    lastPressRef.current = now
-  }, [setPending, onDoublePress, clearPendingTimeout])
-}

package/src/app/hooks/useExitOnCtrlC.ts

@@ -1,36 +0,0 @@
-import { useCallback, useMemo, useState } from 'react'
-import { useApp } from 'ink'
-import { useKeybinding } from '../keybindings/KeybindingProvider.js'
-import { useDoublePress } from './useDoublePress.js'
-
-export type ExitState = {
-  pending: boolean
-  keyName: 'ctrl+c' | null
-}
-
-type Options = {
-  isActive?: boolean
-  onInterrupt?: () => boolean
-  onExit?: () => void
-}
-
-export function useExitOnCtrlC({ isActive = true, onInterrupt, onExit }: Options = {}): ExitState {
-  const { exit } = useApp()
-  const [state, setState] = useState<ExitState>({ pending: false, keyName: null })
-
-  const exitFn = useMemo(() => onExit ?? exit, [onExit, exit])
-
-  const ctrlCDouble = useDoublePress(
-    pending => setState({ pending, keyName: 'ctrl+c' }),
-    exitFn,
-  )
-
-  const handleInterrupt = useCallback(() => {
-    if (onInterrupt?.()) return
-    ctrlCDouble()
-  }, [onInterrupt, ctrlCDouble])
-
-  useKeybinding('app:interrupt', handleInterrupt, { context: 'Global', isActive })
-
-  return state
-}

package/src/auth/openaiOAuth/credentials.ts

@@ -1,47 +0,0 @@
-import { getSecret, rmSecret, setSecret } from '../../storage/secrets.js'
-
-const ACCOUNT = 'openai-oauth'
-
-export type OpenAIOAuthCredentials = {
-  accessToken: string
-  refreshToken: string
-  idToken?: string
-  accountId?: string
-  expiresAt: number
-  lastRefreshAt: number
-}
-
-export async function getOpenAIOAuthCredentials(): Promise<OpenAIOAuthCredentials | null> {
-  const raw = await getSecret(ACCOUNT)
-  if (!raw) return null
-  try {
-    const parsed = JSON.parse(raw) as Partial<OpenAIOAuthCredentials>
-    if (typeof parsed.accessToken !== 'string' || !parsed.accessToken) return null
-    if (typeof parsed.refreshToken !== 'string' || !parsed.refreshToken) return null
-    if (typeof parsed.expiresAt !== 'number' || !Number.isFinite(parsed.expiresAt)) return null
-    if (typeof parsed.lastRefreshAt !== 'number' || !Number.isFinite(parsed.lastRefreshAt)) return null
-    return {
-      accessToken: parsed.accessToken,
-      refreshToken: parsed.refreshToken,
-      idToken: typeof parsed.idToken === 'string' ? parsed.idToken : undefined,
-      accountId: typeof parsed.accountId === 'string' ? parsed.accountId : undefined,
-      expiresAt: parsed.expiresAt,
-      lastRefreshAt: parsed.lastRefreshAt,
-    }
-  } catch {
-    return null
-  }
-}
-
-export async function setOpenAIOAuthCredentials(creds: OpenAIOAuthCredentials): Promise<void> {
-  await setSecret(ACCOUNT, JSON.stringify(creds))
-}
-
-export async function rmOpenAIOAuthCredentials(): Promise<void> {
-  await rmSecret(ACCOUNT)
-}
-
-export async function hasOpenAIOAuthCredentials(): Promise<boolean> {
-  const creds = await getOpenAIOAuthCredentials()
-  return creds !== null
-}

package/src/auth/openaiOAuth/crypto.ts

@@ -1,23 +0,0 @@
-import { randomBytes, webcrypto } from 'node:crypto'
-
-function base64UrlEncode(buffer: Buffer): string {
-  return buffer
-    .toString('base64')
-    .replace(/\+/g, '-')
-    .replace(/\//g, '_')
-    .replace(/=/g, '')
-}
-
-export function generateCodeVerifier(): string {
-  return base64UrlEncode(randomBytes(32))
-}
-
-export async function generateCodeChallenge(verifier: string): Promise<string> {
-  const encoded = new TextEncoder().encode(verifier)
-  const digest = await webcrypto.subtle.digest('SHA-256', encoded)
-  return base64UrlEncode(Buffer.from(digest))
-}
-
-export function generateState(): string {
-  return base64UrlEncode(randomBytes(32))
-}

