hedgequantx 2.5.23 → 2.5.24

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "hedgequantx",
-  "version": "2.5.23",
+  "version": "2.5.24",
   "description": "HedgeQuantX - Prop Futures Trading CLI",
   "main": "src/app.js",
   "bin": {

package/src/menus/ai-agent.js

@@ -11,6 +11,7 @@ const { prompts } = require('../utils');
 const aiService = require('../services/ai');
 const { getCategories, getProvidersByCategory } = require('../services/ai/providers');
 const tokenScanner = require('../services/ai/token-scanner');
+const oauthAnthropic = require('../services/ai/oauth-anthropic');
 
 /**
  * Main AI Agent menu
@@ -845,10 +846,135 @@ const getCredentialInstructions = (provider, option, field) => {
   return instructions[field] || { title: field.toUpperCase(), steps: [] };
 };
 
+/**
+ * Setup OAuth connection for Anthropic Claude Pro/Max
+ */
+const setupOAuthConnection = async (provider) => {
+  const boxWidth = getLogoWidth();
+  const W = boxWidth - 2;
+  
+  const makeLine = (content) => {
+    const plainLen = content.replace(/\x1b\[[0-9;]*m/g, '').length;
+    const padding = W - plainLen;
+    return chalk.cyan('║') + ' ' + content + ' '.repeat(Math.max(0, padding - 1)) + chalk.cyan('║');
+  };
+  
+  console.clear();
+  displayBanner();
+  drawBoxHeaderContinue('CLAUDE PRO/MAX LOGIN', boxWidth);
+  
+  console.log(makeLine(chalk.yellow('OAUTH AUTHENTICATION')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.white('1. A BROWSER WINDOW WILL OPEN')));
+  console.log(makeLine(chalk.white('2. LOGIN WITH YOUR CLAUDE ACCOUNT')));
+  console.log(makeLine(chalk.white('3. COPY THE AUTHORIZATION CODE')));
+  console.log(makeLine(chalk.white('4. PASTE IT HERE')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.gray('OPENING BROWSER IN 3 SECONDS...')));
+  
+  drawBoxFooter(boxWidth);
+  
+  // Generate OAuth URL
+  const { url, verifier } = oauthAnthropic.authorize('max');
+  
+  // Wait a moment then open browser
+  await new Promise(resolve => setTimeout(resolve, 3000));
+  openBrowser(url);
+  
+  // Redraw with code input
+  console.clear();
+  displayBanner();
+  drawBoxHeaderContinue('CLAUDE PRO/MAX LOGIN', boxWidth);
+  
+  console.log(makeLine(chalk.green('BROWSER OPENED')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.white('AFTER LOGGING IN, YOU WILL SEE A CODE')));
+  console.log(makeLine(chalk.white('COPY THE ENTIRE CODE AND PASTE IT BELOW')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.gray('THE CODE LOOKS LIKE: abc123...#xyz789...')));
+  console.log(makeLine(''));
+  console.log(makeLine(chalk.gray('TYPE < TO CANCEL')));
+  
+  drawBoxFooter(boxWidth);
+  console.log();
+  
+  const code = await prompts.textInput(chalk.cyan('PASTE AUTHORIZATION CODE:'));
+  
+  if (!code || code === '<') {
+    return await selectProviderOption(provider);
+  }
+  
+  // Exchange code for tokens
+  const spinner = ora({ text: 'EXCHANGING CODE FOR TOKENS...', color: 'cyan' }).start();
+  
+  const result = await oauthAnthropic.exchange(code.trim(), verifier);
+  
+  if (result.type === 'failed') {
+    spinner.fail(`AUTHENTICATION FAILED: ${result.error || 'Invalid code'}`);
+    await prompts.waitForEnter();
+    return await selectProviderOption(provider);
+  }
+  
+  spinner.text = 'FETCHING AVAILABLE MODELS...';
+  
+  // Store OAuth credentials
+  const credentials = {
+    oauth: {
+      access: result.access,
+      refresh: result.refresh,
+      expires: result.expires
+    }
+  };
+  
+  // Fetch models using OAuth token
+  const { fetchAnthropicModelsOAuth } = require('../services/ai/client');
+  const models = await fetchAnthropicModelsOAuth(result.access);
+  
+  if (!models || models.length === 0) {
+    // Use default models if API doesn't return list
+    spinner.warn('COULD NOT FETCH MODEL LIST, USING DEFAULTS');
+  } else {
+    spinner.succeed(`FOUND ${models.length} MODELS`);
+  }
+  
+  // Let user select model
+  const availableModels = models && models.length > 0 ? models : [
+    'claude-sonnet-4-20250514',
+    'claude-sonnet-4-5-20250514',
+    'claude-3-5-sonnet-20241022',
+    'claude-3-5-haiku-20241022',
+    'claude-3-opus-20240229'
+  ];
+  
+  const selectedModel = await selectModelFromList(availableModels, 'CLAUDE PRO/MAX');
+  if (!selectedModel) {
+    return await selectProviderOption(provider);
+  }
+  
+  // Add agent with OAuth credentials
+  try {
+    await aiService.addAgent('anthropic', 'oauth_max', credentials, selectedModel, 'Claude Pro/Max');
+    
+    console.log(chalk.green('\n  CONNECTED TO CLAUDE PRO/MAX'));
+    console.log(chalk.gray(`  MODEL: ${selectedModel}`));
+    console.log(chalk.gray('  UNLIMITED USAGE WITH YOUR SUBSCRIPTION'));
+  } catch (error) {
+    console.log(chalk.red(`\n  FAILED TO SAVE: ${error.message}`));
+  }
+  
+  await prompts.waitForEnter();
+  return await aiAgentMenu();
+};
+
 /**
  * Setup connection with credentials
  */
 const setupConnection = async (provider, option) => {
+  // Handle OAuth flow separately
+  if (option.authType === 'oauth') {
+    return await setupOAuthConnection(provider);
+  }
+  
   const boxWidth = getLogoWidth();
   const W = boxWidth - 2;
   