package/src/auth/openaiOAuth/index.ts

@@ -1,238 +0,0 @@
-import { AuthCodeListener } from './listener.js'
-import { generateCodeChallenge, generateCodeVerifier, generateState } from './crypto.js'
-import {
-  OPENAI_OAUTH_CALLBACK_PORT,
-  OPENAI_OAUTH_CLIENT_ID,
-  OPENAI_OAUTH_ISSUER,
-  OPENAI_OAUTH_ORIGINATOR,
-  OPENAI_OAUTH_SCOPE,
-  OPENAI_OAUTH_TOKEN_URL,
-  asTrimmedString,
-  exchangeIdTokenForApiKey,
-  parseChatgptAccountId,
-} from './shared.js'
-import { setOpenAIOAuthCredentials } from './credentials.js'
-import { renderOAuthLandingPage } from './landingPage.js'
-
-type OpenAIOAuthTokenResponse = {
-  id_token?: string
-  access_token?: string
-  refresh_token?: string
-  expires_in?: number
-}
-
-export type OpenAIOAuthResult =
-  | { kind: 'apikey'; apiKey: string; accountId?: string }
-  | { kind: 'oauth-only'; accountId?: string; reason?: string }
-
-export type OpenAIOAuthOnReady = (authUrl: string) => void | Promise<void>
-
-function buildAuthorizeUrl(args: { port: number; codeChallenge: string; state: string }): string {
-  const redirectUri = `http://localhost:${args.port}/auth/callback`
-  const params: Array<[string, string]> = [
-    ['response_type', 'code'],
-    ['client_id', OPENAI_OAUTH_CLIENT_ID],
-    ['redirect_uri', redirectUri],
-    ['scope', OPENAI_OAUTH_SCOPE],
-    ['code_challenge', args.codeChallenge],
-    ['code_challenge_method', 'S256'],
-    ['id_token_add_organizations', 'true'],
-    ['codex_cli_simplified_flow', 'true'],
-    ['state', args.state],
-    ['originator', OPENAI_OAUTH_ORIGINATOR],
-  ]
-  const qs = params
-    .map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(v)}`)
-    .join('&')
-  return `${OPENAI_OAUTH_ISSUER}/oauth/authorize?${qs}`
-}
-
-function renderSuccessPage(): string {
-  return renderOAuthLandingPage({
-    tone: 'success',
-    pageTitle: 'OpenAI Sign-in Complete',
-    headline: 'OpenAI sign-in complete',
-    message: 'You can return to your terminal.',
-  })
-}
-
-function renderErrorPage(reason: string): string {
-  return renderOAuthLandingPage({
-    tone: 'error',
-    pageTitle: 'OpenAI Sign-in Failed',
-    headline: 'OpenAI sign-in failed',
-    message: reason,
-  })
-}
-
-function renderCancelledPage(): string {
-  return renderOAuthLandingPage({
-    tone: 'cancelled',
-    pageTitle: 'OpenAI Sign-in Cancelled',
-    headline: 'OpenAI sign-in cancelled',
-    message: 'You can return to your terminal.',
-  })
-}
-
-async function exchangeAuthorizationCode(args: {
-  authorizationCode: string
-  codeVerifier: string
-  port: number
-  signal: AbortSignal
-}): Promise<OpenAIOAuthResult> {
-  const redirectUri = `http://localhost:${args.port}/auth/callback`
-  const body = new URLSearchParams({
-    grant_type: 'authorization_code',
-    code: args.authorizationCode,
-    redirect_uri: redirectUri,
-    client_id: OPENAI_OAUTH_CLIENT_ID,
-    code_verifier: args.codeVerifier,
-  })
-
-  const response = await fetch(OPENAI_OAUTH_TOKEN_URL, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-    body,
-    signal: AbortSignal.any([args.signal, AbortSignal.timeout(15_000)]),
-  })
-
-  if (!response.ok) {
-    const errorText = await response.text().catch(() => '')
-    throw new Error(
-      errorText.trim()
-        ? `OpenAI OAuth token exchange failed (${response.status}): ${errorText.trim()}`
-        : `OpenAI OAuth token exchange failed with status ${response.status}.`,
-    )
-  }
-
-  const payload = (await response.json()) as OpenAIOAuthTokenResponse
-  const accessToken = asTrimmedString(payload.access_token)
-  const refreshToken = asTrimmedString(payload.refresh_token)
-  const idToken = asTrimmedString(payload.id_token)
-  if (!accessToken || !refreshToken) {
-    throw new Error('OpenAI OAuth completed, but the response was missing access_token or refresh_token.')
-  }
-
-  const accountId = parseChatgptAccountId(idToken) ?? parseChatgptAccountId(accessToken)
-  const expiresIn = typeof payload.expires_in === 'number' && payload.expires_in > 0