package/src/services/ai/client.js

@@ -105,8 +105,32 @@ const callOpenAICompatible = async (agent, prompt, systemPrompt) => {
   }
 };
 
+/**
+ * Get valid OAuth token (refresh if needed)
+ * @param {Object} credentials - Agent credentials with oauth data
+ * @returns {Promise<string|null>} Valid access token or null
+ */
+const getValidOAuthToken = async (credentials) => {
+  if (!credentials?.oauth) return null;
+  
+  const oauthAnthropic = require('./oauth-anthropic');
+  const validToken = await oauthAnthropic.getValidToken(credentials.oauth);
+  
+  if (!validToken) return null;
+  
+  // If token was refreshed, we should update storage (handled by caller)
+  if (validToken.refreshed) {
+    credentials.oauth.access = validToken.access;
+    credentials.oauth.refresh = validToken.refresh;
+    credentials.oauth.expires = validToken.expires;
+  }
+  
+  return validToken.access;
+};
+
 /**
  * Call Anthropic Claude API
+ * Supports both API key and OAuth authentication
  * @param {Object} agent - Agent configuration
  * @param {string} prompt - User prompt
  * @param {string} systemPrompt - System prompt
@@ -116,19 +140,31 @@ const callAnthropic = async (agent, prompt, systemPrompt) => {
   const provider = getProvider('anthropic');
   if (!provider) return null;
   
-  const apiKey = agent.credentials?.apiKey;
   const model = agent.model || provider.defaultModel;
-  
-  if (!apiKey) return null;
-  
   const url = `${provider.endpoint}/messages`;
   
-  const headers = {
+  // Determine authentication method
+  const isOAuth = agent.credentials?.oauth?.refresh;
+  let headers = {
     'Content-Type': 'application/json',
-    'x-api-key': apiKey,
     'anthropic-version': '2023-06-01'
   };
   
+  if (isOAuth) {
+    // OAuth Bearer token authentication
+    const accessToken = await getValidOAuthToken(agent.credentials);
+    if (!accessToken) return null;
+    
+    headers['Authorization'] = `Bearer ${accessToken}`;
+    headers['anthropic-beta'] = 'oauth-2025-04-20,interleaved-thinking-2025-05-14';
+  } else {
+    // Standard API key authentication
+    const apiKey = agent.credentials?.apiKey;
+    if (!apiKey) return null;
+    
+    headers['x-api-key'] = apiKey;
+  }
+  
   const body = {
     model,
     max_tokens: 500,
@@ -273,7 +309,7 @@ Analyze and provide recommendation.`;
 };
 
 /**
- * Fetch available models from Anthropic API
+ * Fetch available models from Anthropic API (API Key auth)
  * @param {string} apiKey - API key
  * @returns {Promise<Array|null>} Array of model IDs or null on error
  * 
@@ -300,6 +336,36 @@ const fetchAnthropicModels = async (apiKey) => {
   }
 };
 