-    ? payload.expires_in
-    : 3600
-  const now = Date.now()
-  await setOpenAIOAuthCredentials({
-    accessToken,
-    refreshToken,
-    idToken,
-    accountId,
-    expiresAt: now + expiresIn * 1000,
-    lastRefreshAt: now,
-  })
-
-  if (!idToken) {
-    return { kind: 'oauth-only', accountId, reason: 'no id_token returned' }
-  }
-
-  try {
-    const apiKey = await exchangeIdTokenForApiKey(idToken)
-    if (typeof apiKey !== 'string' || apiKey.length === 0) {
-      return { kind: 'oauth-only', accountId, reason: 'API key exchange returned an empty token' }
-    }
-    return { kind: 'apikey', apiKey, accountId }
-  } catch (err) {
-    const reason = err instanceof Error ? err.message : String(err)
-    return { kind: 'oauth-only', accountId, reason }
-  }
-}
-
-export class OpenAIOAuthService {
-  private listener: AuthCodeListener | null = null
-  private exchangeAbort: AbortController | null = null
-
-  async start(onReady: OpenAIOAuthOnReady): Promise<OpenAIOAuthResult> {
-    const codeVerifier = generateCodeVerifier()
-    const listener = new AuthCodeListener('/auth/callback')
-    this.listener = listener
-
-    let port: number
-    try {
-      port = await listener.start(OPENAI_OAUTH_CALLBACK_PORT)
-    } catch (err) {
-      const message = err instanceof Error ? err.message : String(err)
-      if (message.includes('EADDRINUSE') || message.includes(String(OPENAI_OAUTH_CALLBACK_PORT))) {
-        listener.close()
-        this.listener = null
-        throw new Error(
-          `OpenAI sign-in needs localhost:${OPENAI_OAUTH_CALLBACK_PORT} for its callback. Close any app already using that port and try again.`,
-        )
-      }
-      listener.close()
-      this.listener = null
-      throw err
-    }
-
-    const state = generateState()
-    const codeChallenge = await generateCodeChallenge(codeVerifier)
-    const authUrl = buildAuthorizeUrl({ port, codeChallenge, state })
-
-    try {
-      const authorizationCode = await listener.waitForAuthorization(state, async () => {
-        await onReady(authUrl)
-      })
-
-      const abort = new AbortController()
-      this.exchangeAbort = abort
-      let result: OpenAIOAuthResult
-      try {
-        result = await exchangeAuthorizationCode({
-          authorizationCode,
-          codeVerifier,
-          port,
-          signal: abort.signal,
-        })
-      } finally {
-        if (this.exchangeAbort === abort) this.exchangeAbort = null
-      }
-
-      if (this.listener !== listener) {
-        throw new Error('OpenAI sign-in was cancelled.')
-      }
-
-      listener.handleSuccessRedirect([], res => {
-        res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' })
-        res.end(renderSuccessPage())
-      })
-
-      return result
-    } catch (error) {
-      const resolved = this.listener === listener
-        ? error
-        : new Error('OpenAI sign-in was cancelled.')
-
-      if (listener.hasPendingResponse()) {
-        const isCancellation = resolved instanceof Error && resolved.message === 'OpenAI sign-in was cancelled.'
-        listener.handleErrorRedirect(res => {
-          res.writeHead(isCancellation ? 200 : 400, { 'Content-Type': 'text/html; charset=utf-8' })
-          res.end(isCancellation ? renderCancelledPage() : renderErrorPage(
-            resolved instanceof Error ? resolved.message : String(resolved),
-          ))
-        })
-      }
-      throw resolved
-    } finally {
-      this.cleanup()
-    }
-  }
-
-  cleanup(): void {
-    const cancellationError = new Error('OpenAI sign-in was cancelled.')
-    this.exchangeAbort?.abort(cancellationError)
-    this.exchangeAbort = null
-    if (this.listener?.hasPendingResponse()) {
-      this.listener.handleErrorRedirect(res => {
-        res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' })
-        res.end(renderCancelledPage())
-      })
-    }
-    this.listener?.cancelPendingAuthorization(cancellationError)
-    this.listener = null
-  }
-}

package/src/auth/openaiOAuth/landingPage.ts

@@ -1,116 +0,0 @@
-import { readFileSync } from 'node:fs'
-import { transformSync } from 'esbuild'
-import { WALLET_CSS } from '../../identity/wallet/page/styles/index.js'
-import { glyphs } from '../../identity/wallet/page/html.js'
-import { walletPageSourceFile } from '../../identity/wallet/browserWallet/walletPageSource.js'
-import { escapeHtml } from './shared.js'
-
-export type LandingTone = 'success' | 'error' | 'cancelled'
-
-const GRAINIENT_SOURCE_FILE = walletPageSourceFile('page/grainient.ts')
-
-const COMPILED_GRAINIENT = compileGrainientModule()
-
-const GRAINIENT_OPTIONS = {
-  color1: '#000422',
-  color2: '#d8dcfa',
-  color3: '#000422',
-  timeSpeed: 0.25,
-  colorBalance: 0,
-  warpStrength: 1,
-  warpFrequency: 5,
-  warpSpeed: 2,
-  warpAmplitude: 10,
-  blendAngle: 0,
-  blendSoftness: 0.05,
-  rotationAmount: 500,
-  noiseScale: 2,
-  grainAmount: 0.1,
-  grainScale: 2,
-  grainAnimated: false,
-  contrast: 1.5,
-  gamma: 1,
-  saturation: 1,
-  centerX: 0,
-  centerY: 0,
-  zoom: 0.9,
-}
-
-const CHECK_SVG = '<svg width="13" height="13" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"><polyline points="20 6 9 17 4 12"></polyline></svg>'
-
-const LANDING_EXTRA_CSS = `
-main[data-flow="signin"] .body > .status { margin-top: 9px; }
-main[data-tone="error"] .status .marker {
-  color: var(--c-danger);
-  border-color: color-mix(in srgb, var(--c-danger) 45%, transparent);
-}
-`
-
-function markerHtml(tone: LandingTone): string {
-  if (tone === 'success') return CHECK_SVG
-  if (tone === 'error') return '<span aria-hidden="true">!</span>'
-  return '<span aria-hidden="true">–</span>'
-}
-
-export function renderOAuthLandingPage(args: {
-  tone: LandingTone
-  pageTitle: string
-  headline: string
-  message: string
-}): string {
-  const title = escapeHtml(args.pageTitle)
-  const headline = escapeHtml(args.headline)
-  const message = escapeHtml(args.message)
-  const splash = escapeHtml(glyphs.eyes)
-  const optionsJson = JSON.stringify(GRAINIENT_OPTIONS).replaceAll('<', '\\u003c')
-  const safeScript = COMPILED_GRAINIENT.replaceAll('</', '<\\/')
-  const marker = markerHtml(args.tone)
-
-  return `<!doctype html>
-<html lang="en">
-<head>
-  <meta charset="utf-8" />
-  <meta name="viewport" content="width=device-width, initial-scale=1" />
-  <title>${title}</title>
-  <style>${WALLET_CSS}
-${LANDING_EXTRA_CSS}</style>
-</head>
-<body>
-  <canvas id="grainient" class="grainient-canvas" aria-hidden="true"></canvas>
-  <main id="card" data-flow="signin" data-tone="${args.tone}">
-    <div class="chrome">
-      <span class="chrome-spacer"></span>
-      <span class="chrome-title">ethagent</span>
-      <span class="chrome-actions"></span>
-    </div>
-    <div class="body">
-      <div class="splash-wrap"><pre class="splash">${splash}</pre></div>
-      <h2 class="flow-title">${headline}</h2>
-      <div class="status">
-        <p class="status-line">
-          <span class="marker">${marker}</span>
-          <span>${message}</span>
-        </p>
-        <p class="status-hint">You may close this tab now.</p>
-      </div>
-    </div>
-  </main>
-  <script>
-${safeScript}
-;(function () {
-  var canvas = document.getElementById('grainient');
-  if (canvas) startGrainient(canvas, ${optionsJson});
-})();
-  </script>
-</body>
-</html>`
-}
-
-function compileGrainientModule(): string {
-  const source = readFileSync(GRAINIENT_SOURCE_FILE, 'utf8')
-  const stripped = source
-    .split(/\r?\n/)
-    .map(line => line.replace(/^export\s+(?=(function|const|let|interface|type|class)\b)/, ''))
-    .join('\n')
-  return transformSync(stripped, { loader: 'ts', target: 'es2020' }).code
-}