+/**
+ * Fetch available models from Anthropic API (OAuth auth)
+ * @param {string} accessToken - OAuth access token
+ * @returns {Promise<Array|null>} Array of model IDs or null on error
+ * 
+ * Data source: https://api.anthropic.com/v1/models (GET with Bearer token)
+ */
+const fetchAnthropicModelsOAuth = async (accessToken) => {
+  if (!accessToken) return null;
+  
+  const url = 'https://api.anthropic.com/v1/models';
+  
+  const headers = {
+    'Authorization': `Bearer ${accessToken}`,
+    'anthropic-version': '2023-06-01',
+    'anthropic-beta': 'oauth-2025-04-20'
+  };
+  
+  try {
+    const response = await makeRequest(url, { method: 'GET', headers, timeout: 10000 });
+    if (response.data && Array.isArray(response.data)) {
+      return response.data.map(m => m.id).filter(Boolean);
+    }
+    return null;
+  } catch (error) {
+    // OAuth may not support /models endpoint, return null to use defaults
+    return null;
+  }
+};
+
 /**
  * Fetch available models from OpenAI-compatible API
  * @param {string} endpoint - API endpoint
@@ -339,5 +405,7 @@ module.exports = {
   callAnthropic,
   callGemini,
   fetchAnthropicModels,
-  fetchOpenAIModels
+  fetchAnthropicModelsOAuth,
+  fetchOpenAIModels,
+  getValidOAuthToken
 };