package/src/auth/openaiOAuth/listener.ts

@@ -1,151 +0,0 @@
-import { createServer, type IncomingMessage, type Server, type ServerResponse } from 'node:http'
-import type { AddressInfo } from 'node:net'
-
-export class AuthCodeListener {
-  private localServer: Server
-  private port = 0
-  private promiseResolver: ((authorizationCode: string) => void) | null = null
-  private promiseRejecter: ((error: Error) => void) | null = null
-  private expectedState: string | null = null
-  private pendingResponse: ServerResponse | null = null
-  private readonly callbackPath: string
-
-  constructor(callbackPath = '/auth/callback') {
-    this.localServer = createServer()
-    this.callbackPath = callbackPath
-  }
-
-  async start(port?: number): Promise<number> {
-    return new Promise((resolve, reject) => {
-      const onError = (err: Error): void => {
-        reject(new Error(`Failed to start OAuth callback server: ${err.message}`))
-      }
-      this.localServer.once('error', onError)
-      this.localServer.listen(port ?? 0, 'localhost', () => {
-        this.localServer.removeListener('error', onError)
-        const address = this.localServer.address() as AddressInfo
-        this.port = address.port
-        resolve(this.port)
-      })
-    })
-  }
-
-  getPort(): number {
-    return this.port
-  }
-
-  hasPendingResponse(): boolean {
-    return this.pendingResponse !== null
-  }
-
-  async waitForAuthorization(
-    state: string,
-    onReady: () => Promise<void> | void,
-  ): Promise<string> {
-    return new Promise<string>((resolve, reject) => {
-      this.promiseResolver = resolve
-      this.promiseRejecter = reject
-      this.expectedState = state
-      this.localServer.on('request', this.handleRedirect.bind(this))
-      this.localServer.on('error', err => this.cancelPendingAuthorization(err))
-      void Promise.resolve(onReady()).catch(err => this.cancelPendingAuthorization(err as Error))
-    })
-  }
-
-  handleSuccessRedirect(
-    _scopes: string[],
-    customHandler?: (res: ServerResponse) => void,
-  ): void {
-    if (!this.pendingResponse) return
-    const response = this.pendingResponse
-    try {
-      if (customHandler) customHandler(response)
-      else {
-        response.writeHead(200, { 'Content-Type': 'text/plain; charset=utf-8' })
-        response.end('OpenAI sign-in complete. You can close this tab.')
-      }
-      if (!response.writableEnded && !response.destroyed) response.end()
-    } finally {
-      this.pendingResponse = null
-    }
-  }
-
-  handleErrorRedirect(customHandler?: (res: ServerResponse) => void): void {
-    if (!this.pendingResponse) return
-    const response = this.pendingResponse
-    try {
-      if (customHandler) customHandler(response)
-      else {
-        response.writeHead(400, { 'Content-Type': 'text/plain; charset=utf-8' })
-        response.end('OpenAI sign-in failed. You can close this tab.')
-      }
-      if (!response.writableEnded && !response.destroyed) response.end()
-    } finally {
-      this.pendingResponse = null
-    }
-  }
-
-  cancelPendingAuthorization(error: Error = new Error('OAuth authorization was cancelled.')): void {
-    this.reject(error)
-    this.close()
-  }
-
-  private handleRedirect(req: IncomingMessage, res: ServerResponse): void {
-    const parsedUrl = new URL(req.url || '', `http://${req.headers.host || 'localhost'}`)
-    if (parsedUrl.pathname !== this.callbackPath) {
-      res.writeHead(404)
-      res.end()
-      return
-    }
-    const authCode = parsedUrl.searchParams.get('code') ?? undefined
-    const state = parsedUrl.searchParams.get('state') ?? undefined
-    this.validateAndRespond(authCode, state, res)
-  }
-
-  private validateAndRespond(
-    authCode: string | undefined,
-    state: string | undefined,
-    res: ServerResponse,
-  ): void {
-    if (!authCode) {
-      res.writeHead(400)
-      res.end('Authorization code not found')
-      this.reject(new Error('No authorization code received'))
-      return
-    }
-    if (state !== this.expectedState) {
-      res.writeHead(400)
-      res.end('Invalid state parameter')
-      this.reject(new Error('Invalid state parameter'))
-      return
-    }
-    this.pendingResponse = res
-    this.resolve(authCode)
-  }
-
-  private resolve(authorizationCode: string): void {
-    if (this.promiseResolver) {
-      this.promiseResolver(authorizationCode)
-      this.promiseResolver = null
-      this.promiseRejecter = null
-      this.expectedState = null
-    }
-  }
-
-  private reject(error: Error): void {
-    if (this.promiseRejecter) {
-      this.promiseRejecter(error)
-      this.promiseResolver = null
-      this.promiseRejecter = null
-      this.expectedState = null
-    }
-  }
-
-  close(): void {
-    if (this.pendingResponse) this.handleErrorRedirect()
-    this.localServer.removeAllListeners()
-    this.localServer.close()
-    this.expectedState = null
-    this.port = 0
-  }
-}