package/src/services/ai/oauth-anthropic.js

@@ -0,0 +1,265 @@
+/**
+ * Anthropic OAuth Authentication
+ * 
+ * Implements OAuth 2.0 with PKCE for Anthropic Claude Pro/Max plans.
+ * Based on the public OAuth flow used by OpenCode.
+ * 
+ * Data source: Anthropic OAuth API (https://console.anthropic.com/v1/oauth/token)
+ */
+
+const crypto = require('crypto');
+const https = require('https');
+
+// Public OAuth Client ID (same as OpenCode - registered with Anthropic)
+const CLIENT_ID = '9d1c250a-e61b-44d9-88ed-5944d1962f5e';
+const REDIRECT_URI = 'https://console.anthropic.com/oauth/code/callback';
+
+/**
+ * Generate PKCE code verifier and challenge
+ * @returns {Object} { verifier: string, challenge: string }
+ */
+const generatePKCE = () => {
+  // Generate a random 32-byte code verifier (base64url encoded)
+  const verifier = crypto.randomBytes(32)
+    .toString('base64')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=/g, '');
+  
+  // Generate SHA256 hash of verifier, then base64url encode it
+  const challenge = crypto.createHash('sha256')
+    .update(verifier)
+    .digest('base64')
+    .replace(/\+/g, '-')
+    .replace(/\//g, '_')
+    .replace(/=/g, '');
+  
+  return { verifier, challenge };
+};
+
+/**
+ * Generate OAuth authorization URL
+ * @param {'max' | 'console'} mode - 'max' for Claude Pro/Max, 'console' for API key creation
+ * @returns {Object} { url: string, verifier: string }
+ */
+const authorize = (mode = 'max') => {
+  const pkce = generatePKCE();
+  
+  const baseUrl = mode === 'max' 
+    ? 'https://claude.ai/oauth/authorize'
+    : 'https://console.anthropic.com/oauth/authorize';
+  
+  const url = new URL(baseUrl);
+  url.searchParams.set('code', 'true');
+  url.searchParams.set('client_id', CLIENT_ID);
+  url.searchParams.set('response_type', 'code');
+  url.searchParams.set('redirect_uri', REDIRECT_URI);
+  url.searchParams.set('scope', 'org:create_api_key user:profile user:inference');
+  url.searchParams.set('code_challenge', pkce.challenge);
+  url.searchParams.set('code_challenge_method', 'S256');
+  url.searchParams.set('state', pkce.verifier);
+  
+  return {
+    url: url.toString(),
+    verifier: pkce.verifier
+  };
+};
+
+/**
+ * Make HTTPS request
+ * @param {string} url - Full URL
+ * @param {Object} options - Request options
+ * @returns {Promise<Object>} Response JSON
+ */
+const makeRequest = (url, options) => {
+  return new Promise((resolve, reject) => {
+    const req = https.request(url, {
+      method: options.method || 'POST',
+      headers: options.headers || {}
+    }, (res) => {
+      let data = '';
+      res.on('data', chunk => data += chunk);
+      res.on('end', () => {
+        try {
+          const json = JSON.parse(data);
+          if (res.statusCode >= 200 && res.statusCode < 300) {
+            resolve(json);
+          } else {
+            reject(new Error(json.error?.message || `HTTP ${res.statusCode}: ${data}`));
+          }
+        } catch (e) {
+          reject(new Error(`Invalid JSON response: ${data.substring(0, 200)}`));
+        }
+      });
+    });
+    
+    req.on('error', reject);
+    
+    if (options.body) {
+      req.write(JSON.stringify(options.body));
+    }
+    req.end();
+  });
+};
+
+/**
+ * Exchange authorization code for tokens
+ * @param {string} code - Authorization code from callback (format: code#state)
+ * @param {string} verifier - PKCE code verifier
+ * @returns {Promise<Object>} { type: 'success', access: string, refresh: string, expires: number } or { type: 'failed' }
+ * 
+ * Data source: https://console.anthropic.com/v1/oauth/token (POST)
+ */
+const exchange = async (code, verifier) => {
+  try {
+    // Code format from callback: "authorization_code#state"
+    const splits = code.split('#');
+    const authCode = splits[0];
+    const state = splits[1] || '';
+    
+    const response = await makeRequest('https://console.anthropic.com/v1/oauth/token', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json'
+      },
+      body: {
+        code: authCode,
+        state: state,
+        grant_type: 'authorization_code',
+        client_id: CLIENT_ID,
+        redirect_uri: REDIRECT_URI,
+        code_verifier: verifier
+      }
+    });
+    
+    return {
+      type: 'success',
+      access: response.access_token,
+      refresh: response.refresh_token,
+      expires: Date.now() + (response.expires_in * 1000)
+    };
+  } catch (error) {
+    return {
+      type: 'failed',
+      error: error.message
+    };
+  }
+};
+
+/**
+ * Refresh access token using refresh token
+ * @param {string} refreshToken - The refresh token
+ * @returns {Promise<Object>} { type: 'success', access: string, refresh: string, expires: number } or { type: 'failed' }
+ * 
+ * Data source: https://console.anthropic.com/v1/oauth/token (POST)
+ */
+const refreshToken = async (refreshToken) => {
+  try {
+    const response = await makeRequest('https://console.anthropic.com/v1/oauth/token', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json'
+      },
+      body: {
+        grant_type: 'refresh_token',
+        refresh_token: refreshToken,
+        client_id: CLIENT_ID
+      }
+    });
+    
+    return {
+      type: 'success',
+      access: response.access_token,
+      refresh: response.refresh_token,
+      expires: Date.now() + (response.expires_in * 1000)
+    };
+  } catch (error) {
+    return {
+      type: 'failed',
+      error: error.message
+    };
+  }
+};
+
+/**
+ * Create an API key using OAuth token (for console mode)
+ * @param {string} accessToken - The access token
+ * @returns {Promise<Object>} { type: 'success', key: string } or { type: 'failed' }
+ * 
+ * Data source: https://api.anthropic.com/api/oauth/claude_cli/create_api_key (POST)
+ */
+const createApiKey = async (accessToken) => {
+  try {
+    const response = await makeRequest('https://api.anthropic.com/api/oauth/claude_cli/create_api_key', {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': `Bearer ${accessToken}`
+      }
+    });
+    
+    return {
+      type: 'success',
+      key: response.raw_key
+    };
+  } catch (error) {
+    return {
+      type: 'failed',
+      error: error.message
+    };
+  }
+};
+
+/**
+ * Get valid access token (refresh if expired)
+ * @param {Object} oauthData - OAuth data { access, refresh, expires }
+ * @returns {Promise<Object>} { access: string, refresh: string, expires: number, refreshed: boolean }
+ */
+const getValidToken = async (oauthData) => {
+  if (!oauthData || !oauthData.refresh) {
+    return null;
+  }
+  
+  // Check if token is expired or will expire in the next 5 minutes
+  const expirationBuffer = 5 * 60 * 1000; // 5 minutes
+  if (oauthData.expires && oauthData.expires > Date.now() + expirationBuffer) {
+    return {
+      ...oauthData,
+      refreshed: false
+    };
+  }
+  
+  // Token expired or about to expire, refresh it
+  const result = await refreshToken(oauthData.refresh);
+  if (result.type === 'success') {
+    return {
+      access: result.access,
+      refresh: result.refresh,
+      expires: result.expires,
+      refreshed: true
+    };
+  }
+  
+  return null;
+};
+
+/**
+ * Check if credentials are OAuth tokens
+ * @param {Object} credentials - Agent credentials
+ * @returns {boolean}
+ */
+const isOAuthCredentials = (credentials) => {
+  return credentials && credentials.oauth && credentials.oauth.refresh;
+};
+
+module.exports = {
+  CLIENT_ID,
+  REDIRECT_URI,
+  generatePKCE,
+  authorize,
+  exchange,
+  refreshToken,
+  createApiKey,
+  getValidToken,
+  isOAuthCredentials
+};

package/src/services/ai/providers/index.js

@@ -46,6 +46,16 @@ const PROVIDERS = {
     models: [], // Fetched from API at runtime
     defaultModel: null, // Will use first model from API
     options: [
+      {
+        id: 'oauth_max',
+        label: 'CLAUDE PRO/MAX (OAUTH)',
+        description: [
+          'Login with your Claude subscription',
+          'Unlimited usage with your plan'
+        ],
+        fields: ['oauth'],
+        authType: 'oauth'
+      },
       {
         id: 'api_key',
         label: 'API KEY (PAY-PER-USE)',